Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ibaAnalyzerSetup_x64_v7.3.6.exe

Overview

General Information

Sample Name:ibaAnalyzerSetup_x64_v7.3.6.exe
Analysis ID:632527
MD5:c1ae350f67039cbe69f10df9b8001371
SHA1:6362ba848a6027939c642d4b405994ca5a96272c
SHA256:fbf6ebb863e6ee15a9fbe144116fc568d929cdb560ad1380a45c71f761946cd1
Infos:

Detection

Score:24
Range:0 - 100
Whitelisted:false
Confidence:40%

Compliance

Score:34
Range:0 - 100

Signatures

Found evasive API chain (may stop execution after checking mutex)
Tries to detect virtualization through RDTSC time measurements
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to launch a process as a different user
Contains functionality to get notified if a device is plugged in / out
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to enumerate running services
Contains functionality to dynamically determine API calls
Contains functionality to read the clipboard data
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Found inlined nop instructions (likely shell or obfuscated code)
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Binary contains a suspicious time stamp
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to delete services
Contains functionality for read data from the clipboard

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample may be VM or Sandbox-aware, try analysis on a native machine
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64
  • ibaAnalyzerSetup_x64_v7.3.6.exe (PID: 7052 cmdline: "C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" MD5: C1AE350F67039CBE69F10DF9B8001371)
    • regsvr32.exe (PID: 3544 cmdline: C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaHDOfflineActiveX.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)
      • regsvr32.exe (PID: 4904 cmdline: /s "C:\Program Files\iba\ibaAnalyzer\ibaHDOfflineActiveX.ocx" MD5: D78B75FC68247E8A63ACBA846182740E)
    • regsvr32.exe (PID: 5848 cmdline: C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)
      • regsvr32.exe (PID: 6048 cmdline: /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx" MD5: D78B75FC68247E8A63ACBA846182740E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: 0.2.ibaAnalyzerSetup_x64_v7.3.6.exe.411c52.1.unpackAvira: Label: TR/Patched.Ren.Gen
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDLL: USP10.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDLL: mpiwin32.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDLL: SHFOLDER.DLLJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDLL: RichEd20.DLLJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDLL: msls31.dllJump to behavior

Compliance

barindex
Uses 32bit PE files
Source: ibaAnalyzerSetup_x64_v7.3.6.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDLL: USP10.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDLL: mpiwin32.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDLL: SHFOLDER.DLLJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDLL: RichEd20.DLLJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDLL: msls31.dllJump to behavior
Found installer window with terms and condition text
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeWindow detected: < &BackI &AgreeCanceliba AG iba AGLicense AgreementPlease review the license terms before installing ibaAnalyzer v7.3.6 (x64).Press Page Down to see the rest of the agreement.LICENSE AGREEMENT for ibaAnalyzer (hereinafter referred to as SOFTWARE)Copyright iba AG. All Rights Reserved.YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE. IF YOU DO NOT AGREE DO NOT INSTALL COPY OR USE THE SOFTWARE 1. GRANT OF LICENSE. iba AG grants the customer a non-transferable non-exclusive right to use the SOFTWARE under the provisions of this LICENSE AGREEMENT.(1) LICENSE PROTECTIONThe SOFTWARE provided contains technical features intended to prevent unlicensed use. (a) Cost free license for standard functions iba AG grants a cost free license for use of the standard features of the product if a genuine iba file format is opened. Each time such a genuine file is opened a cost free single use license for this program is intrinsically granted. Genuine in this context means that the measurement file has been produced with a correctly licensed iba SOFTWARE which can be ibaPDA ibaLogic ibaAnalyzer ibaDatCoordinator or ibaFiles. (b) Purchased license for special functions Use of special functions in the SOFTWARE requires a purchased license. The use of these functions is allowed only if the purchased license dongle (USB hardware key) carries the associated license information. The license dongle must be plugged into a port on the PC suitable for the purpose and may not be removed while the functions requiring the license are being used. The license is issued to the end user name specified in the order and is not transferrable. The license may also be managed by a license server for multiple users within the same organization. (2) ACTIONS EXCLUDED FROM THE LICENSE(a) You may not amend modify or edit the SOFTWARE. The modification or removal of trademarks copyrights and other IP protection notices is expressively forbidden. (b) You may not reverse engineer decompile or disassemble the SOFTWARE except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.(c) You may not reproduce the SOFTWARE for the purpose of passing it to third parties.(3) NON TRANSFERABILITYThe license is not transferable. The customer only has the right to transfer the rights of use of the SOFTWARE to a third party if the license has already been issued in the name of this third party or has been changed to this name by iba AG.(4) GENUINE iba FILE FORMATThe genuine iba file formats in its different versions are intellectual property of iba AG. Any file generated by a third party product with a similar or different format requires the purchase of a proper license from iba AG. Unlicensed generation of the genuine iba file format is illegal and subject to legal action. iba AG reserves the right to modify the genuine file formats at any time without notice.2. DESCRIPTION OF OTH
Creates license or readme file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\License_Agreement_ibaAnalyzer.pdfJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\License_Agreement_ibaAnalyzer.pdfJump to behavior
Creates a directory in C:\Program Files
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\ibaJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzerJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzer.exeJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\SciLexer.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\versions.htmJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\License_Agreement_ibaAnalyzer.pdfJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\support.htmJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractor.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractorMC.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\reg_dataextractorMC.batJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\reg_dataextractor.batJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\mkl64_parallel.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\libiomp5md.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\msvcp100.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Data.v16.1.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Printing.v16.1.Core.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Sparkline.v16.1.Core.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Utils.v16.1.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraEditors.v16.1.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraGrid.v16.1.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraPrinting.v16.1.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DotNetMagic2005.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\hdClientInterfaces.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\hdCommon.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaUser.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaUser.Forms.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaHdViewUtilities.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaLogger.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ICSharpCode.SharpZipLib.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaViewInterfaces.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaViewUtilities.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaPdaServerInterfaces.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaExpressions.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaPdaPluginInterface.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\OverlayWindow.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\PowerCollections.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\View.ibaEventTable.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\View.ibaGraphManager.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaHDOffline.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaHdOfflineActiveX.ocxJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\hdClient.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\hdCore.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaRunTime64.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\deJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\hdClient.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\ibaHDOffline.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\hdCommon.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.Forms.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\ibaViewUtilities.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaEventTable.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaGraphManager.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\ibaShared.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\ibaSharedGui.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaFFT.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaOrbit.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\View.GeoView.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\ibaAnalyzerViewHostViewWrapper.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaAnalyzerViewHostGraphManager.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\frJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\hdClient.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaHDOffline.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\hdCommon.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.Forms.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaViewUtilities.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaEventTable.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaGraphManager.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaShared.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaSharedGui.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaFFT.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaOrbit.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\View.GeoView.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaAnalyzerViewHostViewWrapper.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaAnalyzerViewHostGraphManager.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHost.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostViewWrapper.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocxJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaShared.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaSharedGui.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaManagedFFT.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaThreadSafeNativeFFT.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\GMap.NET.Core.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\GMap.NET.WindowsForms.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\System.Data.SQLite.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\SQLite.Interop.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\PluginsJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaFFT.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaOrbit.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaGraphManager.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaAnalyzerViewHostGraphManager.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.GeoView.dllJump to behavior
PE / OLE file has a valid certificate
Source: ibaAnalyzerSetup_x64_v7.3.6.exeStatic PE information: certificate valid
Binary contains paths to debug symbols
Source: Binary string: D:\proj\ibafft\ibaNativeFFTWrapper\bin\x64\Release\ibaThreadSafeNativeFFT.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaThreadSafeNativeFFT.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\bin\x64\Release\ibaAnalyzer.pdb source: ibaAnalyzer.exe.0.dr
Source: Binary string: F:\LL\LL.Export_20\combit.ListLabel.Export.x64\bin\Release\v4.0\AnyCPU\DllExporter\combit.ListLabel20.Export.x64.pdbBSJB source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcr100.amd64.pdb source: msvcr100.dll.0.dr
Source: Binary string: C:\Users\mistachkin\Documents\checkouts\sqlite\dotnet\bin\2017\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.Core\obj\Release\net40\GMap.NET.Core.pdbSHA256 source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHost\obj\Release\ibaAnalyzerViewHost.pdb source: ibaAnalyzerViewHost.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostMaps\obj\Release\View.GeoView.pdbV7 source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmp, View.GeoView.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostMaps\obj\Release\View.GeoView.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmp, View.GeoView.dll.0.dr
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.WindowsForms\obj\Release\net40\GMap.NET.WindowsForms.pdbSHA256 source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaHDOffline\ibaHDOfflineActiveX\bin\x64\Release\ibaHDOfflineActiveX.pdb source: regsvr32.exe, 0000000F.00000002.664864019.00000000029A1000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: V:\_Project\scintilla410\scintilla\win32\x64\Release\SciLexer.pdb source: SciLexer.dll.0.dr
Source: Binary string: D:\proj\ibaFFT\ibaManagedFFT\obj\Release\ibaManagedFFT.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaManagedFFT.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostActiveX\bin\x64\Release\ibaAnalyzerViewHostActiveX.pdb source: regsvr32.exe, 00000016.00000002.720287948.0000000002726000.00000002.00000001.01000000.00000012.sdmp, regsvr32.exe, 00000016.00000002.722962885.00007FFA66866000.00000002.00000001.01000000.00000012.sdmp, ibaAnalyzerViewHostActiveX.ocx.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\bin\x64\Release\ibaAnalyzer.pdbf source: ibaAnalyzer.exe.0.dr
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.Core\obj\Release\net40\GMap.NET.Core.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr
Source: Binary string: c:\dev\sqlite\dotnet\obj\2010\System.Data.SQLite.2010\Release\System.Data.SQLite.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.WindowsForms\obj\Release\net40\GMap.NET.WindowsForms.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\projects\sharpziplib\src\ICSharpCode.SharpZipLib\obj\Release\net45\ICSharpCode.SharpZipLib.pdbSHA256 source: regsvr32.exe, 0000000F.00000002.665830211.000000001B5A2000.00000002.00000001.01000000.00000011.sdmp, regsvr32.exe, 00000016.00000002.720664341.00000000027E2000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostActiveX\bin\x64\Release\ibaAnalyzerViewHostActiveX.pdbBB' source: regsvr32.exe, 00000016.00000002.720287948.0000000002726000.00000002.00000001.01000000.00000012.sdmp, regsvr32.exe, 00000016.00000002.722962885.00007FFA66866000.00000002.00000001.01000000.00000012.sdmp, ibaAnalyzerViewHostActiveX.ocx.0.dr
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaGraphManager\obj\Release\View.ibaGraphManager.pdb source: View.ibaGraphManager.dll.0.dr
Source: Binary string: c:\Projects\16.1\BuildLabel\Temp\NetStudio.v16.1.2005\Win\DevExpress.XtraCharts\DevExpress.Sparkline.Core\obj\Release\DevExpress.Sparkline.v16.1.Core.pdb source: DevExpress.Sparkline.v16.1.Core.dll.0.dr
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaViewInterfaces\obj\Release\ibaViewInterfaces.pdb source: ibaViewInterfaces.dll.0.dr
Source: Binary string: C:\Proj\ibaPDA_7.3.x\Installer\nsSCMEx\Release\nsSCMEx.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\projects\sharpziplib\src\ICSharpCode.SharpZipLib\obj\Release\net45\ICSharpCode.SharpZipLib.pdb source: regsvr32.exe, 0000000F.00000002.665830211.000000001B5A2000.00000002.00000001.01000000.00000011.sdmp, regsvr32.exe, 00000016.00000002.720664341.00000000027E2000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaHDOffline\ibaHDOfflineActiveX\bin\x64\Release\ibaHDOfflineActiveX.pdb::' source: regsvr32.exe, 0000000F.00000002.664864019.00000000029A1000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaOnlineFFT\obj\Release\View.ibaFFT.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: F:\LL\LL.Export_20\combit.ListLabel.Export.x64\bin\Release\v4.0\AnyCPU\DllExporter\combit.ListLabel20.Export.x64.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaSharedGui\obj\Release\ibaSharedGui.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\proj\ibaFFT\ibaManagedFFT\obj\Release\ibaManagedFFT.pdb, source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaManagedFFT.dll.0.dr
Source: Binary string: D:\proj\ibafft\ibaNativeFFTWrapper\bin\x64\Release\ibaThreadSafeNativeFFT.pdb!! source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaThreadSafeNativeFFT.dll.0.dr
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032ABFD0 WaitForInputIdle,GetCurrentProcess,GetCurrentProcess,WaitForInputIdle,FindWindowA,GetWindowThreadProcessId,PostThreadMessageA,RegisterClassExA,GetModuleHandleA,GetProcAddress,ShowWindow,RegisterDeviceNotificationA,PeekMessageA,DispatchMessageA,Sleep,GetLastError,FormatMessageA,UnregisterDeviceNotification,GetModuleHandleA,GetProcAddress,UnregisterClassA,0_2_032ABFD0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,SHELL32_IconCache_DoneExtractingIcons,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032D1866 FindFirstFileExW,0_2_032D1866
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then movsxd rcx, qword ptr [r12+10h]15_2_1B258BA0
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov rax, rcx15_2_1B237B80
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h15_2_1B26AA2C
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h15_2_1B26AAD1
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h15_2_1B26A96C
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h15_2_1B26A9AC
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h15_2_1B26A9E4
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h15_2_1B26A83E
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h15_2_1B26A8FE
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h15_2_1B26A8D9
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then lea rbx, qword ptr [rsp+70h]15_2_1B262FF0
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov rax, qword ptr [rdx]15_2_1B232C00
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then movzx eax, byte ptr [rdx]15_2_1B242310
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then cmp r9, qword ptr [rax+18h]15_2_1B238340
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then movzx eax, byte ptr [rcx+rdx]15_2_1B2622B0
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov eax, r10d15_2_1B26B1C0
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov rcx, rax15_2_1B2370B0
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h15_2_1B26A73D
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then cmp dword ptr [rsp+rax*4+28h], edi15_2_1B2697B0
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then cmp dword ptr [rsp+rcx*4+28h], ebx15_2_1B2697B0
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov edx, dword ptr [rsp+r8*4+28h]15_2_1B2697B0
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then cmp rcx, r815_2_1B2697B0
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h15_2_1B26A798
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h15_2_1B26A608
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then movsxd rbx, qword ptr [r14+10h]15_2_1B2586A0
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h15_2_1B26A699
Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h15_2_1B26A510
Source: support.htm.0.drString found in binary or memory: </p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://twitter.com/ibaagcom"><i class="fab fa-twitter-square"></i></a></div><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/iba-ag/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.xing.com/companies/ibaag-messtechnik-undautomatisierungssysteme"><i class="fab fa-xing"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/ibaagcom/"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div id="c1653" class="frame frame-default frame-type-text frame-layout-0 frame-background-none frame-no-backgroundimage frame-space-before-none frame-space-after-none"><div class="frame-container"><div class="frame-inner"><header class="frame-header"><h3 class="element-header text-left"><span>Europe</span></h3></header></div></div></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Austria &amp; Hungary</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Austria GmbH</span><br></div><div class="row"><div class="col-lg-7"><p>Hafenstra equals www.facebook.com (Facebook)
Source: support.htm.0.drString found in binary or memory: </p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://twitter.com/ibaagcom"><i class="fab fa-twitter-square"></i></a></div><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/iba-ag/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.xing.com/companies/ibaag-messtechnik-undautomatisierungssysteme"><i class="fab fa-xing"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/ibaagcom/"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div id="c1653" class="frame frame-default frame-type-text frame-layout-0 frame-background-none frame-no-backgroundimage frame-space-before-none frame-space-after-none"><div class="frame-container"><div class="frame-inner"><header class="frame-header"><h3 class="element-header text-left"><span>Europe</span></h3></header></div></div></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Austria &amp; Hungary</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Austria GmbH</span><br></div><div class="row"><div class="col-lg-7"><p>Hafenstra equals www.linkedin.com (Linkedin)
Source: support.htm.0.drString found in binary or memory: </p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://twitter.com/ibaagcom"><i class="fab fa-twitter-square"></i></a></div><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/iba-ag/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.xing.com/companies/ibaag-messtechnik-undautomatisierungssysteme"><i class="fab fa-xing"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/ibaagcom/"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div id="c1653" class="frame frame-default frame-type-text frame-layout-0 frame-background-none frame-no-backgroundimage frame-space-before-none frame-space-after-none"><div class="frame-container"><div class="frame-inner"><header class="frame-header"><h3 class="element-header text-left"><span>Europe</span></h3></header></div></div></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Austria &amp; Hungary</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Austria GmbH</span><br></div><div class="row"><div class="col-lg-7"><p>Hafenstra equals www.twitter.com (Twitter)
Source: support.htm.0.drString found in binary or memory: <br><!--small class="text-muted">Email:</small><br--><a href="mailto:info@iba-scandinavia.com">info@iba-scandinavia.com</a></p><!-- KONTAKT 2 --><p><a href="mailto:"></a></p><!-- KONTAKT 3 --><p><a href="mailto:"></a></p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/begner-agenturer-ab/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/begneragenturer/"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Russian Federation</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">OOO iba Russia</span><br></div><div class="row"><div class="col-lg-7"><p>Prospekt Pobedy 29, Off. 411<br> 398024 Lipetsk</p> equals www.facebook.com (Facebook)
Source: support.htm.0.drString found in binary or memory: <br><!--small class="text-muted">Email:</small><br--><a href="mailto:info@iba-scandinavia.com">info@iba-scandinavia.com</a></p><!-- KONTAKT 2 --><p><a href="mailto:"></a></p><!-- KONTAKT 3 --><p><a href="mailto:"></a></p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/begner-agenturer-ab/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/begneragenturer/"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Russian Federation</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">OOO iba Russia</span><br></div><div class="row"><div class="col-lg-7"><p>Prospekt Pobedy 29, Off. 411<br> 398024 Lipetsk</p> equals www.linkedin.com (Linkedin)
Source: support.htm.0.drString found in binary or memory: <br><!--small class="text-muted">Email:</small><br--><a href="mailto:sales@iba-benelux.com">sales@iba-benelux.com</a></p><!-- KONTAKT 2 --><p><small class="text-muted" style="opacity: 0.8">Support:</small><br><!--f:translate key="LLL:fileadmin/templates/lang/locallang.xlf:email" />: --><a href="mailto:support@iba-benelux.com">support@iba-benelux.com</a></p><!-- KONTAKT 3 --><p><a href="mailto:"></a></p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/ibabeneluxbvba/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/iba-Benelux-BV-107066907754065"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Spain, Portugal</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Ib equals www.facebook.com (Facebook)
Source: support.htm.0.drString found in binary or memory: <br><!--small class="text-muted">Email:</small><br--><a href="mailto:sales@iba-benelux.com">sales@iba-benelux.com</a></p><!-- KONTAKT 2 --><p><small class="text-muted" style="opacity: 0.8">Support:</small><br><!--f:translate key="LLL:fileadmin/templates/lang/locallang.xlf:email" />: --><a href="mailto:support@iba-benelux.com">support@iba-benelux.com</a></p><!-- KONTAKT 3 --><p><a href="mailto:"></a></p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/ibabeneluxbvba/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/iba-Benelux-BV-107066907754065"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Spain, Portugal</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Ib equals www.linkedin.com (Linkedin)
Source: support.htm.0.drString found in binary or memory: <br><!--small class="text-muted">Email:</small><br--><a href="mailto:support@iba-italia.com">support@iba-italia.com</a></p><!-- KONTAKT 2 --><p><a href="mailto:"></a></p><!-- KONTAKT 3 --><p><a href="mailto:"></a></p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/iba-italia-srl/"><i class="fab fa-linkedin"></i></a></div></div></div></div><hr></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Poland</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Polska</span><br> equals www.linkedin.com (Linkedin)
Source: support.htm.0.drString found in binary or memory: <br><!--small class="text-muted">Email:</small><br--><a href="mailto:support@iba-polska.com">support@iba-polska.com</a></p><!-- KONTAKT 2 --><p><a href="mailto:"></a></p><!-- KONTAKT 3 --><p><a href="mailto:"></a></p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/adegis/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/ADEGIS.we.care.a.lot/"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Denmark, Finland, Norway, Sweden</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Scandinavia</span><br> equals www.facebook.com (Facebook)
Source: support.htm.0.drString found in binary or memory: <br><!--small class="text-muted">Email:</small><br--><a href="mailto:support@iba-polska.com">support@iba-polska.com</a></p><!-- KONTAKT 2 --><p><a href="mailto:"></a></p><!-- KONTAKT 3 --><p><a href="mailto:"></a></p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/adegis/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/ADEGIS.we.care.a.lot/"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Denmark, Finland, Norway, Sweden</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Scandinavia</span><br> equals www.linkedin.com (Linkedin)
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://4umaps.eu/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/jquery.mobile/1.3.2/jquery.mobile-1.3.2.min.css
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/jquery.mobile/1.3.2/jquery.mobile-1.3.2.min.js
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/jquery/jquery-1.9.1.min.js
Source: ibaAnalyzer.exe.0.drString found in binary or memory: http://analyzer-doc.iba-ag.com/%TEMP%
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://code.jquery.com/jquery-1.9.1.min.js
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.css
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.js
Source: DevExpress.Sparkline.v16.1.Core.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://dc1.maps.lt/cache/mapslt_25d_vkkp/map/_alllayers/L
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://dc1.maps.lt/cache/mapslt_ortofoto_2010/map/_alllayers/L
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://dc5.maps.lt/cache/mapslt/map/_alllayers/L
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://dc5.maps.lt/cache/mapslt_ortofoto/map/_alllayers/L
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://dc5.maps.lt/cache/mapslt_ortofoto_overlay/map/_alllayers/L
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://dc5.maps.lt/cache/mapslt_relief_vector/map/_alllayers/L
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://dev.virtualearth.net/REST/V1/Imagery/Metadata/
Source: GMap.NET.Core.dll.0.drString found in binary or memory: http://dev.virtualearth.net/REST/V1/Routes/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://dev.virtualearth.net/REST/v1/Locations?
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=0&fmt=1&type=
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://earth.google.com/kml/2.0
Source: GMap.NET.Core.dll.0.drString found in binary or memory: http://ecn.t
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://greatmaps.codeplex.com
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://greatmaps.codeplex.com/discussions/252531
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://mapbender.wheregroup.com/cgi-bin/mapserv?map=/data/umn/osm/osm_basic.map&VERSION=1.1.1&REQUES
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://maps.yahoo.com/
Source: ibaAnalyzerSetup_x64_v7.3.6.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: ibaAnalyzerSetup_x64_v7.3.6.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: DevExpress.Sparkline.v16.1.Core.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://openseamap.org/ghttp://tiles.openseamap.org/seamark/
Source: versions.htm.0.drString found in binary or memory: http://redmine.iba-ag.local/issues/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://routes.cloudmade.com/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/ESRI_Imagery_World_2D/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/ESRI_ShadedRelief_World_2D/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/ESRI_StreetMap_World_2D/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/NGS_Topo_US_2D/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/World_Physical_Map/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/World_Shaded_Relief/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/World_Street_Map/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/World_Terrain_Base/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/World_Topo_Map/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://services.maps.lt/mapsk_services/rest/services/ikartelv/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://sigpac.mapa.es/kmlserver/raster/
Source: regsvr32.exe, 0000000F.00000002.665662339.000000001B422000.00000002.00000010.01000000.00000010.sdmp, regsvr32.exe, 00000016.00000002.719288765.00000000025D2000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://sourceforge.net/projects/nspring)
Source: regsvr32.exe, 0000000F.00000002.665662339.000000001B422000.00000002.00000010.01000000.00000010.sdmp, regsvr32.exe, 00000016.00000002.719288765.00000000025D2000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://sourceforge.net/projects/nspring).
Source: DevExpress.Sparkline.v16.1.Core.dll.0.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: DevExpress.Sparkline.v16.1.Core.dll.0.drString found in binary or memory: http://t2.symcb.com0
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://tiles.ump.waw.pl/ump_tiles/
Source: DevExpress.Sparkline.v16.1.Core.dll.0.drString found in binary or memory: http://tl.symcb.com/tl.crl0
Source: DevExpress.Sparkline.v16.1.Core.dll.0.drString found in binary or memory: http://tl.symcb.com/tl.crt0
Source: DevExpress.Sparkline.v16.1.Core.dll.0.drString found in binary or memory: http://tl.symcd.com0&
Source: DevExpress.Sparkline.v16.1.Core.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: DevExpress.Sparkline.v16.1.Core.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: DevExpress.Sparkline.v16.1.Core.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://ump.waw.pl/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://wego.here.com/w
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://where.yahooapis.com/geocode?country=
Source: GMap.NET.Core.dll.0.drString found in binary or memory: http://where.yahooapis.com/geocode?q=
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://wikimapia.org/S
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://www.4umaps.eu/map.htmu
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://www.darb.ae/ArcGIS/rest/services/BaseMaps/Q2_2011_NAVTQ_Eng_V5/MapServer/tile/
Source: DevExpress.Sparkline.v16.1.Core.dll.0.drString found in binary or memory: http://www.devexpress.com/0/
Source: regsvr32.exe, 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmp, ibaRunTime64.dll.0.drString found in binary or memory: http://www.dnguard.net/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000003.498976131.00000000006F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iba-ag.com.
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://www.ikarte.lv/default.aspx?lang=en
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://www.maps.lt/map/K
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://www.mapy.cz/I6A1AF99A-84C6-4EF6-91A5-77B9D03257C2
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://www.nearmap.com/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://www.opencyclemap.org/whttp://
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://www.topografix.com/GPX/1/1
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://www.topografix.com/GPX/1/1D
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://www.topografix.com/GPX/1/1T
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: http://www.yournavigation.org/api/1.0/gosmore.php?format=kml&flat=
Source: View.GeoView.dll.0.drString found in binary or memory: https://api.maptiler.com/maps/
Source: View.GeoView.dll.0.drString found in binary or memory: https://api.maptiler.com/maps/tiles/Basic?key=_Software
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: https://kso.etjanster.lantmateriet.se/?lang=en#
Source: GMap.NET.Core.dll.0.drString found in binary or memory: https://kso.etjanster.lantmateriet.se/karta/topowebb/v1.1/wmts?SERVICE=WMTS&REQUEST=GetTile&VERSION=
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: https://mapserver.mapy.cz/turist-m/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: https://nominatim.openstreetmap.org/reverse?format=xml&lat=
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: https://nominatim.openstreetmap.org/search?q=
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drString found in binary or memory: https://nominatim.openstreetmap.org/search?street=
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://system.data.sqlite.org/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://system.data.sqlite.org/X
Source: support.htm.0.drString found in binary or memory: https://twitter.com/ibaagcom
Source: support.htm.0.drString found in binary or memory: https://www.linkedin.com/company/adegis/
Source: support.htm.0.drString found in binary or memory: https://www.linkedin.com/company/begner-agenturer-ab/
Source: support.htm.0.drString found in binary or memory: https://www.linkedin.com/company/iba-ag/
Source: support.htm.0.drString found in binary or memory: https://www.linkedin.com/company/iba-italia-srl/
Source: support.htm.0.drString found in binary or memory: https://www.linkedin.com/company/ibabeneluxbvba/
Source: View.GeoView.dll.0.drString found in binary or memory: https://www.maptiler.com/#providersComboBox
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sqlite.org/copyright.html2
Source: DevExpress.Sparkline.v16.1.Core.dll.0.drString found in binary or memory: https://www.thawte.com/cps0/
Source: DevExpress.Sparkline.v16.1.Core.dll.0.drString found in binary or memory: https://www.thawte.com/repository0W
Source: support.htm.0.drString found in binary or memory: https://www.xing.com/companies/ibaag-messtechnik-undautomatisierungssysteme
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032A7450 GetTickCount,select,GetTickCount,GetTickCount,recv,recv,__WSAFDIsSet,__WSAFDIsSet,0_2_032A7450
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_031C1D4E GetDlgCtrlID,OpenClipboard,GetClipboardData,GlobalLock,lstrlenA,SendMessageA,GlobalUnlock,CloseClipboard,CallWindowProcA,0_2_031C1D4E
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405042
Source: ibaAnalyzerSetup_x64_v7.3.6.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040323C
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_004048530_2_00404853
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_004061310_2_00406131
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032DB3480_2_032DB348
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032A52200_2_032A5220
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032A22000_2_032A2200
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032B92900_2_032B9290
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032C41D80_2_032C41D8
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032DB0810_2_032DB081
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032DB6030_2_032DB603
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032C440C0_2_032C440C
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032D44CD0_2_032D44CD
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032D94C30_2_032D94C3
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032D5B1A0_2_032D5B1A
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032DAA650_2_032DAA65
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032C79300_2_032C7930
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032A29700_2_032A2970
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032CF8AE0_2_032CF8AE
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032C3FA40_2_032C3FA4
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032D7EA80_2_032D7EA8
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032A2EE00_2_032A2EE0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032D7D840_2_032D7D84
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032A1DF00_2_032A1DF0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032DADD70_2_032DADD7
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B38E9F015_2_1B38E9F0
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B38DD2C15_2_1B38DD2C
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B2447C015_2_1B2447C0
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B394A2E15_2_1B394A2E
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B241A0015_2_1B241A00
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B23342015_2_1B233420
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B26392015_2_1B263920
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B3929AB15_2_1B3929AB
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B38C81115_2_1B38C811
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B264F6015_2_1B264F60
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B26BFE015_2_1B26BFE0
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B262FF015_2_1B262FF0
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B25CEF015_2_1B25CEF0
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B393C3015_2_1B393C30
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B39331A15_2_1B39331A
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B25B30015_2_1B25B300
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B26630015_2_1B266300
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B26135015_2_1B261350
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B26022015_2_1B260220
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B26C24015_2_1B26C240
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B2641F015_2_1B2641F0
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B26B1C015_2_1B26B1C0
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B238FF015_2_1B238FF0
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B25C05015_2_1B25C050
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B24F47015_2_1B24F470
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B26608015_2_1B266080
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B26908015_2_1B269080
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B23B74015_2_1B23B740
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B38D75015_2_1B38D750
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B2637B015_2_1B2637B0
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B2341D015_2_1B2341D0
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B26A51015_2_1B26A510
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B23B58015_2_1B23B580
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B26743015_2_1B267430
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B26541015_2_1B265410
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_00007FF9EE5F250915_2_00007FF9EE5F2509
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_00007FF9EE5F133715_2_00007FF9EE5F1337
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_00007FF9EE5ED90A15_2_00007FF9EE5ED90A
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_00007FF9EE5EC33015_2_00007FF9EE5EC330
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: String function: 032BE8A0 appears 44 times
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032B5800 MultiByteToWideChar,MultiByteToWideChar,GlobalAlloc,GlobalAlloc,MultiByteToWideChar,MultiByteToWideChar,GlobalAlloc,MultiByteToWideChar,MultiByteToWideChar,GlobalAlloc,MultiByteToWideChar,MultiByteToWideChar,GlobalAlloc,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GlobalAlloc,MultiByteToWideChar,CreateProcessWithLogonW,CloseHandle,CloseHandle,CloseHandle,GetLastError,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,0_2_032B5800
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032A1780: DeviceIoControl,CloseHandle,DeviceIoControl,CloseHandle,CloseHandle,CloseHandle,0_2_032A1780
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameView.GeoView.dll8 vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lbHash%lbOriginalFilename vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 2>>lbOriginalFilename.Name vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 6>>lbOriginalFilename.Parent vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 2>>lbOriginalFilename.Type vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 6>>lbOriginalFilename.ZOrder vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 6lbOriginalFilename.AutoSize vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 6lbOriginalFilename.Location vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .lbOriginalFilename.SizeS vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 6lbOriginalFilename.TabIndex vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .lbOriginalFilename.Text vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lbOriginalFilename vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameibaSharedGui.dll. vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameibaManagedFFT.dll< vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameibaThreadSafeNativeFFT_2015. vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGMap.NET.Core.dll< vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGMap.NET.WindowsForms.dllL vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Data.SQLite.dllH vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSQLite.Interop.dllF vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameView.ibaFFT.dll. vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecombit.ListLabel20.Export.x64.dll< vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamensSCMEx.dllZ vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeSection loaded: mpiwin32.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032B45E0 Remove,OpenSCManagerA,CloseServiceHandle,GlobalAlloc,wsprintfA,GlobalAlloc,lstrcpyA,GlobalFree,OpenServiceA,GlobalFree,DeleteService,CloseServiceHandle,CloseServiceHandle,GlobalFree,CloseServiceHandle,CloseServiceHandle,0_2_032B45E0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile read: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeJump to behavior
Source: ibaAnalyzerSetup_x64_v7.3.6.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe "C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe"
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaHDOfflineActiveX.ocx
Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\iba\ibaAnalyzer\ibaHDOfflineActiveX.ocx"
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx
Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx"
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaHDOfflineActiveX.ocxJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocxJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\iba\ibaAnalyzer\ibaHDOfflineActiveX.ocx"Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx"Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032AE6D0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,0_2_032AE6D0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032B5A00 MultiByteToWideChar,GlobalFree,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,GetShellWindow,GetWindowThreadProcessId,OpenProcess,OpenProcessToken,GetLastError,DuplicateTokenEx,LoadLibraryA,GetProcAddress,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,GetLastError,0_2_032B5A00
Source: C:\Windows\System32\regsvr32.exeFile created: C:\Users\user\AppData\Roaming\ibaJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Users\user\AppData\Local\Temp\nshAD.tmpJump to behavior
Source: classification engineClassification label: sus24.evad.winEXE@9/99@0/0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar,0_2_00402020
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: Install,OpenSCManagerA,CloseServiceHandle,GlobalAlloc,wsprintfA,GlobalAlloc,lstrcpyA,GlobalFree,GlobalFree,GlobalAlloc,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalAlloc,GlobalFree,GlobalFree,GlobalFree,GlobalAlloc,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalAlloc,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalAlloc,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,___from_strstr_to_strchr,GlobalAlloc,lstrcpyA,GlobalFree,GlobalAlloc,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CreateServiceA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GetLastError,CloseServiceHandle,CloseServiceHandle,GlobalFree,GlobalFree,GlobalFree,CloseServiceHandle,CloseServiceHandle,0_2_032B3500
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_00404356 GetDlgItem,SetWindowTextA,SHAutoComplete,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404356
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drBinary or memory string: INSERT INTO Tiles(X, Y, Zoom, Type, CacheTime) SELECT X, Y, Zoom, Type, CacheTime FROM Source.Tiles WHERE id={0}; INSERT INTO TilesData(id, Tile) Values((SELECT last_insert_rowid()), (SELECT Tile FROM Source.TilesData WHERE id={0}));/DETACH DATABASE Source;
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drBinary or memory string: SELECT id FROM Tiles WHERE X={0} AND Y={1} AND Zoom={2} AND Type={3};
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drBinary or memory string: create table large (a); insert into large values (zeroblob({0})); drop table large;
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drBinary or memory string: CREATE TABLE IF NOT EXISTS TilesData (id INTEGER NOT NULL PRIMARY KEY CONSTRAINT fk_Tiles_id REFERENCES Tiles(id) ON DELETE CASCADE, Tile BLOB NULL);
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032ABFD0 WaitForInputIdle,GetCurrentProcess,GetCurrentProcess,WaitForInputIdle,FindWindowA,GetWindowThreadProcessId,PostThreadMessageA,RegisterClassExA,GetModuleHandleA,GetProcAddress,ShowWindow,RegisterDeviceNotificationA,PeekMessageA,DispatchMessageA,Sleep,GetLastError,FormatMessageA,UnregisterDeviceNotification,GetModuleHandleA,GetProcAddress,UnregisterClassA,0_2_032ABFD0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032B4D00 Start,OpenSCManagerA,CloseServiceHandle,GlobalAlloc,wsprintfA,GlobalAlloc,lstrcpyA,GlobalFree,OpenServiceA,GlobalFree,GetLastError,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GlobalFree,CloseServiceHandle,CloseServiceHandle,0_2_032B4D00
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B246890 FindResourceA,LoadResource,LockResource,SizeofResource,WideCharToMultiByte,WideCharToMultiByte,15_2_1B246890
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\ibaJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile written: C:\Users\user\AppData\Local\Temp\nss310.tmp\licenseserveroptions.iniJump to behavior
Source: ICSharpCode.SharpZipLib.dll.0.dr, ICSharpCode.SharpZipLib/Zip/Compression/Streams/InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.0.dr, ICSharpCode.SharpZipLib/Zip/Compression/Streams/InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.0.dr, ICSharpCode.SharpZipLib/Zip/Compression/Streams/DeflaterOutputStream.csCryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.0.dr, ICSharpCode.SharpZipLib/Encryption/ZipAESTransform.csCryptographic APIs: 'TransformBlock'
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeAutomated click: Next >
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeAutomated click: I Agree
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeAutomated click: Next >
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeAutomated click: Next >
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeAutomated click: Install
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeWindow detected: < &BackI &AgreeCanceliba AG iba AGLicense AgreementPlease review the license terms before installing ibaAnalyzer v7.3.6 (x64).Press Page Down to see the rest of the agreement.LICENSE AGREEMENT for ibaAnalyzer (hereinafter referred to as SOFTWARE)Copyright iba AG. All Rights Reserved.YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE. IF YOU DO NOT AGREE DO NOT INSTALL COPY OR USE THE SOFTWARE 1. GRANT OF LICENSE. iba AG grants the customer a non-transferable non-exclusive right to use the SOFTWARE under the provisions of this LICENSE AGREEMENT.(1) LICENSE PROTECTIONThe SOFTWARE provided contains technical features intended to prevent unlicensed use. (a) Cost free license for standard functions iba AG grants a cost free license for use of the standard features of the product if a genuine iba file format is opened. Each time such a genuine file is opened a cost free single use license for this program is intrinsically granted. Genuine in this context means that the measurement file has been produced with a correctly licensed iba SOFTWARE which can be ibaPDA ibaLogic ibaAnalyzer ibaDatCoordinator or ibaFiles. (b) Purchased license for special functions Use of special functions in the SOFTWARE requires a purchased license. The use of these functions is allowed only if the purchased license dongle (USB hardware key) carries the associated license information. The license dongle must be plugged into a port on the PC suitable for the purpose and may not be removed while the functions requiring the license are being used. The license is issued to the end user name specified in the order and is not transferrable. The license may also be managed by a license server for multiple users within the same organization. (2) ACTIONS EXCLUDED FROM THE LICENSE(a) You may not amend modify or edit the SOFTWARE. The modification or removal of trademarks copyrights and other IP protection notices is expressively forbidden. (b) You may not reverse engineer decompile or disassemble the SOFTWARE except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.(c) You may not reproduce the SOFTWARE for the purpose of passing it to third parties.(3) NON TRANSFERABILITYThe license is not transferable. The customer only has the right to transfer the rights of use of the SOFTWARE to a third party if the license has already been issued in the name of this third party or has been changed to this name by iba AG.(4) GENUINE iba FILE FORMATThe genuine iba file formats in its different versions are intellectual property of iba AG. Any file generated by a third party product with a similar or different format requires the purchase of a proper license from iba AG. Unlicensed generation of the genuine iba file format is illegal and subject to legal action. iba AG reserves the right to modify the genuine file formats at any time without notice.2. DESCRIPTION OF OTH
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: ibaAnalyzerSetup_x64_v7.3.6.exeStatic file information: File size 69983376 > 1048576
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\ibaJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzerJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzer.exeJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\SciLexer.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\versions.htmJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\License_Agreement_ibaAnalyzer.pdfJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\support.htmJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractor.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractorMC.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\reg_dataextractorMC.batJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\reg_dataextractor.batJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\mkl64_parallel.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\libiomp5md.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\msvcp100.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Data.v16.1.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Printing.v16.1.Core.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Sparkline.v16.1.Core.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Utils.v16.1.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraEditors.v16.1.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraGrid.v16.1.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraPrinting.v16.1.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\DotNetMagic2005.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\hdClientInterfaces.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\hdCommon.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaUser.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaUser.Forms.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaHdViewUtilities.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaLogger.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ICSharpCode.SharpZipLib.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaViewInterfaces.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaViewUtilities.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaPdaServerInterfaces.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaExpressions.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaPdaPluginInterface.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\OverlayWindow.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\PowerCollections.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\View.ibaEventTable.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\View.ibaGraphManager.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaHDOffline.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaHdOfflineActiveX.ocxJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\hdClient.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\hdCore.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaRunTime64.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\deJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\hdClient.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\ibaHDOffline.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\hdCommon.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.Forms.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\ibaViewUtilities.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaEventTable.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaGraphManager.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\ibaShared.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\ibaSharedGui.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaFFT.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaOrbit.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\View.GeoView.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\ibaAnalyzerViewHostViewWrapper.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaAnalyzerViewHostGraphManager.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\frJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\hdClient.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaHDOffline.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\hdCommon.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.Forms.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaViewUtilities.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaEventTable.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaGraphManager.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaShared.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaSharedGui.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaFFT.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaOrbit.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\View.GeoView.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaAnalyzerViewHostViewWrapper.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaAnalyzerViewHostGraphManager.resources.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHost.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostViewWrapper.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocxJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaShared.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaSharedGui.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaManagedFFT.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\ibaThreadSafeNativeFFT.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\GMap.NET.Core.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\GMap.NET.WindowsForms.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\System.Data.SQLite.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\SQLite.Interop.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\PluginsJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaFFT.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaOrbit.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaGraphManager.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaAnalyzerViewHostGraphManager.dllJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDirectory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.GeoView.dllJump to behavior
Source: ibaAnalyzerSetup_x64_v7.3.6.exeStatic PE information: certificate valid
Source: Binary string: D:\proj\ibafft\ibaNativeFFTWrapper\bin\x64\Release\ibaThreadSafeNativeFFT.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaThreadSafeNativeFFT.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\bin\x64\Release\ibaAnalyzer.pdb source: ibaAnalyzer.exe.0.dr
Source: Binary string: F:\LL\LL.Export_20\combit.ListLabel.Export.x64\bin\Release\v4.0\AnyCPU\DllExporter\combit.ListLabel20.Export.x64.pdbBSJB source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcr100.amd64.pdb source: msvcr100.dll.0.dr
Source: Binary string: C:\Users\mistachkin\Documents\checkouts\sqlite\dotnet\bin\2017\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.Core\obj\Release\net40\GMap.NET.Core.pdbSHA256 source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHost\obj\Release\ibaAnalyzerViewHost.pdb source: ibaAnalyzerViewHost.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostMaps\obj\Release\View.GeoView.pdbV7 source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmp, View.GeoView.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostMaps\obj\Release\View.GeoView.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmp, View.GeoView.dll.0.dr
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.WindowsForms\obj\Release\net40\GMap.NET.WindowsForms.pdbSHA256 source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaHDOffline\ibaHDOfflineActiveX\bin\x64\Release\ibaHDOfflineActiveX.pdb source: regsvr32.exe, 0000000F.00000002.664864019.00000000029A1000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: V:\_Project\scintilla410\scintilla\win32\x64\Release\SciLexer.pdb source: SciLexer.dll.0.dr
Source: Binary string: D:\proj\ibaFFT\ibaManagedFFT\obj\Release\ibaManagedFFT.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaManagedFFT.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostActiveX\bin\x64\Release\ibaAnalyzerViewHostActiveX.pdb source: regsvr32.exe, 00000016.00000002.720287948.0000000002726000.00000002.00000001.01000000.00000012.sdmp, regsvr32.exe, 00000016.00000002.722962885.00007FFA66866000.00000002.00000001.01000000.00000012.sdmp, ibaAnalyzerViewHostActiveX.ocx.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\bin\x64\Release\ibaAnalyzer.pdbf source: ibaAnalyzer.exe.0.dr
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.Core\obj\Release\net40\GMap.NET.Core.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr
Source: Binary string: c:\dev\sqlite\dotnet\obj\2010\System.Data.SQLite.2010\Release\System.Data.SQLite.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.WindowsForms\obj\Release\net40\GMap.NET.WindowsForms.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\projects\sharpziplib\src\ICSharpCode.SharpZipLib\obj\Release\net45\ICSharpCode.SharpZipLib.pdbSHA256 source: regsvr32.exe, 0000000F.00000002.665830211.000000001B5A2000.00000002.00000001.01000000.00000011.sdmp, regsvr32.exe, 00000016.00000002.720664341.00000000027E2000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostActiveX\bin\x64\Release\ibaAnalyzerViewHostActiveX.pdbBB' source: regsvr32.exe, 00000016.00000002.720287948.0000000002726000.00000002.00000001.01000000.00000012.sdmp, regsvr32.exe, 00000016.00000002.722962885.00007FFA66866000.00000002.00000001.01000000.00000012.sdmp, ibaAnalyzerViewHostActiveX.ocx.0.dr
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaGraphManager\obj\Release\View.ibaGraphManager.pdb source: View.ibaGraphManager.dll.0.dr
Source: Binary string: c:\Projects\16.1\BuildLabel\Temp\NetStudio.v16.1.2005\Win\DevExpress.XtraCharts\DevExpress.Sparkline.Core\obj\Release\DevExpress.Sparkline.v16.1.Core.pdb source: DevExpress.Sparkline.v16.1.Core.dll.0.dr
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaViewInterfaces\obj\Release\ibaViewInterfaces.pdb source: ibaViewInterfaces.dll.0.dr
Source: Binary string: C:\Proj\ibaPDA_7.3.x\Installer\nsSCMEx\Release\nsSCMEx.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\projects\sharpziplib\src\ICSharpCode.SharpZipLib\obj\Release\net45\ICSharpCode.SharpZipLib.pdb source: regsvr32.exe, 0000000F.00000002.665830211.000000001B5A2000.00000002.00000001.01000000.00000011.sdmp, regsvr32.exe, 00000016.00000002.720664341.00000000027E2000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaHDOffline\ibaHDOfflineActiveX\bin\x64\Release\ibaHDOfflineActiveX.pdb::' source: regsvr32.exe, 0000000F.00000002.664864019.00000000029A1000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaOnlineFFT\obj\Release\View.ibaFFT.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: F:\LL\LL.Export_20\combit.ListLabel.Export.x64\bin\Release\v4.0\AnyCPU\DllExporter\combit.ListLabel20.Export.x64.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaSharedGui\obj\Release\ibaSharedGui.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\proj\ibaFFT\ibaManagedFFT\obj\Release\ibaManagedFFT.pdb, source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaManagedFFT.dll.0.dr
Source: Binary string: D:\proj\ibafft\ibaNativeFFTWrapper\bin\x64\Release\ibaThreadSafeNativeFFT.pdb!! source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaThreadSafeNativeFFT.dll.0.dr
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032DA528 push ecx; ret 0_2_032DA526
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032BE8E6 push ecx; ret 0_2_032BE8F9
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_10002A10 push eax; ret 0_2_10002A3E
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_02977357 push 00000028h; iretd 15_2_02977359
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_02974FDB push 00000028h; retf 15_2_02974FE9
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B2DCE8E push rdi; ret 15_2_1B2DCFF3
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B296C2C push rdi; retf 15_2_1B296C30
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_00007FFA668C4FDB push 00000028h; retf 15_2_00007FFA668C4FE9
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_00007FFA668C7357 push 00000028h; iretd 15_2_00007FFA668C7359
Source: C:\Windows\System32\regsvr32.exeCode function: 22_2_027170A9 push 00000028h; retf 22_2_027170B5
Source: C:\Windows\System32\regsvr32.exeCode function: 22_2_02716F05 push 00000028h; retf 22_2_02716F17
Source: C:\Windows\System32\regsvr32.exeCode function: 22_2_00007FFA66856F05 push 00000028h; retf 22_2_00007FFA66856F17
Source: C:\Windows\System32\regsvr32.exeCode function: 22_2_00007FFA668570A9 push 00000028h; retf 22_2_00007FFA668570B5
Source: ibaRunTime64.dll.0.drStatic PE information: section name: .hvm
Source: ibaRunTime64.dll.0.drStatic PE information: section name: .hvm0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
Source: ICSharpCode.SharpZipLib.dll.0.drStatic PE information: 0xEE450951 [Mon Sep 3 09:09:37 2096 UTC]
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\System.Data.SQLite.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\ibaAnalyzerViewHostViewWrapper.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaPdaServerInterfaces.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaOrbit.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaUser.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaFFT.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractor.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\View.ibaGraphManager.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzer.exeJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaExpressions.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\hdCommon.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\libiomp5md.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\msvcp100.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaRunTime64.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\msvcr100.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\mkl64_parallel.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Utils.v16.1.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.GeoView.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\ibaShared.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\OverlayWindow.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaHdViewUtilities.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\hdCommon.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaHDOffline.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaShared.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\ibaViewUtilities.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaManagedFFT.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\SQLite.Interop.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Users\user\AppData\Local\Temp\nss310.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Users\user\AppData\Local\Temp\nss310.tmp\SimpleSC.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\View.GeoView.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\ibaViewUtilities.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Users\user\AppData\Local\Temp\nss310.tmp\InstallOptions.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaGraphManager.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaUser.Forms.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.Forms.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostViewWrapper.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\View.GeoView.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraGrid.v16.1.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaGraphManager.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\hdCore.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\hdClient.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\ibaHDOffline.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Sparkline.v16.1.Core.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.Forms.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHost.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaGraphManager.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaAnalyzerViewHostGraphManager.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\GMap.NET.WindowsForms.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\ibaSharedGui.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaOrbit.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\DotNetMagic2005.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraEditors.v16.1.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaEventTable.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaFFT.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\SciLexer.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocxJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaAnalyzerViewHostGraphManager.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Printing.v16.1.Core.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\hdClient.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaAnalyzerViewHostGraphManager.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\ibaShared.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaSharedGui.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\GMap.NET.Core.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\hdClientInterfaces.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\View.ibaEventTable.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\ibaHDOffline.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaPdaPluginInterface.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaOrbit.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Users\user\AppData\Local\Temp\nss310.tmp\nsSCMEx.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Data.v16.1.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\hdCommon.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaEventTable.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractorMC.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\hdClient.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ICSharpCode.SharpZipLib.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\PowerCollections.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaHdOfflineActiveX.ocxJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaFFT.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraPrinting.v16.1.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\de\ibaAnalyzerViewHostViewWrapper.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaLogger.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaViewUtilities.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Users\user\AppData\Local\Temp\nss310.tmp\UserInfo.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaViewInterfaces.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\fr\ibaSharedGui.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\ibaThreadSafeNativeFFT.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_031C1410 wsprintfA,lstrcpyA,GetPrivateProfileStringA,lstrcpyA,CharNextA,0_2_031C1410
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\License_Agreement_ibaAnalyzer.pdfJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile created: C:\Program Files\iba\ibaAnalyzer\License_Agreement_ibaAnalyzer.pdfJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032B4D00 Start,OpenSCManagerA,CloseServiceHandle,GlobalAlloc,wsprintfA,GlobalAlloc,lstrcpyA,GlobalFree,OpenServiceA,GlobalFree,GetLastError,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GlobalFree,CloseServiceHandle,CloseServiceHandle,0_2_032B4D00
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032BD7A0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_032BD7A0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_0-30060
Tries to detect virtualization through RDTSC time measurements
Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 000000001B393905 second address: 000000001B393921 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, bl 0x00000005 bts dx, ax 0x00000009 movsx edx, di 0x0000000c inc ebp 0x0000000d xor eax, dword ptr [ebx+ecx*4+00000858h] 0x00000014 inc ebp 0x00000015 add eax, dword ptr [ebx+eax*4+00000C58h] 0x0000001c rdtsc
Source: C:\Windows\System32\regsvr32.exe TID: 5916Thread sleep count: 117 > 30Jump to behavior
Source: C:\Windows\System32\regsvr32.exe TID: 5916Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\regsvr32.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_15-32238
Source: C:\Windows\System32\regsvr32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_15-32461
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: EnumServicesStatusExA,GetLastError,GetLastError,CloseServiceHandle,EnumServicesStatusExA,GetLastError,GetLastError,0_2_032B6FA0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\System.Data.SQLite.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\ibaAnalyzerViewHostViewWrapper.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaPdaServerInterfaces.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaUser.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaOrbit.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\View.ibaFFT.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractor.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\View.ibaGraphManager.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaExpressions.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzer.exeJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\hdCommon.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\msvcp100.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\libiomp5md.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaRunTime64.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\msvcr100.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\mkl64_parallel.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DevExpress.Utils.v16.1.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\Plugins\View.GeoView.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\ibaShared.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\OverlayWindow.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaHdViewUtilities.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\hdCommon.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaHDOffline.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaShared.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\ibaViewUtilities.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaManagedFFT.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\SQLite.Interop.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\View.GeoView.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\ibaViewUtilities.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\View.ibaGraphManager.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaUser.Forms.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.Forms.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostViewWrapper.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\View.GeoView.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraGrid.v16.1.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaGraphManager.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\hdCore.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\hdClient.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\ibaHDOffline.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DevExpress.Sparkline.v16.1.Core.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.Forms.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHost.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaGraphManager.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\GMap.NET.WindowsForms.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaAnalyzerViewHostGraphManager.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\ibaSharedGui.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\View.ibaOrbit.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DotNetMagic2005.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraEditors.v16.1.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaFFT.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\View.ibaEventTable.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\SciLexer.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaAnalyzerViewHostGraphManager.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DevExpress.Printing.v16.1.Core.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\View.ibaAnalyzerViewHostGraphManager.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\hdClient.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\ibaShared.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\GMap.NET.Core.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaSharedGui.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\hdClientInterfaces.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\View.ibaEventTable.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\ibaHDOffline.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaPdaPluginInterface.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaOrbit.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DevExpress.Data.v16.1.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\hdCommon.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaEventTable.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractorMC.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ICSharpCode.SharpZipLib.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\hdClient.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\PowerCollections.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaFFT.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraPrinting.v16.1.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\ibaAnalyzerViewHostViewWrapper.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaViewUtilities.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaLogger.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaThreadSafeNativeFFT.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaViewInterfaces.dllJump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeDropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\ibaSharedGui.resources.dllJump to dropped file
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B3929AB rdtsc 15_2_1B3929AB
Source: C:\Windows\System32\regsvr32.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032B30E0 GetOsVersion,GetModuleHandleA,GetProcAddress,GetProcAddress,GetVersionExW,GlobalFree,GlobalFree,GetProcAddress,GetModuleHandleA,GetProcAddress,GetSystemInfo,RegOpenKeyExA,RegQueryValueExA,_strstr,RegCloseKey,_strstr,RegCloseKey,_strstr,RegCloseKey,GlobalAlloc,GlobalAlloc,lstrcpynA,GlobalAlloc,wsprintfA,0_2_032B30E0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,SHELL32_IconCache_DoneExtractingIcons,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032D1866 FindFirstFileExW,0_2_032D1866
Source: C:\Windows\System32\regsvr32.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeAPI call chain: ExitProcess graph end nodegraph_0-31167
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeAPI call chain: ExitProcess graph end nodegraph_0-31171
Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_15-32029
Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_15-32008
Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_15-31824
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile Volume queried: C:\Program Files FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeFile Volume queried: C:\Program Files FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032C925B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_032C925B
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_0297C60C GetLastError,IsDebuggerPresent,OutputDebugStringW,15_2_0297C60C
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032B53E5 GetProcessHeap,0_2_032B53E5
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B3929AB rdtsc 15_2_1B3929AB
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032C8252 mov eax, dword ptr fs:[00000030h]0_2_032C8252
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032D1474 mov eax, dword ptr fs:[00000030h]0_2_032D1474
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032D14BA mov eax, dword ptr fs:[00000030h]0_2_032D14BA
Source: C:\Windows\System32\regsvr32.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032BE334 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_032BE334
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032C925B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_032C925B
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032BE719 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_032BE719
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B25BB70 SetUnhandledExceptionFilter,15_2_1B25BB70
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B25BB40 SetUnhandledExceptionFilter,15_2_1B25BB40
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B25DD3F RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_1B25DD3F
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B264360 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_1B264360
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B259280 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_1B259280
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B259160 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_1B259160
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B2590C0 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_1B2590C0
Source: C:\Windows\System32\regsvr32.exeCode function: 15_2_1B258680 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_1B258680
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032AC740 InterlockedCompareExchange,GetModuleFileNameA,LoadLibraryA,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CloseHandle,WaitForSingleObject,CloseHandle,0_2_032AC740
Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\Program Files\iba\ibaAnalyzer\ibaHdOfflineActiveX.ocx VolumeInformationJump to behavior
Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\Program Files\iba\ibaAnalyzer\ibaLogger.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\Program Files\iba\ibaAnalyzer\ICSharpCode.SharpZipLib.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_032D5395
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: GetLocaleInfoW,0_2_032D52C2
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: EnumSystemLocalesW,0_2_032CD1BB
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_032D51BA
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: GetLocaleInfoW,0_2_032D5092
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: GetLocaleInfoW,0_2_032CD76E
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_032D4A26
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_032D4E3D
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: EnumSystemLocalesW,0_2_032D4D17
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: EnumSystemLocalesW,0_2_032D4DB2
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: EnumSystemLocalesW,0_2_032D4CCC
Source: C:\Windows\System32\regsvr32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,15_2_1B25782C
Source: C:\Windows\System32\regsvr32.exeCode function: GetLocaleInfoA,15_2_1B269410
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032BE8FB cpuid 0_2_032BE8FB
Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032BB350 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_032BB350
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032C9A43 _free,_free,_free,GetTimeZoneInformation,_free,0_2_032C9A43
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405B88
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032B52F0 GlobalFree,GetProcessHeap,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,LookupAccountNameA,GetLastError,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapReAlloc,0_2_032B52F0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032A77C0 socket,WSAGetLastError,bind,WSAGetLastError,GetTickCount,ioctlsocket,connect,ioctlsocket,select,__WSAFDIsSet,GetTickCount,GetTickCount,closesocket,WSAGetLastError,getsockname,htons,closesocket,0_2_032A77C0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exeCode function: 0_2_032A7A20 socket,bind,WSAGetLastError,Sleep,connect,Sleep,WSAGetLastError,getsockname,htons,closesocket,closesocket,WSAGetLastError,0_2_032A7A20

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
1
Valid Accounts		13
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		OS Credential Dumping2
System Time Discovery		Remote Services11
Archive Collected Data		Exfiltration Over Other Network Medium1
Ingress Tool Transfer		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default Accounts12
Service Execution		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		11
Deobfuscate/Decode Files or Information		LSASS Memory1
Peripheral Device Discovery		Remote Desktop Protocol2
Clipboard Data		Exfiltration Over Bluetooth1
Encrypted Channel		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)1
Valid Accounts		1
Valid Accounts		3
Obfuscated Files or Information		Security Account Manager1
Account Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)12
Windows Service		11
Access Token Manipulation		1
Software Packing		NTDS1
System Service Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon Script12
Windows Service		1
Timestomp		LSA Secrets3
File and Directory Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.common1
Process Injection		1
DLL Side-Loading		Cached Domain Credentials137
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
DLL Search Order Hijacking		DCSync1
Query Registry		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job3
Masquerading		Proc Filesystem14
Security Software Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
Valid Accounts		/etc/passwd and /etc/shadow22
Virtualization/Sandbox Evasion		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)22
Virtualization/Sandbox Evasion		Network Sniffing1
System Owner/User Discovery		Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron11
Access Token Manipulation		Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
Compromise Software Supply ChainUnix ShellLaunchdLaunchd1
Process Injection		KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 632527 Sample: ibaAnalyzerSetup_x64_v7.3.6.exe Startdate: 23/05/2022 Architecture: WINDOWS Score: 24 6 ibaAnalyzerSetup_x64_v7.3.6.exe 122 2->6         started        file3 19 C:\Users\user\AppData\Local\...\nsSCMEx.dll, PE32 6->19 dropped 21 C:\Users\user\AppData\Local\...\UserInfo.dll, PE32 6->21 dropped 23 C:\Users\user\AppData\Local\...\System.dll, PE32 6->23 dropped 25 85 other files (none is malicious) 6->25 dropped 27 Found evasive API chain (may stop execution after checking mutex) 6->27 10 regsvr32.exe 6->10         started        12 regsvr32.exe 6->12         started        signatures4 process5 process6 14 regsvr32.exe 62 5 10->14         started        17 regsvr32.exe 12->17         started        signatures7 29 Tries to detect virtualization through RDTSC time measurements 14->29

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ibaAnalyzerSetup_x64_v7.3.6.exe0%VirustotalBrowse
ibaAnalyzerSetup_x64_v7.3.6.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\iba\ibaAnalyzer\DevExpress.Data.v16.1.dll0%ReversingLabs
C:\Program Files\iba\ibaAnalyzer\DevExpress.Printing.v16.1.Core.dll0%ReversingLabs
C:\Program Files\iba\ibaAnalyzer\DevExpress.Sparkline.v16.1.Core.dll0%ReversingLabs
C:\Program Files\iba\ibaAnalyzer\DevExpress.Utils.v16.1.dll0%ReversingLabs
C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraEditors.v16.1.dll0%ReversingLabs
C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraGrid.v16.1.dll0%ReversingLabs
C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraPrinting.v16.1.dll0%ReversingLabs
C:\Program Files\iba\ibaAnalyzer\DotNetMagic2005.dll0%ReversingLabs
C:\Program Files\iba\ibaAnalyzer\GMap.NET.Core.dll0%MetadefenderBrowse
C:\Program Files\iba\ibaAnalyzer\GMap.NET.Core.dll0%ReversingLabs
C:\Program Files\iba\ibaAnalyzer\GMap.NET.WindowsForms.dll0%MetadefenderBrowse
C:\Program Files\iba\ibaAnalyzer\GMap.NET.WindowsForms.dll0%ReversingLabs
C:\Program Files\iba\ibaAnalyzer\ICSharpCode.SharpZipLib.dll0%MetadefenderBrowse
C:\Program Files\iba\ibaAnalyzer\ICSharpCode.SharpZipLib.dll0%ReversingLabs
C:\Program Files\iba\ibaAnalyzer\OverlayWindow.dll0%ReversingLabs
C:\Program Files\iba\ibaAnalyzer\Plugins\View.GeoView.dll0%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
0.2.ibaAnalyzerSetup_x64_v7.3.6.exe.411c52.1.unpack100%AviraTR/Patched.Ren.GenDownload File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.darb.ae/ArcGIS/rest/services/BaseMaps/Q2_2011_NAVTQ_Eng_V5/MapServer/tile/0%Avira URL Cloudsafe
http://www.iba-ag.com.0%VirustotalBrowse
http://www.iba-ag.com.0%Avira URL Cloudsafe
http://www.opencyclemap.org/whttp://0%Avira URL Cloudsafe
http://tiles.ump.waw.pl/ump_tiles/0%Avira URL Cloudsafe
http://www.topografix.com/GPX/1/10%Avira URL Cloudsafe
http://www.4umaps.eu/map.htmu0%Avira URL Cloudsafe
https://api.maptiler.com/maps/0%Avira URL Cloudsafe
http://4umaps.eu/0%Avira URL Cloudsafe
http://www.ikarte.lv/default.aspx?lang=en0%Avira URL Cloudsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://analyzer-doc.iba-ag.com/%TEMP%0%Avira URL Cloudsafe
http://ump.waw.pl/0%Avira URL Cloudsafe
https://www.maptiler.com/#providersComboBox0%Avira URL Cloudsafe
http://mapbender.wheregroup.com/cgi-bin/mapserv?map=/data/umn/osm/osm_basic.map&VERSION=1.1.1&REQUES0%Avira URL Cloudsafe
http://www.topografix.com/GPX/1/1T0%Avira URL Cloudsafe
https://api.maptiler.com/maps/tiles/Basic?key=_Software0%Avira URL Cloudsafe
http://routes.cloudmade.com/0%Avira URL Cloudsafe
http://www.topografix.com/GPX/1/1D0%Avira URL Cloudsafe
http://ecn.t0%Avira URL Cloudsafe
http://www.dnguard.net/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://dc5.maps.lt/cache/mapslt_relief_vector/map/_alllayers/LibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
    		high
    http://server.arcgisonline.com/ArcGIS/rest/services/ESRI_ShadedRelief_World_2D/MapServer/tile/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
      		high
      http://www.darb.ae/ArcGIS/rest/services/BaseMaps/Q2_2011_NAVTQ_Eng_V5/MapServer/tile/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://www.linkedin.com/company/iba-italia-srl/support.htm.0.drfalse
        		high
        http://www.maps.lt/map/KibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
          		high
          https://www.xing.com/companies/ibaag-messtechnik-undautomatisierungssystemesupport.htm.0.drfalse
            		high
            http://greatmaps.codeplex.comibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
              		high
              https://twitter.com/ibaagcomsupport.htm.0.drfalse
                		high
                https://www.linkedin.com/company/iba-ag/support.htm.0.drfalse
                  		high
                  http://server.arcgisonline.com/ArcGIS/rest/services/ESRI_StreetMap_World_2D/MapServer/tile/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                    		high
                    http://server.arcgisonline.com/ArcGIS/rest/services/ESRI_Imagery_World_2D/MapServer/tile/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                      		high
                      http://www.iba-ag.com.ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000003.498976131.00000000006F6000.00000004.00000020.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://system.data.sqlite.org/XibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://dev.virtualearth.net/REST/v1/Locations?ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                          		high
                          http://www.opencyclemap.org/whttp://ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://server.arcgisonline.com/ArcGIS/rest/services/World_Shaded_Relief/MapServer/tile/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                            		high
                            http://sourceforge.net/projects/nspring).regsvr32.exe, 0000000F.00000002.665662339.000000001B422000.00000002.00000010.01000000.00000010.sdmp, regsvr32.exe, 00000016.00000002.719288765.00000000025D2000.00000002.00000001.01000000.00000010.sdmpfalse
                              		high
                              http://tiles.ump.waw.pl/ump_tiles/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://kso.etjanster.lantmateriet.se/?lang=en#ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                		high
                                http://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=0&fmt=1&type=ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                  		high
                                  https://www.linkedin.com/company/begner-agenturer-ab/support.htm.0.drfalse
                                    		high
                                    http://wego.here.com/wibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                      		high
                                      http://www.topografix.com/GPX/1/1ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crl.thawte.com/ThawteTimestampingCA.crl0DevExpress.Sparkline.v16.1.Core.dll.0.drfalse
                                        		high
                                        http://dc5.maps.lt/cache/mapslt/map/_alllayers/LibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                          		high
                                          http://where.yahooapis.com/geocode?q=GMap.NET.Core.dll.0.drfalse
                                            		high
                                            http://www.4umaps.eu/map.htmuibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://mapserver.mapy.cz/turist-m/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                              		high
                                              http://sigpac.mapa.es/kmlserver/raster/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                		high
                                                https://api.maptiler.com/maps/View.GeoView.dll.0.drfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://kso.etjanster.lantmateriet.se/karta/topowebb/v1.1/wmts?SERVICE=WMTS&REQUEST=GetTile&VERSION=GMap.NET.Core.dll.0.drfalse
                                                  		high
                                                  http://dc5.maps.lt/cache/mapslt_ortofoto/map/_alllayers/LibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                    		high
                                                    http://dc5.maps.lt/cache/mapslt_ortofoto_overlay/map/_alllayers/LibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                      		high
                                                      http://server.arcgisonline.com/ArcGIS/rest/services/World_Topo_Map/MapServer/tile/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                        		high
                                                        http://sourceforge.net/projects/nspring)regsvr32.exe, 0000000F.00000002.665662339.000000001B422000.00000002.00000010.01000000.00000010.sdmp, regsvr32.exe, 00000016.00000002.719288765.00000000025D2000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          		high
                                                          https://nominatim.openstreetmap.org/search?street=ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                            		high
                                                            http://ajax.aspnetcdn.com/ajax/jquery/jquery-1.9.1.min.jsibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://nominatim.openstreetmap.org/reverse?format=xml&lat=ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                		high
                                                                http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.cssibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://where.yahooapis.com/geocode?country=ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                    		high
                                                                    http://server.arcgisonline.com/ArcGIS/rest/services/World_Terrain_Base/MapServer/tile/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                      		high
                                                                      http://wikimapia.org/SibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                        		high
                                                                        http://server.arcgisonline.com/ArcGIS/rest/services/World_Street_Map/MapServer/tile/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                          		high
                                                                          https://www.linkedin.com/company/adegis/support.htm.0.drfalse
                                                                            		high
                                                                            http://4umaps.eu/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.ikarte.lv/default.aspx?lang=enibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://ocsp.thawte.com0DevExpress.Sparkline.v16.1.Core.dll.0.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://openseamap.org/ghttp://tiles.openseamap.org/seamark/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                              		high
                                                                              http://analyzer-doc.iba-ag.com/%TEMP%ibaAnalyzer.exe.0.drfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://dev.virtualearth.net/REST/V1/Routes/GMap.NET.Core.dll.0.drfalse
                                                                                		high
                                                                                http://ump.waw.pl/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://nsis.sf.net/NSIS_ErrorErroribaAnalyzerSetup_x64_v7.3.6.exefalse
                                                                                  		high
                                                                                  https://www.linkedin.com/company/ibabeneluxbvba/support.htm.0.drfalse
                                                                                    		high
                                                                                    https://www.sqlite.org/copyright.html2ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://dc1.maps.lt/cache/mapslt_25d_vkkp/map/_alllayers/LibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                        		high
                                                                                        https://www.maptiler.com/#providersComboBoxView.GeoView.dll.0.drfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://ajax.aspnetcdn.com/ajax/jquery.mobile/1.3.2/jquery.mobile-1.3.2.min.cssibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://dev.virtualearth.net/REST/V1/Imagery/Metadata/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                            		high
                                                                                            http://services.maps.lt/mapsk_services/rest/services/ikartelv/MapServer/tile/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                              		high
                                                                                              http://dc1.maps.lt/cache/mapslt_ortofoto_2010/map/_alllayers/LibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                                		high
                                                                                                https://nominatim.openstreetmap.org/search?q=ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                                  		high
                                                                                                  http://server.arcgisonline.com/ArcGIS/rest/services/World_Physical_Map/MapServer/tile/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                                    		high
                                                                                                    http://www.yournavigation.org/api/1.0/gosmore.php?format=kml&flat=ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                                      		high
                                                                                                      http://nsis.sf.net/NSIS_ErroribaAnalyzerSetup_x64_v7.3.6.exefalse
                                                                                                        		high
                                                                                                        http://www.mapy.cz/I6A1AF99A-84C6-4EF6-91A5-77B9D03257C2ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                                          		high
                                                                                                          http://mapbender.wheregroup.com/cgi-bin/mapserv?map=/data/umn/osm/osm_basic.map&VERSION=1.1.1&REQUESibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://www.thawte.com/cps0/DevExpress.Sparkline.v16.1.Core.dll.0.drfalse
                                                                                                            		high
                                                                                                            http://www.topografix.com/GPX/1/1TibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://maps.yahoo.com/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                                              		high
                                                                                                              https://www.thawte.com/repository0WDevExpress.Sparkline.v16.1.Core.dll.0.drfalse
                                                                                                                		high
                                                                                                                http://earth.google.com/kml/2.0ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                                                  		high
                                                                                                                  http://code.jquery.com/jquery-1.9.1.min.jsibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://api.maptiler.com/maps/tiles/Basic?key=_SoftwareView.GeoView.dll.0.drfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://greatmaps.codeplex.com/discussions/252531ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                                                      		high
                                                                                                                      http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.jsibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://routes.cloudmade.com/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://www.topografix.com/GPX/1/1DibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://system.data.sqlite.org/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://ajax.aspnetcdn.com/ajax/jquery.mobile/1.3.2/jquery.mobile-1.3.2.min.jsibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://ecn.tGMap.NET.Core.dll.0.drfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://www.dnguard.net/regsvr32.exe, 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmp, ibaRunTime64.dll.0.drfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://www.nearmap.com/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                                                              		high
                                                                                                                              http://server.arcgisonline.com/ArcGIS/rest/services/NGS_Topo_US_2D/MapServer/tile/ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.drfalse
                                                                                                                                		high

                                                                                                                                World Map of Contacted IPs

                                                                                                                                No contacted IP infos

                                                                                                                                General Information

                                                                                                                                Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                Analysis ID:632527
                                                                                                                                Start date and time: 23/05/202218:41:072022-05-23 18:41:07 +02:00
                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                Overall analysis duration:0h 12m 14s
                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                Report type:full
                                                                                                                                Sample file name:ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                Number of analysed new started processes analysed:23
                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                Number of existing processes analysed:0
                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                Number of injected processes analysed:0
                                                                                                                                Technologies:
                                                                                                                                • HCA enabled
                                                                                                                                • EGA enabled
                                                                                                                                • HDC enabled
                                                                                                                                • AMSI enabled
                                                                                                                                Analysis Mode:default
                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                Detection:SUS
                                                                                                                                Classification:sus24.evad.winEXE@9/99@0/0
                                                                                                                                EGA Information:
                                                                                                                                • Successful, ratio: 66.7%
                                                                                                                                HDC Information:
                                                                                                                                • Successful, ratio: 6.6% (good quality ratio 6.2%)
                                                                                                                                • Quality average: 71.1%
                                                                                                                                • Quality standard deviation: 29.9%
                                                                                                                                HCA Information:
                                                                                                                                • Successful, ratio: 95%
                                                                                                                                • Number of executed functions: 119
                                                                                                                                • Number of non-executed functions: 252
                                                                                                                                Cookbook Comments:
                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                • Adjust boot time
                                                                                                                                • Enable AMSI

                                                                                                                                Warnings

                                                                                                                                • Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                                                                                • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                                                                • Execution Graph export aborted for target regsvr32.exe, PID 6048 because there are no executed function
                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.

                                                                                                                                Simulations

                                                                                                                                Behavior and APIs

                                                                                                                                No simulations

                                                                                                                                Joe Sandbox View / Context

                                                                                                                                IPs

                                                                                                                                No context

                                                                                                                                Domains

                                                                                                                                No context

                                                                                                                                ASNs

                                                                                                                                No context

                                                                                                                                JA3 Fingerprints

                                                                                                                                No context

                                                                                                                                Dropped Files

                                                                                                                                No context

                                                                                                                                Created / dropped Files

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\DevExpress.Data.v16.1.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):5392112
                                                                                                                                Entropy (8bit):6.386730970129271
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:49152:7606CzFcJD5WL1S1dFw9jO6XXls/+wNAY2lQgS1Fh8DGQn4larvhBHQ:7aXWL1S1dFAjO6XVsW2yw
                                                                                                                                MD5:46D4548EE2FFE0211B4200E08B2BF9A9
                                                                                                                                SHA1:AC232FF3F1B0CCDAE4274788FFD7FF7D077B1761
                                                                                                                                SHA-256:626D27108093E90ECB3FE3B0909C11008843D379528182360E33FAB823BF9AE6
                                                                                                                                SHA-512:957C84FA82219A3907450F130440E5EAAECB74DBE8E28FEADD7664A9BBA421587B21FAFB3390B0B1A86B0A322F9C26FCB8F1A37ACE2EFDC60B1C3B9AB842084F
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Reputation:low
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...El.Y...........!.....&R.........>ER.. ...`R...... ........................R...........@..................................DR.K....`R.X............0R.......R......CR.............................................. ............... ..H............text...D%R.. ...&R................. ..`.rsrc...X....`R......(R.............@..@.reloc........R.......R.............@..B................ ER.....H.........2.0............L...S!.P ......................................[..S.O...QK....3.i]..........Q6.B..Lc.:w....Mj.+D%.._.Y.i....'T..J..b...M.%.T._.F.d...&.!..Q.....YN".....h.zw.=.......<..(....*.s....z..*..(....*..*..s....}.....s....}.....(......}......}......}.......}....*.0..~..........{....(......o`T..-..*.-).{....,!.{.....o`T..{....(.L....,..o.L....- ...oaT....o......,...o`T..otH....-...o`T..{....(......*...0.............(....,..{.....{.....{.....o....o....*

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\DevExpress.Printing.v16.1.Core.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):3965680
                                                                                                                                Entropy (8bit):6.561634542986759
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:49152:3M1tY2g/rmwOhp/tPmmcL8gxeIvpLwkS+ve+hxnReam+o7Hn6ajZZ6n3ZCmte38a:k56KNn5DXgxHpLWoda
                                                                                                                                MD5:37A3628DBF140B7B969DD1A81CFEB3FB
                                                                                                                                SHA1:7FE4EE7606C52D394310A337AB17DC820D76CF11
                                                                                                                                SHA-256:42D84E16224805000DC2FD104023049AF1B07D36F5A02468F3F00FD236687CE7
                                                                                                                                SHA-512:5B4A453690F7E489F38DD376C94D8B811AAB20A4FDBA09EC6C74C588DEE00A3F8C81E2B04AE76C9E767785300FD3FE08B318270ABDC131A82E1A1AF1D95F636B
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Reputation:low
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...bl.Y...........!.....b<...........<.. ....<...... ........................<...........@.................................T.<.W.....<..............l<.......<.......<.............................................. ............... ..H............text....`<.. ...b<................. ..`.rsrc.........<......d<.............@..@.reloc........<......j<.............@..B..................<.....H...........p..................P .........................................=...5lj?...x$7.?...,I*u*.s..[.za$...J...?]Zp...h'.7..$..@<.....M....>z...U...9`..%l.C..[.9...}Kg.J..,V4U..._.u)..0..-........,..o....,..o....o.....o.4..*.(.4.....o.....*..{....*2.{....tr...*.*"..(.F..*"..}....*.*.0..3........(....o7...,..o....*.o.......o.....o........o.....*..........*........(....*2.(....us...*j.(....-.~....*.(....ok...*Z.(....-..*.(....oj...*..u[...,...t[...o.=...o....*.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\DevExpress.Sparkline.v16.1.Core.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):78576
                                                                                                                                Entropy (8bit):5.909591561044907
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:fDTT9ELYGGHN+3qkKCGvOw1e10WcJ/3Z81yDKqlSGcczraGu:T9E++3qkA17J/3ZllSGlnaGu
                                                                                                                                MD5:AAAC55F125CB3B0BE4ED9A11C2E9FE82
                                                                                                                                SHA1:D4FDA25F10BF63FA52C9FEA50B115A430AD815D9
                                                                                                                                SHA-256:99FA3C085BD6F04CE2C62A8F398AD37B41DEC4FAA38A44E4C5469E26C735B789
                                                                                                                                SHA-512:6D385343625546BF21AA36E883AB667C18694982611AB07FA81F41BB8247DB7207E1EA53C18F129B8234F7CE661A3BBB51C43478090EF1103DC9080F0881750D
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Vl.Y...........!.................0... ...@....... ....................................@..................................0..S....@.......................`......p/............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......L...$............h...#..P ......................................E.76...0..+...#OW.}+.y.e...-1.O. ...Y._b#.....x,....*9...,.z._...s.3.z..Go.J...;..6.)...&R..........J{.2.....c#1.)q.T...,...o?...*2.-..*.o>...*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*J.{.....{....(....*J.{.....{....(....*..{....*~.{.........}.....{....-..(....*..{....*~.{.........}.....{....-..(....*..{....*^.{.........}....

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\DevExpress.Utils.v16.1.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):8797936
                                                                                                                                Entropy (8bit):7.299508908918551
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:98304:W4UGwaQCKWAOfraPaQVndlvlup3OklnBzHF8CZlbV4wx2oE1oT:W4UGwatKWAOfraPzktOklgqlbe7ox
                                                                                                                                MD5:427E2B1B94675CAA74F79CFDFC651F5C
                                                                                                                                SHA1:3F013FB0AB5F157632638AEA2B4DDEDA2E59FCF6
                                                                                                                                SHA-256:B993E395F4F7FAD50956FCC421DF789DA0EF6E27B328016F097D43920C07C8C4
                                                                                                                                SHA-512:F48E5BFE7A4F40BC6DA8AA2867C1BD11A684DD53693FA95DCD4556676B6FAD92E79B29626F5E5646E45620F34B67DEFEF718C6D6701593321A58ADCE40BA845C
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ml.Y...........!.................=... ...@....... ....................................@..................................=..W....@..h............(.......`......L<............................................... ............... ..H............text........ ...................... ..`.rsrc...h....@....... ..............@..@.reloc.......`.......&..............@..B.................=......H.......4.i..0...............WY.P .......................................e+,~..\.aA...1C.j.Z<.fv .Z7{. N..x..V..-......i3.q'.b...*..l..9z.K.....s...o..... ...-.-.v=...zo}w.2..I.../s._.?....!.:0....0.....................(....*...}.....(.......}......}......}......}......}....*.0...........................(....*..0........................(....*...}.....(......}......}......}....*......(....*..{....*..{....*R.{....,..{......*.j*..{....*>..}......}....*..{....*..{....*n.{....

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraEditors.v16.1.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4979440
                                                                                                                                Entropy (8bit):6.314747424393378
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:49152:UejIKdwMWBEVglDkU7YtHqkSYVK/bV0+b5rJ0F8kkzVRjFqM:5KEVglAOY8kpVGVnbrIm
                                                                                                                                MD5:D4F26960AEED922F431858F630B30084
                                                                                                                                SHA1:D0E747E4BCA2E58C70E04224766F29C1006CA819
                                                                                                                                SHA-256:A9362C3ACC4A27ECA26CA9D0E54D3A4F075B3B3F08DCBE77AEA5A68E435DAB7E
                                                                                                                                SHA-512:4187D1D0BED40B9EA7B8475CE20B7A3C979A990E5D81E9AD3A2651C5D22C87419740017C268BBAE903FCFBC5D5AE1AD80E3ECEC746B5580FC0BC3766F12CB320
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|l.Y...........!......K...........K.. ....L...... .......................@L...........@...................................K.S.....L...............K...... L.....p.K.............................................. ............... ..H............text.....K.. ....K................. ..`.rsrc.........L.......K.............@..@.reloc....... L.......K.............@..B..................K.....H.......d.&..I%.........x.......P .........................................the...2.....9.VY'.F.F..=.\.=..#.C[...VK.U`v`....o...A..u9*....E...X.H.a.E...r...y..g:?G..T`...g|...S....S.{.Z...g...Q.3..."..(....*n.(.....u....,...t....}....*J.(.....o....u....*:.(......o....*..0..F........(.....+..o....t......o3....(....,......o....-....u......,..o......*.*..........*1.......0...........u......-.s......(.....o....*....0..@........(.....+..o....t......u....,......o....-....u......,

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraGrid.v16.1.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):3017456
                                                                                                                                Entropy (8bit):6.129027003423717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:Kf3zffyXWmkr8HeKAjJPb4VKuTBSdDtUrbxWO+eFFG5DM/tFyjIyRZPx8m:KTfymceRJPTu7RFFFG5DM/Lyj9
                                                                                                                                MD5:225CC9B28CE29257910ADAECD48E22BE
                                                                                                                                SHA1:2CC718F024009000997CCBBF708DF63CDB266433
                                                                                                                                SHA-256:0FCF7E006F0444A0660A49DD1F9CE1839852C5766F84ECD0C7F866522215DF5B
                                                                                                                                SHA-512:1FA39678C01FBAF320480DA4ACFFF1F23208F01538FFF031FE68A91801740DF18F683124B8FAC3F6136D1B6A3B1EE1C659307C41F06CB459615DED70998080A4
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....l.Y...........!......-.........^.... ... ....... .......................`............@.....................................W.... ................-......@....................................................... ............... ..H............text...d.-.. ....-................. ..`.rsrc........ ........-.............@..@.reloc.......@........-.............@..B................@.......H...........................<4..P ......................................._..T.{........;.L..[...3g...I.:.. -J..|s._.~..i...=.B.F.<....J.WK..L...rgN...)..\k..W...z.0...@.s.d_...Ty....~.z.a9...(......}......}.....~....}......}....*..o.....o....3".(.....o....(....,..(.....o......*.*..{....*"..}....*..{....*"..}....*..{....*..{....*"..}....*"..}....*:.(......}....*...0..&........u.......(......,..-..*.o.....o......*..{....*"..}....*:.(......}....*...0..&........u......

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraPrinting.v16.1.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):962800
                                                                                                                                Entropy (8bit):6.34004464341254
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:HPlWUIMh5ejOJzduk9JvZ7t2/n1ahHUUrgR3tgeYgJXN5HfdXQ3TI6O92N4CJObs:vnh5+Ov79JvK8jWtgls5HiT2gx3akc+L
                                                                                                                                MD5:BECAAA1444E3F6233DCBD211CDA587C0
                                                                                                                                SHA1:1676036BC05DFE314A55DF2A0FE9E967784E956A
                                                                                                                                SHA-256:0E02A2C63F7A6C004C8751D77FEBB1E12D3E38E5EA002F94D05DCE5790FC041A
                                                                                                                                SHA-512:B7350E1F1795CF78A3AEC96A585176989F6C96F9381EDABBDAFDDFAAE42D5E45E73280C020128FC082B4CDEA64D1762DD7DEBB9B80566815F993E9EC5E661836
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....l.Y...........!................~.... ........... ....................................@.................................,...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................`.......H........=..,o..........`P..h...P ......................................W'tA.cXZ.k.C.c.....I.w.......K_.q..S...lj.L/F.~K.i.....h.?...ARx3......!....78.~_R.D..HC.P.....l..*...p-...].G.~..._!E;..(9...*..(....*.*..{....*"..}....*..{....*r..(....-.r...ps;...z..}....*..(<...*2......(=...*^.,..u....-..u.......*.*..{....,..{.....2..{.....{....(>...2..*.{.....{....(?...*...0..)........{.........(A...to.....|......(...+...3.*....0..)........{.........(C...to.....|......(...+.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\DotNetMagic2005.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1114112
                                                                                                                                Entropy (8bit):6.106701577278103
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:tsw6jJGXuM75U8B3QtBcPdOjoRGczhSYMg3kmaJa5B:CwcdM75U8B3QtBcPdOjoRGczhSYMg3ki
                                                                                                                                MD5:6A867594FE5479862AC2AC378D6EB0E1
                                                                                                                                SHA1:6E0B30E1C934CD011BB965130DE5D6CF1B37F68D
                                                                                                                                SHA-256:EAA684BEE01914AD7022567AB154222035495EEE1FC56A25F150C41B64BD2409
                                                                                                                                SHA-512:7D5E80E965188755FD70E3F13D7CFA1B2CE102A754A640C19DD2285EB8746BE390DEF31280B0A2E2EFF5FD1D6770487FA9FBA1D92FD6D8F05BBDB7D22C61E16B
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....#`.........." ..0......`........... ........... .......................@............@....................................O........J................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc....J.......P..................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\GMap.NET.Core.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):293888
                                                                                                                                Entropy (8bit):5.880567896926908
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:LGCf+YJvBTdp6L4Jqr6kp0r2JckgfcNUO7PXw:Z+YpTdpXqDdxb
                                                                                                                                MD5:3397F55F2256BFB012EB4F7860E86650
                                                                                                                                SHA1:3D37F5CDA00591612CC83A4488C4C9FEC390EB5D
                                                                                                                                SHA-256:5FD39F686D700C9959C499AA536B1538CE2EAA0D81D349C65F2E71495D1C6098
                                                                                                                                SHA-512:0D1F7E55199043045A2362ADB80CA44D9556DACBF0DCB73829E07F5E6FFDF77E5BA2A2D4F9FD547A342FC178716757887F11CFE5DE0182DD9308A12448F3B5AB
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..p..........:.... ........... ...............................5....@....................................O.......h..............................T............................................ ............... ..H............text....n... ...p.................. ..`.rsrc...h............r..............@..@.reloc...............z..............@..B........................H...........L..................t........................................0..\....... ....((........ ................+/....+..._,. .....da.+...d...X...2.~.........X..~.....i2.*v...s)....(....%.}....%.}....*ns....%.}....%.}....%.}....*v.......+..s)....(....%.}....*.0..;........o*...-.....r...ps+...zs.......}......}.....o....,..*s,...z..0..5........{.....3.r'..ps+...z...s).........(-.....(.....o....*....0...........{.....3.r'..ps+...z.{....o/...,..{.....{....o/....Yo0..........

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\GMap.NET.WindowsForms.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):155136
                                                                                                                                Entropy (8bit):6.923246431474686
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3072:Zkf6d53aMCZbfAFYbjluOWcLvVIEYaQ9SDBRGlDUqL63budi94kD:VOb4QIArGloqL63q
                                                                                                                                MD5:89ADD49BA2C99BA0CF246943974B93D8
                                                                                                                                SHA1:88E7C7827146D13E8D3DE831D34FCCC83A5E7911
                                                                                                                                SHA-256:2015A76F954C1137D1ED6493ECA5C06F4D7DA487AFC809403D48F7E087DC37E8
                                                                                                                                SHA-512:374AC5FC16B4A37BBBC90E52916069791EF329CA16347A6A519CC051860F9944152CF9526831FF574DBC6736D1227D1F556E47B84BFD70CC9B420CF175192DAF
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v............" ..0..R..........6q... ........... ....................................@..................................p..O....................................o..T............................................ ............... ..H............text....Q... ...R.................. ..`.rsrc................T..............@..@.reloc...............\..............@..B.................q......H.......................@n.. ...`o.......................................0...........s....}......}......s....}.....s....}.....(.....(....(....%{...........s....(....t....}....(....%{...........s ...(....t....}....(....%{!..........s"...(....t....}!....{.....o#....{.....o$....{...........s%...o&....{...........s'...o(....{...........s)...o*...*....0..*........(+...-!.{....o,...&.......s-......(....&*...0..*........(+...-!.{....o/...&.......s-......(....&*...0..2.......s.......

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ICSharpCode.SharpZipLib.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):5.926131598180448
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3072:d8UMF1fOJCJa+kz7YsEc0oIjvUgAEThOvwhDXEDXUwheEDLKlHsDFchBCckidIjV:DMFlfrqB0ocAEThOEDXEDXUwheEDLKld
                                                                                                                                MD5:C3991E3FE72665A29297FDBF8121E336
                                                                                                                                SHA1:4F507A57BAFFB37AC71A98CFF257907309CCF73E
                                                                                                                                SHA-256:828BA5AAA720F43FA02AFE60D50F7DE1F6117CB2F83BDDA63E183DD00CD3B454
                                                                                                                                SHA-512:1792DB805D9C9524C974D53320DDF75788603232F01842038F305F4EAD817C9147E88E9BF526968C69E1F28E9DB2C2C241456DB09ABA3C10FED2FF86D5B0BE18
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.E..........." ..0.................. ... ....... .......................`......#M....`.....................................O.... ..t....................@..........T............................................ ............... ..H............text........ ...................... ..`.rsrc...t.... ......................@..@.reloc.......@......................@..B........................H..........hz..................<.........................................(....*"..(....*&...( ...*2.r...p(....*"..(....*&...(....*2.rE..p(....*"..(....*&...(....*2.r...p(....*"..(....*&...(....*J..r...p(!...(....*v....(".....(".....("...(....*....E...%...%.r...p.%...%.r...p.%....%.r+..p.%...(#...(....*..(....*&...(....*...0..)........{.........($...t......|......(...+...3.*....0..)........{.........(&...t......|......(...+...3.*....0..%..........{......,...s........o.....o..

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\License_Agreement_ibaAnalyzer.pdf

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PDF document, version 1.7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):87287
                                                                                                                                Entropy (8bit):7.8926391328230885
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:nfpOYf1Pe7wZ5td3E29HkBM9/DHcWn8WdrJb3ZgtcnrKi0Eya+9wQJEiiz4wTluO:fpOiMu01Bsb8MbLJrUJEiizTJl
                                                                                                                                MD5:A0CEA3A9C3CFE17037F135930A601DA5
                                                                                                                                SHA1:C6A9C4D0F2F9D28140110BD70E04255F4AC0C99E
                                                                                                                                SHA-256:AE35683A6B9D208A2A36FB5C420777CB1D4B5387012646545E00FEE0B97879FE
                                                                                                                                SHA-512:C08D341DEE1D000917CE013336941043CBA125DAC4F4A201F87CE50B788F1BA8BE69F1C661661A2711BC09374A1C8CE5F05EBE16D629F1F697D3E80B81B11F66
                                                                                                                                Malicious:false
                                                                                                                                Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(de-DE) /StructTreeRoot 22 0 R/MarkInfo<</Marked true>>/Metadata 95 0 R/ViewerPreferences 96 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 4/Kids[ 3 0 R 14 0 R 16 0 R 18 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 3368>>..stream..x..[mo.J...).a>.U.z..R...Hs....u..~p....Jm.6.G./.<g<.c|..J.l.g.?...0^.+qu..S..VX....0....u}-nn{....eZ.....O.A..It~..obu~v39?.0.BJ.r.d~~&i.%..l.].X.................?...c....[.1...%................q~.5.~~..lN.......=.[ip...~.3..:.o.K.HD.B.].X..#\...../..0eA7q.2........h...m#...Ldt..........`8.|..7...$...s.g.^.y{l..O=!.Z'O.u>..l...^.....$~m...L...<%YxFH.g.$.\.X..J%.,.q.(%fG..R.hf6.R.M..Pp.K.S...mWv.4..

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\OverlayWindow.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):80384
                                                                                                                                Entropy (8bit):5.992824785073126
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:3z+3ShmGPCaAabPVPPPPPPP8Ciu2grhIiWpzzHuxR+G:3z+3wLC9abQiWpHHuxR7
                                                                                                                                MD5:251DFC7357EAE23C3D859426D3F5EA17
                                                                                                                                SHA1:32E283E06D925D88A1B5E3AF09F7D31EA4B582C8
                                                                                                                                SHA-256:0399FD9C706F2DEC9D1C0A60C30961923751195270913F815115A61484D84F00
                                                                                                                                SHA-512:7626925CDFE137A229274B354DA3BEBE4D9016A49CC4BFA820D949642CA377EBACAE0B98E464813877E26197FFCAD2304EFF81A363E376BF0F2D2265056D6AF2
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C..."..".."..Z}."...J.."..p}."...J.."...J.."...J.."...D.."..".."...K.."...K..".."y."...K.."..Rich."..................PE..d......`.........." .....@...........H....................................................`..................................................9.......p.......`.......................c..T............................c...............`..(............b..H............text...s9.......:.................. ..`.nep.........P.......>.............. ..`.rdata.......`.......D..............@..@.data........P.......&..............@....pdata.......`.......,..............@..@.rsrc........p......................@..@.reloc...............8..............@..B................................................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\Plugins\View.GeoView.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:modified
                                                                                                                                Size (bytes):139776
                                                                                                                                Entropy (8bit):5.857230726618
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3072:qICMXV2e1ljiYrQ4QWqcf/Hc5bVOcb9SH:NC648pYXS
                                                                                                                                MD5:7BCAC81A4929429C6B669B9B86CFC9CD
                                                                                                                                SHA1:79CAA23C70D05F19AD2F655B92FF6A8442253E98
                                                                                                                                SHA-256:5281A16869289A2C527831ED7B89E4BD4D23B7E0EC785A3C1B7532CA5B5AA684
                                                                                                                                SHA-512:9A5A268464ADD4BE2FF0A9F1561B20BFAFBB3BD01E8C773F8A3F5170B2A7603165A5F7D29D5752A1B68EA9BD388A9368736D139157E96F442FC88E0110451E26
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............7... ...@....... ....................................`..................................7..O....@.......................`......|6..8............................................ ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B................b7......H.......................@...............................................0..g........(...."...As....}.....s....}......}......}......}......}.....(.... ....(.....(......}.....{....o.....{....o.....{.....o.....{.....o.....{.....o.....{......o.....{....#.......@o.....{.... ....} ....{....o!....{.....}"....{.....}#....{.....o$....{.....}%....{....~&...o'....r...ps(...}.....{....{)....{....o*.....j}......j}......o+....{....(,...o-.... . ...(.....{...........s/...o0....{...........

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaAnalyzerViewHostGraphManager.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):37376
                                                                                                                                Entropy (8bit):5.854743156462957
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:Glalc7JPLn+JnLTsqhr1NrUJ7YuStTUhlS:GwJnLgURN8Otwu
                                                                                                                                MD5:EB412C01E4B89E6619B12BD8FA33206D
                                                                                                                                SHA1:3966423594468CC372FB1C77795BC50923A0731B
                                                                                                                                SHA-256:DFB8E17724D3C326B710EED367EE614BB011E1AE33EFE5BA9F8C0AEB358921EA
                                                                                                                                SHA-512:FA040BC44313A68F55B20EFE75D390EC3FA5FB1A4BB04E7B88268C6D44BC1F986457D84237F69F791851128EBEE4BA0E7AB006ACBC69CAF63835E261B144E470
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................................`.................................:...O.......P...........................h...8............................................ ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B................n.......H........;...:..........Xv.../.............................................j.js....}......j}..........(......(......o....*.r...p*....0../........(.....(....u......,...o9....(......{....(....*..0..+.......s....&.s+.....(.......(....-...(....o9....*.~....*b..d3..s+...*......(....*Z.{....,..{....*.{....*6..(....(....*.0..p..........{ ...o!....+E..("...o#...o$....+...(%......o&....o'...XX...((...-...........o)......(*...-...........o).....*......".%G..........R`.......*r..}.....(

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaFFT.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1936896
                                                                                                                                Entropy (8bit):5.956495632744587
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:88jY4VgZNLCuiWpTFdADqHM9LT5KN+PhaiOcw99:8acbpxu2H
                                                                                                                                MD5:9F17A45BB8D2971ED0002F4967F8ADA9
                                                                                                                                SHA1:B8A99FB7BBB8536FD9C7607E06C176A51AEC5D58
                                                                                                                                SHA-256:64D510E9B295EA5141278840862F3582595DF845068698B1ECB14B5252C4B899
                                                                                                                                SHA-512:0871CB18C8A0BEBE6466BFD2CC93F3055C48CDA0657313C03F52C6DCFDBC25C8E6D91022717BACAD5AA7AF21D5519CD2444B9EECE6BF3F2EB8800004139432AD
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N\a.........." ..0.................. ........... ....................................`.....................................O...................................t................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......(....~..........................................................z..}......j/...j}....*..j}....*>..}......}....*f..{....}......{....}....*..{.....j..*....0..A...................3..*......,.......-..*.{.....{....3..{.....{......*.*...(.......*....0..3........,..u....-..*........{.....{....3..{.....{......*.*b.|....(.....|....(....a*..{.....{.......{.....{......*.{.....{......*..{.....{.......{.....{......*.{.....{......*...|....%L.{....XU..|....%L.{....XU.{.....{....4..

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaGraphManager.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1202688
                                                                                                                                Entropy (8bit):5.908967575659683
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:Gcz2YTNtSeCv2RFby9JMCEVhZwQ2XhtnWTqtx+3Mv8gDx:GczlNtSF2RF3CEzZw1hwTqtxx
                                                                                                                                MD5:FFCF3BB31A122AF791B3559832F2D7D6
                                                                                                                                SHA1:E5074F0041E85EEAE581AE23F197331E755ECE9B
                                                                                                                                SHA-256:79C0EB5FA7E97ED7FA7D55926C4CC8EAD6CC254D1110EF6B399AD480BEB275C1
                                                                                                                                SHA-512:7089B37C7B0313506588B3BB4A2CB289CF0011B75A734BC33494213947C07E80ADEF7BFDB11198BF66C9DFAD13F9A57BCD5B4D62E1F6AA38F60640BD38EFA2B7
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M)\a.........." ..0..P...........o... ........... ....................................`..................................o..O.......`...........................Xn............................................... ............... ..H............text....O... ...P.................. ..`.rsrc...`............R..............@..@.reloc...............X..............@..B.................o......H.......x...._...............S............................................(:...*. ....(:...*..(:...*"..(:...*..(;...*....0..@...................~....}.......}....(<......(....,..{.......Y.. ....[*.0..i........(;.....(M...,.r...ps=...z.o>...-.r...pr...ps>...z.o<.......s4...}g....o;.....{g...o;......}i.....}h.....8.........#.............+v......#.............+.............ZX.....X......2.............Y.......[%.........ZX....{h................._}h......X.....2........Y....{i....

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaOrbit.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):892928
                                                                                                                                Entropy (8bit):5.9179936359593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:7Bk7Rt5S+GZ7j/teU26F0U4tjoIMhtnTf80nXW5Fpg7:Vk40U4BoIMhVf8
                                                                                                                                MD5:7A0ACF0CB55F5E358FB8112FC196475C
                                                                                                                                SHA1:E33B6CE3D95BE4E022E1CE4A302552FC6B512A28
                                                                                                                                SHA-256:C06EC93345A20706C0044E27709A823E6191B329964492FFC5980382A5C280CB
                                                                                                                                SHA-512:57A97292730AD49C74939552BC417197C4FB40CA71A0E7C0ADA23D62EEEFB3EA0148D0DE063E6B3A6AA9FDDEC6BB0590BFEEE9EAA9B280F28D505566F1DB53DB
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N\a.........." ..0................. ........... ....................................`.....................................O...................................X................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......................0...(...........................................N..(.....s....}....*j.s....%{.......s....o....*..0..S........{....o.....{....o.......*..+%.{.....o.....{.....o....o....-..*..X...{....o....2..*..0...........(......}......o;...o.....s........s......o.....o.....o;...o.....o....o ....s!...}.....s"...}.....s"...}.....{.....o#....s$...}.....s%...}.....{.....s&...o'...*..{....*.0..\.......s".....{....o@.....{....o(....Y.+4..{.....o)...o....oQ...o....-...{.....

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\PowerCollections.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):182784
                                                                                                                                Entropy (8bit):5.883620315599388
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3072:k7ClE8AaUsjQmECRrUpoaFA3HmDweVMoeZ:busUmE6rUC9MwkMo
                                                                                                                                MD5:F20ACA91342A4DAD79E87695D2E90E0B
                                                                                                                                SHA1:C16E51B1B0114FB6607EF1FF5A1F9C069EAA01B8
                                                                                                                                SHA-256:E83483E3966F205B7AD539792C6A0002FB44CF7E1871978F32707C21FFFD5CAB
                                                                                                                                SHA-512:A4ACE490B57A7D320AF9D6E64ABD88E8551D72496B4AE9C1812BCD72C44D5805B899C775E0263705235FEC8DB90248657624863D02B84E8FFCA560AD52012E9A
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_.........." ..0.............~.... .........I. ....................... ............@.................................,...O.......h............................................................................ ............... ..H............text...D.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B................`.......H........p...m...........................................................0..^........-.r...psO...z..2...oP...0...oP...3..,.r...psO...z..2...oP...0...X.oP...1.r...psO...z...sQ...*...0..R........-.r#..psO...z..2....i0....i3..,.r...psO...z..2....i0...X..i1.r...psO...z...sR...*2.-..*.sS...*Z.-..*.oT...,..*.sU...*Z.-..*.oV...,..*.sW...*n.-..*.u6...,..t6...*.sX...*n.-..*.u/...,..t/...*.sY...*n.-..*.u9...,..t9...*.sZ...*n.-..*.u....,..t....*.s[...*n.-..*.u....,..t....*.s\...*V.-.r#.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\SQLite.Interop.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1688576
                                                                                                                                Entropy (8bit):6.536380500683419
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:9i6QnGucgDweNGkfb01HHk2AlZjiwy5Iyt6Wo+/BgJQGFIuHWMdx3eGD+l4V:9i6QGWPb0EhlZjitzlWJquHWGEl4
                                                                                                                                MD5:0EC8D85D10FF52827930B1CEC64A0933
                                                                                                                                SHA1:90C6D01AEFA10F5488411C84553ED44131372C58
                                                                                                                                SHA-256:7F214DFCCF659D8E4C0A08AA6772B2E540F20987AAB2B26B6BAAD2D201554BEC
                                                                                                                                SHA-512:650257CF683D030BFA6A8DA7065409B47E994AE86BA96934A1D977C51A48B2D80D8E1BC8A7979DEB089BA243CEF13F9E2707837F9803D691B51C14C07AFF3375
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.0O*.^.*.^.*.^..K..>.^..K....^..K....^.x.[.4.^.x.Z.$.^.x.].".^..(../.^.*._...^...V.+.^...^.+.^.....+.^...\.+.^.Rich*.^.........PE..d...S%.^.........." .....\...d...........................................................`......................................... )...1...[..<.......<.......................X...`...p...........................................p...............................text...pZ.......\.................. ..`.rdata.......p.......`..............@..@.data...@M...p...6...Z..............@....pdata..............................@..@.rsrc...<...........................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\SciLexer.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1528320
                                                                                                                                Entropy (8bit):6.439158645608687
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:nzb5jLexcYWfnyLqMQlJ7mIJR5/1yDnxPBjW+V4T5aIxXYKHQs73K6:hu/WfnekD7mIJRd1yrxPBaWMIiYKw
                                                                                                                                MD5:44EFAC6665A774744FDE243E2C961734
                                                                                                                                SHA1:850C4DFBA9C6E87CCE688BCF694A3054BF02D4A8
                                                                                                                                SHA-256:0FD202C22B3CB6D76435952E9DB460C6FD9FBB6B7E6FBEEC482CF5B7C6A0F5C1
                                                                                                                                SHA-512:A0BB432A772001F6A0A32060DFB46C7922620948446CD9F1E8C35918EBA621FA985C8ACD356BE07C32594123959DB955801B276C5349601D2E1B640FFDB21F8F
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........._.a...a...a.......a.......a.......a.......a.......a..W.J..a..W.O..a...a...`..+....a..+....a..+.{..a...a...a..+....a..Rich.a..........PE..d....W.^.........." .................u....................................................`.............................................X.......@....`..X.......d............p......pi..p....................j..(....i...............................................text............................... ..`.rdata...O.......P..................@..@.data... p...0...j..................@....pdata..d...........................@..@.rsrc...X....`.......0..............@..@.reloc.......p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\System.Data.SQLite.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):364544
                                                                                                                                Entropy (8bit):6.016735753684852
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:oVkOGvp0ezfbg1+w9MCdwqKOoPK3LE4bFNFaFeFOFwcGF6cmFWc0FWc8cIcKcUFb:3pJUBwq9FNFaFeFOFwcGF6cmFWc0FWcH
                                                                                                                                MD5:ECAB575DD9FAA510F9D7BB67C55E0213
                                                                                                                                SHA1:B9D5AF76D8DF1C4EE4CCBA33B2AFA8300952D923
                                                                                                                                SHA-256:19AD18AD0A128F690667C7239DBAF89629ABE43A6BB365BAC295B72A8CC26318
                                                                                                                                SHA-512:22BA1F1F9F92510DB76833BAAC3703D144D0B908539BAFC1BF8F9504EED3B5B82D3236D9A914B714E97753C9D7FCD39EC59D3DD090AD1E48371389E6619C1455
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......^...........!..................... ........... ..............................6S....@....................................S....... ............................................................................ ............... ..H............text...$.... ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B........................H......................0.......P .......................................Mf.6..>/..U.....6....B.W......X..a..l.5.{......1.6...w..n....0I...R&..l..s...kvM.....G......_.r.3..P..6...z2j..d.=D.Yy:.(......}....*..{....*:.(......}....*..{....*r.(......}......}......}....*..0..5........-..*~.....o.....X...s....~.......o......o .........*6..(....(....*"..(....*.0..T........~!...("...-..-.~#...*../....+...X....($...-..-.~#...*..s........(%...~.......o&...*Z.~....2..~.........

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\View.ibaEventTable.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):469504
                                                                                                                                Entropy (8bit):5.936700714458861
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:H4dybI6lgjv/att7Uiw3pVQOcpKmMYRhyLyn1rdL6kv0:Yd8tt7UNQOo3yL8LK
                                                                                                                                MD5:7D576FAFC24FC2BA670F5543CE9ED04E
                                                                                                                                SHA1:22A01FE984FA449F1007719643403AD56B82CB1E
                                                                                                                                SHA-256:3B53FBFF956DF1E92CBF1A874D5C70771F948E047D6670495DF142D20E7E04F8
                                                                                                                                SHA-512:AD8C96E84B844A2DDCEEA30B2F8D261B51472061207976761B6E677712CE4DCAAC87D3D047AB0DBA421D0C160CC47E4A03208870993429A912E6317217A56C59
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g)\a.........." ..0.."...........@... ...`....... ....................................`..................................?..O....`...............................>............................................... ............... ..H............text...4 ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............(..............@..B.................@......H............`...........................................................0...........(.....(......}......}......}.....:.....{.....o.....{#....o.....{ ....o.....{'....o.....{.....o.....{%....o.....9f......o....}.....{....o.....{....s....o.....{.....o.....{.... ....o ....{.....o!....{.....o"....{.....o#....{....o$....{.....o%....{....o&....o'....{...........s(...o)....{...........s(...o*...s+.....o,....{....o&...o-...........s....o/.... ,...o0....s1...}.....{...........s2...o3.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\View.ibaGraphManager.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1202688
                                                                                                                                Entropy (8bit):5.908967575659683
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:Gcz2YTNtSeCv2RFby9JMCEVhZwQ2XhtnWTqtx+3Mv8gDx:GczlNtSF2RF3CEzZw1hwTqtxx
                                                                                                                                MD5:FFCF3BB31A122AF791B3559832F2D7D6
                                                                                                                                SHA1:E5074F0041E85EEAE581AE23F197331E755ECE9B
                                                                                                                                SHA-256:79C0EB5FA7E97ED7FA7D55926C4CC8EAD6CC254D1110EF6B399AD480BEB275C1
                                                                                                                                SHA-512:7089B37C7B0313506588B3BB4A2CB289CF0011B75A734BC33494213947C07E80ADEF7BFDB11198BF66C9DFAD13F9A57BCD5B4D62E1F6AA38F60640BD38EFA2B7
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M)\a.........." ..0..P...........o... ........... ....................................`..................................o..O.......`...........................Xn............................................... ............... ..H............text....O... ...P.................. ..`.rsrc...`............R..............@..@.reloc...............X..............@..B.................o......H.......x...._...............S............................................(:...*. ....(:...*..(:...*"..(:...*..(;...*....0..@...................~....}.......}....(<......(....,..{.......Y.. ....[*.0..i........(;.....(M...,.r...ps=...z.o>...-.r...pr...ps>...z.o<.......s4...}g....o;.....{g...o;......}i.....}h.....8.........#.............+v......#.............+.............ZX.....X......2.............Y.......[%.........ZX....{h................._}h......X.....2........Y....{i....

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\View.GeoView.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):5120
                                                                                                                                Entropy (8bit):4.242601878924758
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:6CcQOHTrxVnHbLstI8JEOw92hH1FXHAqTzHFtHWhDkctVnMVq2vmQliM36r:uzXsZm2hTXgq/ltGtN2qa5
                                                                                                                                MD5:85047CC9200E66156AC8E2F7BB96C103
                                                                                                                                SHA1:E4158F0F13F09A07FAFBB7E3F783EC6817DF0268
                                                                                                                                SHA-256:BB9AAE52E419557C83F4576CBAD2D359262FDB857170EA777B7C0E8D51557D99
                                                                                                                                SHA-512:E795AA470B4FA7B6F80D25273512C6210EED1605127EE4F6330FBA16DD284DD769DD2EFB88C886474089230DFE681D1690D0EBC93A3DC211B903C025C2570829
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?k`...........!.................+... ...@....@.. ....................................@.................................t+..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........)..h...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.C..f.?...b..f....O...c...._:#...(.....s.3"..5!..N...Y...a.>.|....b.......;.......y...'...6.......K...m...Z......................."C.e.n.t.e.r.M.a.p.O.n.M.a.r.k.e.r......L.a.b.e.l......L.a.t.i.t.u.d.e.-....L.o.c.a.t.i.o.n.s.?.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\View.ibaAnalyzerViewHostGraphManager.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):5120
                                                                                                                                Entropy (8bit):3.8010929530727506
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:OY2uHwtNMawWGqZNwfntwf5wfXvGq7zwOD2:r2DMawkwfntwf5wfX9f
                                                                                                                                MD5:CC554E9214E238D44C07F9963E048D51
                                                                                                                                SHA1:A8893600A0509D1E3388624A352590C92A320191
                                                                                                                                SHA-256:6217A47FE8503DADCBC10F7EA500D9835E9071CA273D03CF969C6301F510A2C4
                                                                                                                                SHA-512:335AE9030EA4B183E00BA72C30FF487BCFEC644775AD7E6C86B95A08CB743A520D9EA5D07E505F090C871FE484D451C39421503B68E83AE19717B6F2C294E74E
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?k`...........!.................)... ...@....@.. ....................................@.................................`)..K....@..L....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........'..............P ..............................................E..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..*..%......PS.y....n.......;.......6A.b.s.o.l.u.t.e.T.i.m.e.C.o.n.t.e.x.t.M.e.n.u.T.e.x.t......O.f.f.l.i.n.e.T.r.e.n.d.D.i.s.p.l.a.y.N.a.m.e.0...<R.e.c.o.r.d.e.r._.A.u.t.o.m.a.t.i.c.Z.o.o.m.X.1._.D.e.s.c.r.<...<R.e.c.o.r.d.e.r.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\View.ibaEventTable.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):26112
                                                                                                                                Entropy (8bit):5.067662870911737
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:oRZc7tKHxc5rXwndR/wqaRCJemeDEQP8ykawjXwGFwf+wfrwfvwfwwfewq7EaGXa:oNHWodR+xmeDEQPwGqDp
                                                                                                                                MD5:FF5906101B86E639390BF5D86236D7B4
                                                                                                                                SHA1:FAF4BD2295D9120D31B894483163094481A3E4AD
                                                                                                                                SHA-256:CDA482CBA2F89638778481521AB4C037051866D82D661009D8AB6784DD431ECD
                                                                                                                                SHA-512:74024393E06506B91CFF0B7DBC5028932B0EB132B3B3B36581B279FCE025C0630A4CE51286C5618D9E1B072A61B8E7DDE7ED32A82B365B853C29A2808AA5ECD4
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ta...........!.....^..........N|... ........@.. ....................................@..................................{..S.................................................................................... ............... ..H............text...T\... ...^.................. ..`.rsrc................`..............@..@.reloc...............d..............@..B................0|......H.......lq..............P ...Q.........................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....D.......PADPADPlh].....N......,.i.V...Y.f..#n.).Z..#.V.....X..9;......%.m.|..W....P.......WB..A..........h..`D..".......$..x..sm..q....q.....8oM.:+....X..V....]..._..._..[.....!...!o.B'..-"..5.Q.7...8&E.A..DBc..C..HF+..Q.(rTJ..V

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\View.ibaFFT.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):86528
                                                                                                                                Entropy (8bit):5.251852466819867
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:4QS9WLYFWtW3et03etMXbz3et03etTizUzH2dnWGHzt0t3cEzQRXvs:4QSgLYFWkXbGioBGHzs3cEci
                                                                                                                                MD5:C750F094A06E21E08BB152E3A7E66511
                                                                                                                                SHA1:14251FC6AD157EEAAA6A735002DCCF405467D58F
                                                                                                                                SHA-256:BBF04E8FE2AC7F7B2E0592613CC1AAF0305C48FCF10E0872AF0A30D19B49EE79
                                                                                                                                SHA-512:D691FCCD1F60C40F73AF00A50E042B6405128ABB9007C7FD157A87CE9B403493D5E43818949472DA7FCBCA1AFB80F69D432ACA79E1B1CFB67A3BCAB4BF775D84
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ta...........!.....J...........i... ........@.. ....................................@..................................h..O.................................................................................... ............... ..H............text...4I... ...J.................. ..`.rsrc................L..............@..@.reloc...............P..............@..B.................i......H........Y..T...........P ..69..........................................P~.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....Z.......PADPADP....8..a2........e.\.R.d!:.g!:..Oa...k.i.P.......7@...S..6........E....}M..R..J1...N...K....G.~.V...Kc<..'..G)..+...9g.....7.Q......2..(`V....s....]......(@&...7.Dyv.....9.B..:q.`...m.1......3..vR.....R./.G.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\View.ibaGraphManager.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):62464
                                                                                                                                Entropy (8bit):5.213676805749081
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:H/xyDDVPOAPepAOrjkudKwgHprLvgQmipRiPSH+MG:5yD8AGuOrjvUzHprLvgPqRiaeMG
                                                                                                                                MD5:20A223B0601318ECF54A3D25C9765F2A
                                                                                                                                SHA1:3D488C4AD2F5167EB066F73B5F1349E177B0CCC1
                                                                                                                                SHA-256:7ED3A6D9E38BF77EF168BA5C67CBD252E94B14EF50FA09712CB2EFCD067078C5
                                                                                                                                SHA-512:DD136F066EE144E05916F22355AEAB5EE917E740DEB8D44063F114CA87FAD72483F2001733D320AD9C4EEB4295F16B910BC1BCF01CD629F1A9D487621CCC0D24
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ta...........!................n.... ... ....@.. .......................`............@................................. ...K.... ..|....................@....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................P.......H.......(...............P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.....(.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP9.......2..`.`.I.m.L.">L..L...L.c.R.3.?.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\View.ibaOrbit.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):33280
                                                                                                                                Entropy (8bit):5.1443046601861075
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:/ULqa2idF0eqio4Aab0xc7baoXwa6wqpwqbWBawjXw0wfnwqdwqd+N3q4DnqqpRU:Da280FQI8PzV3q+FpncPyZNyvnH
                                                                                                                                MD5:DA79ACFC31EE9691DAC8C54C88DF4F92
                                                                                                                                SHA1:67C88E60550BA963AE897B321DDD2EE5494D83CE
                                                                                                                                SHA-256:C56168652A7AE8B49FEF82CD1D75DBD06C402D7403EEE781A2B302A1A95A6AD0
                                                                                                                                SHA-512:94EBAE2F9CC8623B02E7D3078DF50F525BDDDABE2F6BBC30D94F3EB6DC877C9C9C3B15ED156799EDE91426B9286B24148D98EE08A2906343250C836BC2112D02
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ta...........!.....z............... ........@.. ....................................@.................................\...O.................................................................................... ............... ..H............text....x... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H......................P ...l..........................................T..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....|.......PADPADP..j.v+....j.~.......m.3.../.l.......}M.J1...o_..'..o.....:..~...? ..."...V....F....s..h......r..C....>..w@.].`...&.~_..6.......i.)T..L.#............O.....g.U.+.....P...^........{....7...C......@.W...6)...e......

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\hdClient.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):48640
                                                                                                                                Entropy (8bit):5.162529542594102
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:QViwJDgNWmCcKcsBJPfzSjI0sQ67eLuthM8r:QKWmCHcsgPD6blr
                                                                                                                                MD5:C17C63B0C0A21690660A0AE8D42B222E
                                                                                                                                SHA1:3E77E8473EEC62F28B5C469E576460B5BD7713D9
                                                                                                                                SHA-256:D6CCE8944A1EC43DF314CD1DFF4B0841D391F43094A91C2FF8EA6C0DE66E26A9
                                                                                                                                SHA-512:582EF03A563196F9EEBA32FD613CAB2703BDD089949C44C8FB5760E75C5C64FA4D8037F8443F12908418B4B2FB2DFD5544EAEC06B7CA10284D503BD261B51599
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....-ab...........!................^.... ........@.. ....................... ............@.....................................O.................................................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................@.......H.......P ..@............-..|...........................................BSJB............v4.0.30319......l.......#~..@.......#Strings............#US.........#GUID.......P...#Blob.....................%3................................!...............*.....P.....n.............................".....?.....e.....~...................J.....J.....J...!.J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J.......-.....6.....U.....h...#.v...+.....3.....;.....C.....K.....S.....[./.................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\hdCommon.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):7680
                                                                                                                                Entropy (8bit):4.3308783906967365
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:gvn1+Al6puwaxzSDALasfKpkCbyHKdAfeJVD8oq5Ghrb:Mn/6puwlDALdCpUqfVI/Y
                                                                                                                                MD5:A834AD4AA5B0DCF24CF2EAFC1CB5974B
                                                                                                                                SHA1:252D31871058C5EB3831D32E6D2AE28DBA15A944
                                                                                                                                SHA-256:018AAE15D2DDBB5F45AFF9B8CD021F2FD9D8819C8D1E3B40BFE383DFFDA6EC88
                                                                                                                                SHA-512:B903C284B11C28CB65F1D22CBDE39103050E623C312FF916E56D17DDC7E9CE11FDCDF8CE8D3FFA9F6738C978BFA590894F0B62280ECFB9AD4A21679B99E9580A
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h.Za...........!.................4... ...@....@.. ....................................@.................................H4..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................4......H......../..H...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADPaRS.....4n.H<....8..KS.....).........S.C..U@..g........:...j...i...Dm..H...i...<....1G!...#L].0RV.;...B..1F..IHG.JH...H.;.L...L...Q.-YX...XY.gb...e#f.v.}.v...........i...........}...................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\ibaAnalyzerViewHostViewWrapper.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):21504
                                                                                                                                Entropy (8bit):5.031920165697022
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:D4rKXAxGcoRahKJ56KTFjHM51+LteAecjawjXwFwfkwqxfffCTfff1Rh7p9xkkJm:QKjcTwJ56KTFjHK1+Lph7pLkkjY
                                                                                                                                MD5:681F2264378183EB9F1FA2E682EFFA43
                                                                                                                                SHA1:2E776BF043FE7176BF54E065487980C3E5D17DA2
                                                                                                                                SHA-256:6726DAF26D232FA0F77227C49F3B90641B72E724884A8AE7A6485815F7809E82
                                                                                                                                SHA-512:1D0CE0F6680EA0AF887D9209B0DFCD1C399D258E9E2557EFD8FE9CA5BA369F860F689EE492DC4B2B4DD1E557CDAB6A9EE6C475D3E41150A28EF04185E7D91AF7
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?k`...........!.....J..........>h... ........@.. ....................................@..................................g..S.......\............................................................................ ............... ..H............text...DH... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B................ h......H.......L^..............P ...=.........................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.....-.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..6.F....y......|.W.tT...........].f.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\ibaHDOffline.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):17408
                                                                                                                                Entropy (8bit):5.009206061928093
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:wpawbwfCyPDL9pDuawxTM3wfjfctawSPCwf/LbyawjXwiuwfOwq4wfhwqOwfmwf2:FL9gTMaPX6
                                                                                                                                MD5:2B4A1134AF6F66EFF94E3C9EDB3A588A
                                                                                                                                SHA1:18023A380DAFB27BEE46D64AF0C878090A85584B
                                                                                                                                SHA-256:443B6BFDE8A85116C73CEB959CC63873DFE110657E4E99F284D0FD538BE84B71
                                                                                                                                SHA-512:2F2089D3A5041AF340FB9C629B79C945ED48430A512103D057A9A1135CCB2B0A16D78ADCCEB6C6088A269921E7CEA594A6AF18124487C642AA07C821DBD5A716
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....-ab...........!.....<..........>[... ...`....@.. ....................................@..................................Z..W....`............................................................................... ............... ..H............text...D;... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............B..............@..B................ [......H.......P ...............(...2..........................................BSJB............v4.0.30319......l.......#~..P.......#Strings....D.......#US.L.......#GUID...\...d...#Blob.....................%3................................................*.....C.....c.........................................3.....m.N.....N.............................=.....=.....=...!.=...).=...1.=...9.=...A.=...I.=...Q.=...Y.=...a.=...i.=...q.=.......2.....7.....@...#._...+.q...3.....;.....C.....K.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\ibaShared.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):32256
                                                                                                                                Entropy (8bit):4.940524757862727
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:QM33oM+f4o96gnqFW31v0/JfDmKxDxYc/sO8L77SakIR02R/BLZYX2akifbs+OrX:BHoM+j96gl31v0/JfXxDxYc/l8L77Sah
                                                                                                                                MD5:759A8ED5BEFADD5D8BF703112EF53A74
                                                                                                                                SHA1:10D7CCDE38CD0F844120A95AE593F9D18839FCB3
                                                                                                                                SHA-256:E04FB65E5D721A8681F89231C0F75BC0A67CE8056B275BDAA8C4C1613EAB98E3
                                                                                                                                SHA-512:C8E814122D9D0760BE0572A9AF791E7F1AE1ED98A4B56790C61AEA4F93C1D8FA273AF51A36B10A500C7B61AC9500E7B317C48F3E742B5980FB1E04726BEC17FD
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ta...........!.....t..........N.... ........@.. ....................................@.....................................W.................................................................................... ............... ..H............text...Tr... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B................0.......H...........H...........P ..Zk..........................................Vk.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP...yk........~..h..e....].eN...h6...7.`....!...D...f..Z..#.l...R.Q.L.......4P..6P..7P..&.....:...R.]...R{..../...n...^.......`.....w..._.....V.|.f.}.f..]..d.w.+.r.............d.......J.....uy........E.F...@......

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\ibaSharedGui.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):76800
                                                                                                                                Entropy (8bit):4.984005127858699
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:Udq064Coc6Qab3J+H8CL7W/p8N7T3sePhw1cUTz:Tp4CZ6QaTJ+HNfW/qxT3sADUn
                                                                                                                                MD5:591DD0EDAD52AEA641EC6CDEC6C132EE
                                                                                                                                SHA1:2AC7C2DD48B6A2A5E422DD5C8DD36422737F4E9C
                                                                                                                                SHA-256:63EC6960EB80B4573415ED4E9839979B58030053346066BDAE2288C6932C9D0D
                                                                                                                                SHA-512:5278F48391E288FDC264D9D83A87E575E4C8117E3757DF16087CB8087CAA772E50BF4244CD050BD465868F854D3021B786180E904AF978935F5410CE7AC30209
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ta...........!.....$...........B... ...`....@.. ....................................@..................................B..S....`............................................................................... ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............*..............@..B.................B......H.......`2..H...........P ..............................................p..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPX.P..BV..zY..<...].bc...;.L...%<...X.f.....4...\.....7..k...@.._.%.j...........J*..oK......x..V..F0....\.0Y.......2#.../...p.`Vv.'SO...6.D.9.. .......k'.Fe....B..\`..~z.|M...A.....G...........<}..J1.._x..qC..}5G.q.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\ibaUser.Forms.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):14336
                                                                                                                                Entropy (8bit):4.897229443132784
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:toCW4TCvqSxWI3UGcjawjXwuwfgwqDwfSwq5Z9awjXw/4wf9wqZwfTwqZwf/wqtr:H239iG1
                                                                                                                                MD5:A5F3AE915139B7044AAFFB0C9717A7DF
                                                                                                                                SHA1:FF9C9A7BE3B0094883F6206FB24A96A0CA7E5F58
                                                                                                                                SHA-256:D33C7FAFF10F505F5C5FD2074482F527E10D4DFF341F8107DB40EEA3A4651A4A
                                                                                                                                SHA-512:6582ACD3AA3FBF8830166A1AC4F7EB40713EDA67B2EDF9B8C5765FE9DF5E36F9F1EE0F1BA881CB71FB2F489559A2A8B68502B1A696DBA8CA839B92374313EF45
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j.Za...........!.....0..........NN... ...`....@.. ....................................@..................................M..W....`............................................................................... ............... ..H............text...T.... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............6..............@..B................0N......H........E..............P ...%.........................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPyq@......j!.L....k(.|.L.....DF..........TQ.......;!.....Y.#..w$.d.&...&...+-.0+.'3(..F...VV..e=..hj.Dmj:.r...|............[...........c.......:.......P...........T...3...............k...'.......6...i...........................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\ibaUser.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4608
                                                                                                                                Entropy (8bit):3.99578208074871
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:6sDQuHKB0zqJ9WXwjjhsuq+z4q3oND8LFqWPr1Dl0GaPogh6d:h3RzEcTD8hq4VZ
                                                                                                                                MD5:133B793132E1564A33391017A9359DC9
                                                                                                                                SHA1:8E0DEDD3A5D64787AD34AFDF5F9D36F212E78F44
                                                                                                                                SHA-256:6EF1856661F9A07FA3F6605108DB7195DC58FA0301872DC8D6A2455F22DE3A74
                                                                                                                                SHA-512:91C2137C73C19204EC009E379683D42FA83116CB9B4338765E09509C07BA00248FAB90591F2B65991F616ACC0E968D4D94178402760407AD3964D884CD06E5FD
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i.Za...........!.................(... ...@....@.. ....................................@..................................(..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......L#..T...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.$..$"p9U.OE..[]..._f.......3................E.r.r.F.u.l.l.y.Q.u.a.l.i.f.i.e.d.D.o.m.a.i.n......E.r.r.U.s.e.r.N.o.t.F.o.u.n.d.I.n.D.o.m.a.i.n......T.e.s.t.A.D.F.a.i.l.....$T.e.s.t.A.D.F.a.i.l.N.o.D.o.m.a.i.n......T.e.s.t.A.D.O.k

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\de\ibaViewUtilities.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):18432
                                                                                                                                Entropy (8bit):5.05476083841941
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:LQWBawjXwCwfLwqdwqBWVDVffGGb5yjigjtxlXw3wqcwqRl/wYawjXwQwf1wqRwC:JZR/NpmtR24A
                                                                                                                                MD5:9035D72D7A3DC90F5DDDAB4C859A1DDA
                                                                                                                                SHA1:BED6279D287537F619701C65AD14A63BE083CA1C
                                                                                                                                SHA-256:B2FBD9CBCDEC23846DC07777874F0E39793AA427D59A5F53B0EC62A047B3F7B0
                                                                                                                                SHA-512:A9E26AE0CF7CED5D3C4FC63E4043ACFD9AC824CB52099D31BB29CC6616C0E44006E5BCAE43B51CABD3D5E051EB5D64E5D882050ACFBD7D50E2CC1DBB326CA14F
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ta...........!.....>...........]... ...`....@.. ....................................@.................................L]..O....`..<............................................................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............F..............@..B.................]......H.......0R..............P ...1.........................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............gSystem.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3afSystem.Drawing.Size, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.........Q.............O,d.O

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\View.GeoView.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4096
                                                                                                                                Entropy (8bit):3.6546985477509337
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:6yQ4H19H19H19H19H1ZAxN1EJvmQliM36r:Pffff/GNil5
                                                                                                                                MD5:B6754A7B748451C0530A25D79384609F
                                                                                                                                SHA1:D746C9A96ED58A6D01614097C8504AB371B5EA7B
                                                                                                                                SHA-256:9EC8227D0A0C0FCABDEBADE2ED7D7CF7D1437F3619CDC8C5BD722DFA946E067B
                                                                                                                                SHA-512:4A127EC4B02115507FDCD4CCAFE2784882E66772C1B85F16F6E2BF3C36CDE0DDBEBB84D79FEF0314F5D3FB538592DB4E050267FE6272C90E679197F0E190FF2A
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?k`...........!.................&... ...@....@.. ....................................@.................................P&..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................&......H........#..h...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP...................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP...................lSystem.Resources.Resour

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\View.ibaAnalyzerViewHostGraphManager.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):3584
                                                                                                                                Entropy (8bit):3.1560267824201524
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:etGSwpAI+I6HE41VHE41DRlkqM+4jiuVGwaDYoyhKyvxSzZhNbCe/PqvXc2/43GZ:6xIDoH19H1DZPwccJvxSzluOSk2G6r
                                                                                                                                MD5:FEEE75BB56239806D8D18C8A7E60B909
                                                                                                                                SHA1:C7D1A854E23B80088EF2C1CB20442D450C8146DA
                                                                                                                                SHA-256:5F520CC5D66B6E21323C808CDCCF226526039E01AF89D91EF9E6C29991A1ADD2
                                                                                                                                SHA-512:4F23254934E7D34B0FE17225BECEC00120163BB205E184C42F2D217222761428ACA1DD5BC239B2D67F81AB0ECA59497DA9F1C6A67ADAB36EA0CEE159057D99FC
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?k`...........!.................#... ...@....@.. ....................................@..................................#..K....@..L....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H........!..............P ..p..........................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP...................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP....BSJB............v4.0.30319......\...p...

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\View.ibaEventTable.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):31232
                                                                                                                                Entropy (8bit):5.130804702227277
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:ywm5+EuhbIVA3aPJawNtskNwftf0awi6wf5wfiwfKxXwutWwqVwqC1awkHwfWwfr:UvuGFSbtogw0YFyB3
                                                                                                                                MD5:E0DA983D430669B9FF6ECA52403870D0
                                                                                                                                SHA1:07A0FFDE8A843FF06154DA167AA04363DD01C552
                                                                                                                                SHA-256:9BF5937857CB4E2A05F5D901D803C0E2F9B99737325FAB15BC89DA40EC4485AB
                                                                                                                                SHA-512:21EB469C67A5C23C853984C52EC3BA7AD079B0F8D36A6C676D73FA9AC9AD46E448547533882B1BBAB30D5786BA9D31E5FD6450BB26E64E69C4C36E897CA1BB9E
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ta...........!.....r............... ........@.. ....................................@....................................S.................................................................................... ............... ..H............text...$p... ...r.................. ..`.rsrc................t..............@..@.reloc...............x..............@..B........................H.......<...............P ...d..........................................`..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....E.......PADPADPlh].....N......,.i.V...Y.f..#n...Y.).Z..#.V.....X..9;......%.m.|..W....P.......WB..A..........h..`D..".......$..x..sm..q....q.....8oM.:+....X..V....]..._..._..[.....!...!o.B'..-"..5.Q.7...8&E.A..DBc..C..HF.(rTJ..V

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\View.ibaFFT.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):92672
                                                                                                                                Entropy (8bit):5.231168881343713
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:c8w1KhW2y5pvxo/bbARXCSjT6t3IGipfGK7i/MJ1x/7iIZ1YgpJskQS03oowMUp:cZ1KhW2y5pvxo/bbTV6wMhi630q
                                                                                                                                MD5:1F234E47E36FF2C5B75ED509A3385D65
                                                                                                                                SHA1:F226AE479991C42D27CFB8C26C09942F397AC620
                                                                                                                                SHA-256:6DE77D7D17E418810B3E37641C1DFBF85CB90678D46573219299A582A62267A3
                                                                                                                                SHA-512:F4A2196553F7A4E567AA4075ED281BBF0189C1BAF20D692457DD2E436E6859BEAFE6E41F9F879569CA997C5F8BF4AF0C94751EEC01C81A37DB6907805E932641
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ta...........!.....b............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....`... ...b.................. ..`.rsrc................d..............@..@.reloc...............h..............@..B........................H.......Tp..T...........P ...P........................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP....8..a2........e.\.R.d!:.g!:..Oa...k.i.P.......7@...S..6........E....O...R..J1...N...K....G.~.V...Kc<..'..G)..+...9g.....7.Q......2..(`V....s....]..B........7.Dyv.....9.B..:q.`...m.1......3..vR.....R./.G.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\View.ibaGraphManager.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):76288
                                                                                                                                Entropy (8bit):5.21917028312933
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:SGS/ksuEa9+jMN4X5Tt/HA6Vzpia8Dc0VDrixCNiwGdZnc9+Bw:nE6+m4X5Tt/HACtiaywMNiwGnncUG
                                                                                                                                MD5:12215D8EBEF1D58F969E289BA7DCE3E2
                                                                                                                                SHA1:DDBBD049265D552FB9C35E2C3D231D5BCB5C6D46
                                                                                                                                SHA-256:1306B81BB8E652E55AB50AEF187352E034CBCB7F3DEB17463C551CD93699CA7C
                                                                                                                                SHA-512:E52653AB86E59CC19C4BA1D71861CE6942BD33A3A450D05502C5718AB6335C900B2EA2AF53A8863B7C1B168DD87F9BE7D5476B622F206D5AC8B42698D4837654
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ta...........!..... ..........n>... ...@....@.. ....................................@..................................>..O....@..|....................`....................................................... ............... ..H............text...t.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B................P>......H.......$0..............P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.....(.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP9.......2..`.`.I.m.L.">L..L...L.c.R.3.?.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\View.ibaOrbit.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):47616
                                                                                                                                Entropy (8bit):5.205911161033409
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:HITl64McGExQb/M9O4bpwH7JtHaTZGitIapIKEYYfW/AtX:ln6TtIKYX
                                                                                                                                MD5:B7634D69B55F0EDC94DD417ABCC03640
                                                                                                                                SHA1:7C2D9998B28E171C6E8B6A6AABBFC8C4B98419BE
                                                                                                                                SHA-256:EDFD3F1DC81620B15A9FE59A3A1747BC9A829A4575CB92F8AF72D42F21075DB6
                                                                                                                                SHA-512:CB2F9D6E921F08157717A358EAC426FB03DE5BD6923021CC4B52B39DEB7DD6999007806E436F0998B0FF4026498DEF56296AB987498CC0282C80E836F08E696A
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ta...........!................n.... ........@.. ....................... ............@.....................................W.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H.......................P ..C..........................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....}.......PADPADP..j.v+....j.~.......m.3.../.l.......O..J1...o_..'..o.....:..~...? ..."...V....F....s..h......r..C....>..w@.].`.}.V......i.)T..L.#............O.....g.U.+.....P...^........{....7....X..C......@.W...6)...e......BrY.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\hdClient.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):59392
                                                                                                                                Entropy (8bit):5.201693622804996
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:LTpcG5QI7O3maA8cRFdCzwiSQDXlhQz8CM/bD6Dbd+hgs4D:2IKbA8C0znNnQ6/nid+Ks4D
                                                                                                                                MD5:6870CDFAEB0F1410A22F8E3302548A1C
                                                                                                                                SHA1:27BDF3C35CBB617BA50C89BED6ED31877D786B38
                                                                                                                                SHA-256:799D3B384E9B18291D7D056786267674C47B19971D2A4C223021361D1255C628
                                                                                                                                SHA-512:08690E2348653446F66671FA5B4BA551075BE65C121A39D98F9089B96DE74D340E2EDD1536042C99C154B4C865ACB08269095605D659E6ECB59F74854901FB8B
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....-ab...........!..................... ........@.. .......................@............@.....................................O............................ ....................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......P ..@............-..;...........................................BSJB............v4.0.30319......l.......#~..@.......#Strings............#US.........#GUID.......P...#Blob.....................%3................................!...............*.....P.....n.............................".....?.....e.....~...................J.....J.....J...!.J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J.......-.....6.....U.....h...#.v...+.....3.....;.....C.....K.....S.....[./.................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\hdCommon.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):8192
                                                                                                                                Entropy (8bit):4.434682320543308
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:6tKF5ps62PlTeMr7+OFaFtQAm43MWxg/i9uqqVI7W:6tKF5y66R7+OsFKAm+MWS/IFq
                                                                                                                                MD5:121DA0237FF2829A65A5955AD96A6BFC
                                                                                                                                SHA1:933777D05CA505BCD752319E65A29486AF4BDFF8
                                                                                                                                SHA-256:E803EAD205B34FD2BCBA513545434E732C881BC1CA1E93FF25DFBB6622AB8146
                                                                                                                                SHA-512:CD5A85CEC7B28F7CDC1AE8EFA705DB428DC6B07623DCB906E9330AC2225AC5B370E5198F81F98D32DBF2491EF42D8499B554A906516DF2B87FEDCEB58192D4F8
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M.Za...........!.................7... ...@....@.. ....................................@..................................6..W....@.......................`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................7......H.......|1..H...........P ..,...........................................(..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....-.......PADPADPaRS.....4n.H<....8..KS......E..).........S.C..U@..g........:...j...i...Dm..H...i...<.....N .1G!...#L].0RV.;...B..1F..IH...H.;.L...L...Q4.,X.-YX...XY.gb...e#f.v.}.v...........i...........}...........................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\ibaAnalyzerViewHostViewWrapper.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):13824
                                                                                                                                Entropy (8bit):4.931744942889366
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:SIiS00SuUw06iWu1SffffffffonhVuVdDkJLpHjjnT:vHtYthVuvDktpHjjnT
                                                                                                                                MD5:2092AB5477A34FF2A4B63F81E11812E6
                                                                                                                                SHA1:E84CFD0B0B4B8E53F8830DB0CED42C71517D78D4
                                                                                                                                SHA-256:CC5FCEFBC8A5D2F0FA76E4BDA21778D5F19FED146DA97DBA1C886B18175B292B
                                                                                                                                SHA-512:6F61343ECF9BD5154E42415D0DA3888D4F397B3422EE4C7CB57D181DAF6865EDAB37D96E50FC0A2C5A1F75BB7D203B53F741993534E837FCD5F959BC3AD2A582
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?k`...........!.....,...........K... ...`....@.. ....................................@..................................K..K....`..`............................................................................ ............... ..H............text....+... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B.................K......H........A..............P ...!.........................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP...................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....=.......PADPADPF....y......|.W...X.....t......w@..rk.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\ibaHDOffline.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):18944
                                                                                                                                Entropy (8bit):5.05365942685894
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:lnRiJ/8w+OmkOmxsh/awjXwMLe9wfPTwfzwqJwf4wqQwfFwqQwfiwqefAYawjXwb:g8w+Om9gQLFW5JBSj
                                                                                                                                MD5:14E909ACF73190A316E2A749C7811237
                                                                                                                                SHA1:B015C280859567EDB321A227D33161366F31548D
                                                                                                                                SHA-256:5C07E9D82E4C2F2265DA75A2F60DB586384F912DA13E9F6F539D2527044930B2
                                                                                                                                SHA-512:0A474C2A8CEE2F4328436B37801EEBADB4F181DFC8382E94C7C7961227AAFC3B837C2500C413D0FA34476B94FDE60897CB82165AF539789AEA8F1BF1358DC9A9
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....-ab...........!.....B..........~a... ........@.. ....................................@.................................$a..W.................................................................................... ............... ..H............text....A... ...B.................. ..`.rsrc................D..............@..@.reloc...............H..............@..B................`a......H.......P ...............(...9..........................................BSJB............v4.0.30319......l.......#~..P.......#Strings....D.......#US.L.......#GUID...\...d...#Blob.....................%3................................................*.....C.....c.........................................3.....m.N.....N.............................=.....=.....=...!.=...).=...1.=...9.=...A.=...I.=...Q.=...Y.=...a.=...i.=...q.=.......2.....7.....@...#._...+.q...3.....;.....C.....K.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\ibaShared.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):32768
                                                                                                                                Entropy (8bit):4.976311231541577
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:ObZ7eUgwvlch+gagUneX+nbYDjDiyU+/kQNTFSgst3ONe27l6EiGGpUO+:GZXgweh+EUneX+nbEiyU+/kQNTFSgslq
                                                                                                                                MD5:17DB458C9EEF0F883B293282562FA5D6
                                                                                                                                SHA1:82441FB5CEB7749A080D2292A34D9F2F1C0DC5F9
                                                                                                                                SHA-256:67CBB4E2B427ACBAADFA1E1699498F05BA084A2D2CB4E6C33E262B956D9D5EF8
                                                                                                                                SHA-512:915CF52974CADD7AB70D45721BD8A89913CDA1E121D77DEF09CE144E2251E6E449C5694EFD07F25DE3D8CD8D6E08EFDA8FDFAE4847CF9881FC45D6A913A4C0EA
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ta...........!.....v..........N.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...Tu... ...v.................. ..`.rsrc................x..............@..@.reloc...............~..............@..B................0.......H...........H...........P ..dn..........................................`n.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP...yk........~..h..e....].eN...h6.}...`....!...D...f..#.l...R.Q./fX.L...4P..6P..7P..&.....:...R.]...R{..../...n...^.......`.....w..._.....V...g..]..d.w..@..+.r.............d....J..-.....uy........E..O..F...@.....

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\ibaSharedGui.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):86528
                                                                                                                                Entropy (8bit):5.021258411884086
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:C0Z02QH4p9va/FuExxgVSqlB1NytX0yuQ0pC3IcwMOblIfLyYMPkWBEZ3FMchYhp:rK7FFqlZytX2C3x2JkWyZ3GchYT/
                                                                                                                                MD5:D673C7F4D8AAB1B3301D480290A0F256
                                                                                                                                SHA1:7D51A5641178EA23EA7CCAE2D16D5EC5B75F7D67
                                                                                                                                SHA-256:B0D0EF9B6AA202E33E039C21B7801672F4CED3A5F71072B524E66C9FAE5358E3
                                                                                                                                SHA-512:94AC2508F4A2F0400B00E325166D54EC822045288C94DAE266C8E31AB7063D106160BB0C9D62971C3ED3947B15764730D170FC470E3B7247C375B2C4A6C690BB
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ta...........!.....J...........h... ........@.. ....................................@..................................g..K.................................................................................... ............... ..H............text...$H... ...J.................. ..`.rsrc................L..............@..@.reloc...............P..............@..B.................h......H........W..H...........P ..77.........................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPX.P..BV..zY..<...].bc...;.L...%<...X.^J=.f.....4...\.....7..k...@.._.%.j...........J*..oK......x..V..F0....\.0Y.......2#.../...p.`Vv.'SO...6.D.9.. .......k'.Fe....B..\`..~z.|M...A.....G...........<}..J1.._x..qC..}5G.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.Forms.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):18944
                                                                                                                                Entropy (8bit):5.050244000392152
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:5ofu4waWj0naw8tbqGwfHwfawfHwfvwfgrucjawjXwzwffwqZwfZwqju3awjXwKy:uzqtbqv8UCVj
                                                                                                                                MD5:7694E025A9776874A585EC071EFC1D7A
                                                                                                                                SHA1:0FAF2664792055390ABAA5BE69F09944DDB7D498
                                                                                                                                SHA-256:84A19BE4C0D69B7C5AF51F1CE4852CD5F89D5EFD6AE8E2FCD8F7EAE47348A0A5
                                                                                                                                SHA-512:F9AB21428E3F119351EC352CEB0B5B5A6E49758A59E72C6494DB10FEBCCE2CC855A3D4A44B8035A400DAB39FADC1C1E342C19A4E89750C9FCBCD1D16A29D1421
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O.Za...........!.....B...........a... ........@.. ....................................@..................................`..W.................................................................................... ............... ..H............text...4A... ...B.................. ..`.rsrc................D..............@..@.reloc...............H..............@..B.................a......H........X..............P ..g8..........................................v..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPyq@......j!.L....k(.|.L.....DF..........TQ.......;!.....Y.#..w$.d.&...&...+-.0+.'3(..F...VV..e=..hj.Dmj:.r...|............[...........c.......:.......P...........T...3...............k...'.......6...i...........................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4608
                                                                                                                                Entropy (8bit):3.9326256354249263
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:6PrQ/eHKB0z6/qmnGsduY1lLouq+zTJq3oND8kVUpPr1Dl0GaPogh:qieRz6/qmLHNl/JTD8kSRVZ
                                                                                                                                MD5:0B02E635A4F717BBA0AF147E6269B89B
                                                                                                                                SHA1:79992A4FB8533068D063D3985A547CC83B095826
                                                                                                                                SHA-256:7CEAC40D6D8B1479E7AD5392B87222EFAD2387649A56BF91FC829F76557F4C8A
                                                                                                                                SHA-512:A5F7F864DDFE2C966FAF6D574907444482CBE520FBB4A7CF4B8A696041D1D5CBF08436103DCD7AA03743C41611E31CFE5A24F30B7ADFD698A9ECFFDCE96E8314
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...N.Za...........!.................(... ...@....@.. ....................................@..................................(..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......@#..T...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.$..$"p9U.OE..[]..._f.......3................E.r.r.F.u.l.l.y.Q.u.a.l.i.f.i.e.d.D.o.m.a.i.n......E.r.r.U.s.e.r.N.o.t.F.o.u.n.d.I.n.D.o.m.a.i.n......T.e.s.t.A.D.F.a.i.l.....$T.e.s.t.A.D.F.a.i.l.N.o.D.o.m.a.i.n......T.e.s.t.A.D.O.k

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\fr\ibaViewUtilities.resources.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):18432
                                                                                                                                Entropy (8bit):5.027911623191694
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:ZAXw8wqfcjawjXwo4wfZwqLDg4ffaQbZcfHgLdWd0ffvbdWBawjXw3wf1wqNwfUF:jqyZW8n4sTl58
                                                                                                                                MD5:210BBF5541353DC94DEA96620CA11B48
                                                                                                                                SHA1:C68E261230EDC586D4AD252A7AB4F3BBF4961B1A
                                                                                                                                SHA-256:326848B425995A05070A607988AF2233F6D0608E48B8899607D086F927C2E1C1
                                                                                                                                SHA-512:61B52F19C374485EF8EEE6E94D3CA5827348925CDDED53932356280D29AE113AA5F229C9672831AEEA78429840FCE0EE716C9D8D72A46B7253E2B5F08AD9D8EF
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ta...........!.....>..........>]... ...`....@.. ....................................@..................................\..S....`..<............................................................................ ............... ..H............text...D=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............F..............@..B................ ]......H........Q..............P ..z1.........................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............fSystem.Drawing.Size, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a...................O........6...m............$.t.h.i.s...T.e.x.t......b.t.A.p.p.l.y...T.e.x.t.....2b.t.A.p.p.l.y.T.o.P.r.e.f.e.r.e.n

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\hdClient.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4374016
                                                                                                                                Entropy (8bit):5.693520481128679
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:49152:+v3UwlrL5XezlA6o9HokJlJ8vMPnalWLBzw+hI7:uNlrFXUxRGftH
                                                                                                                                MD5:9F66DB923887B0F63C9018736C8CB021
                                                                                                                                SHA1:2A22035B59B323C4E814D7271AA1880D101A28C9
                                                                                                                                SHA-256:DEB696E98039FDB442CEDF7FBDA1C757D516227C22BA693CADBA46F10A382932
                                                                                                                                SHA-512:3441E85DEC3772991E6372FE30F6118E60D8B6718222BADBF91A173FCD10B56448A6E043477C8193C2561C67580BF3AC19767FC2B07CCDD03E9F4A0C82C24D9B
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....-ab.........."!.....*'..........I'.. ...`'...... ....................... C...........`..................................I'.W....`'.......................'...................................................... ............... ..H............text....)'.. ...*'................. ..`.rsrc........`'......,'.............@..@.reloc........'......0'.............@..B.................I'.....H........M=............`+..!...........................................).j......K.. ..k.%:-..W.=.AG3..y........................................:.*.?.".<.>.|...................................*.....................*...................*.......................................................*...............................................................................................................................................................................*.............

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\hdClientInterfaces.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):27648
                                                                                                                                Entropy (8bit):5.452809364163853
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:R37raCoAu9/r3mG3K3xrr8RvY+2ssLrPsheqHaaAflLzcFkmbk:0Jp/xHvY+PwPsiaAflPcFkmw
                                                                                                                                MD5:321D765B86248DB8009C05421306586F
                                                                                                                                SHA1:A6D32D580DA68C13A98656D38C9357F1C176F116
                                                                                                                                SHA-256:EF6FAFDCF1D279EB6B664631D6FEF0BD96B49C1E4AB832DBF92A2956A26DC212
                                                                                                                                SHA-512:FC257D03C9D6A374F23F633296881DEB3FEF05479E7CA2D0CAF2D081B680F912440C190769B76EE17E8DEA9871E901D7583CDA9DE106AFA46217C53D38431654
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..d............... ........... ....................................`.....................................O......................................T............................................ ............... ..H............text....c... ...d.................. ..`.rsrc................f..............@..@.reloc...............j..............@..B.......................H.......X&...[............................................................ G..._...*.. ...._...*"..._...*".."_...*.. ...._...*.. ...._...*V @B....... .........*..(......}".....}%.....}#......}$...*V.(......}&.....}'...*:.{(....{*...X*:.{)....{*...X*....0..g........~....(....,.~....(....*.~....(....,.~....(....*.~....(....,.~....(....*.~....(....,.~....(....*.(....*..0...........o........o........o.....@......o....r...po....-..o....r...po....9.....o......P...%..:.%....o.......

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\hdCommon.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):229376
                                                                                                                                Entropy (8bit):6.053629328678978
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:O67xzuSPgdXXFbgcrfvDxzyftMwYwFLNk0bv8:O69zDiX1x7pGNb
                                                                                                                                MD5:40CA53C3E2A44285B2D02FC4C0420E1F
                                                                                                                                SHA1:F709890F15867C5236C29462F4F498A082F3F54E
                                                                                                                                SHA-256:9C2A62BC97AB87F0C8A69F7A477E6E85491448320801BAC68A9DAF99EAAE09B9
                                                                                                                                SHA-512:4B506FB9CBE77AFCACF0FA7743EB72C885B0DC263FAD34BCDDCF2C7CC7F1EE045B8780B41AE735B89FD7B769BE015A1EE2F70E7D062EC0BAFE4FA57061D2D099
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y............" ..0..x..........R.... ........... ....................................`.....................................O...................................0...T............................................ ............... ..H............text...Xw... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B................3.......H.......dy..............(...............................................V.(%.....}......}....*..{....*..{....*Z...,..o&...+....(....*J....(.......}....*r.(%.....}......}......}....*....0...........{....-.r...p*r...ps'.....{....o(...o)....8.....o*.....o+...o,....o,...(-...,c.o+....o....s/....o0.....,H.......%.(1.....o2........+$.........r...po3...,....o4...*...X.......i2..o5...:s...r...p*r.{....o6....{....o6...(7...*..0..@........o8......o9......3.r...p*..,.o:...........X..Y.Y

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\hdCore.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):314368
                                                                                                                                Entropy (8bit):5.388292296651336
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3072:YlY5uz/xjoFtwIDZvOaE6FEYsRj7LdWdnK+0396N8b3i3A:UuurxutTDZ9S7LdSrK9vT
                                                                                                                                MD5:8410C84BD9D997E89ACCC0A3AC0ADB4D
                                                                                                                                SHA1:90414737A7563D73AB3EA10D7E3A9B91F0EA82B5
                                                                                                                                SHA-256:42C893EE9CCCED46E5168AC9C227A720C94788786481D6ACC409C185706D7101
                                                                                                                                SHA-512:0C85A52DA23F0421F34EA34ADC21B9A1CA4A1D0D4A245AB7150E065356EB90A6B3FC306A36B3AAA7789713E6814EFA729CB35E51834A68A602882F53D1FD019D
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....-ab.........."!.....R...........p... ........... ....................... ............`..................................p..S.......X............................................................................ ............... ..H............text....P... ...R.................. ..`.rsrc...X............T..............@..@.reloc..Xs.......t...X..............@..B.................p......H..........{k...........................................................".E.\..................................*.....................*...................*.............................................*.....................................*........j..*.......*.......*F......s.........*...................................................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaAnalyzer.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):22382720
                                                                                                                                Entropy (8bit):6.976085181314033
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:393216:rUGjsoYcSd222222v222222WyyyyyyqK2Pe6:t7YkyyyyyyqK2PZ
                                                                                                                                MD5:9C63B57B74E4002CBCA81596074562EC
                                                                                                                                SHA1:1694CCA61E4320C2BC792E719944911110AE5936
                                                                                                                                SHA-256:9C410B6FD5A902D7983F68CEFEA2E2AA52B9F34D7CB6841E6DBE435878AD51A7
                                                                                                                                SHA-512:4CCFA0249ED018C07ED2559B65C3327838D464ADD43DDB72A1D5C33B1F07E9F2B2A60BCD93327FA34C65BCF375A33F79EE20C6EEF629F905ABA17710062C90A6
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$........1W.P9..P9..P9..6:..P9..6=..P9..6<.GP9..6?..P9.,....P9..8=..P9..8:..P9...8..P9..8<.'Q9."9=..P9.!98..P9..6>..P9..68..P9...T..P9...<..P9...<..P9..98..P9..P8.MT9...<..P9..9=..P9..9<..Q9..9..P9..P...P9..9;..P9.Rich.P9.................PE..d.....ab..........#.......h..........F_........@..............................W.....v.U... .....................................................0.......(I......$....fU.."...........m{.T....................n{.(... .z...............h.."......@....................text....h.......h................. ..`.rdata..V.#...h...#...h.............@..@.data............(...f..............@....pdata..$...........................@..@_RDATA..P...........................@..@.rsrc...(I.......J..................@..@........................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHost.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):34304
                                                                                                                                Entropy (8bit):5.61572195985048
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:EWy3K6fSyWnPG7q/5wWyvYTuHg7SOqaM2X7s9q1ZGhlO:LUzWnjTuH+SOqamq1ZF
                                                                                                                                MD5:01003D05D31AB007F1C4A762D17252C6
                                                                                                                                SHA1:2116C949422AF08A54C0F2EE73C01844E8256ACC
                                                                                                                                SHA-256:93282A30E5AEAA5F024F0194F6C92CF99728975A490FD66EBE01DE61A22DB473
                                                                                                                                SHA-512:2D26D98D2768D5D439CB492316A05C7479CE5C8249585EC9D4C3038A782D3B8304F9F6746381E060C9E44195CF9F187DF70BDD65D788F695BAA8DCF02C271972
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ab.........." ..0..|............... ........... ....................................`.....................................O.......8............................................................................ ............... ..H............text....z... ...|.................. ..`.rsrc...8............~..............@..@.reloc..............................@..B........................H........A...U..........................................................s.........*.~....*..(...........}.....s....}.....s....}.....s....}......}....*..(....o....o....(....r...p(....*.0..A........{....o.....1.*~....r...p(....s......(....( ...-..(....(!...&("..........s#...o$....(....r;..p(%......8.........(&........('....o(.......9`..........8I........t...........o)...o*........+E.....o+........i.3,....o,....^...('...(-...,.......%.rQ..p...+....X.......i2...o).....(....t....

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):308736
                                                                                                                                Entropy (8bit):6.058941654981801
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:pm2U/0tVzINjXDuv8pogZGA21iuYRa76AAA2q:pm2Uo9gZG4Ra79
                                                                                                                                MD5:9CF71E605D65209D5F9244F915C98A7C
                                                                                                                                SHA1:4BD26854F94F93E0AA32392A04DEEDAE653045AB
                                                                                                                                SHA-256:32F31B43B3F44196D6E836248C1C73CA75A513874BCDE3094174A66F1F90D465
                                                                                                                                SHA-512:53A9937B9A2E5D1D5C583164CBA76B90B6E0128EC6F21715037A7BA4178B63539ABBD9865925DEFBB996F309E0D4F3F4A69B3C04184E9D708D375D250CB818CD
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................Q.....Q.....................................Z.........................=.....U...........Rich....................PE..d.....ab.........." .....@...........=....................................... ............`..........................................I......xJ..........x&......`...................D...T.......................(.......8............`...............n..H............text...l0.......2.................. ..`.nep.........P.......6.............. ..`.rdata..,....`.......D..............@..@.data....Q...p...:...H..............@....pdata..`...........................@..@.rsrc...x&.......(..................@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostViewWrapper.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):509440
                                                                                                                                Entropy (8bit):6.166093493986349
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:W7mRdLIPnWaKIhQnHhxY6+mQlfuDgEwo5p2od6PJ1VTDBdKumFOVxqr7QTgK:hDaKIhQnHhxY6+NfuDgtFHlEQV+QTgK
                                                                                                                                MD5:754D50210E961087427411E4BC35B369
                                                                                                                                SHA1:99576B727C008866D53F013DF3396E531F1ED19C
                                                                                                                                SHA-256:8150B3743968E6E071A5FD52E5AAFDAF115534B852E2E6E7841BC5CA69019954
                                                                                                                                SHA-512:957D92711702D65C7192300DFB00C7CEFA9DF2A3F78293632B94EEFC0278AE81FBB68C14BB9A4976B66424F23248D4BA54A3C302C9095078F9038EA517D38C95
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ab.........." ..0.................. ........... ....................... ............`.....................................O.......d............................................................................ ............... ..H............text...(.... ...................... ..`.rsrc...d...........................@..@.reloc..............................@..B........................H........S..8...............x.............................................{#...*..{$...*V.(%.....}#.....}$...*...0..A........u........4.,/(&....{#....{#...o'...,.((....{$....{$...o)...*.*.*. .C. )UU.Z(&....{#...o*...X )UU.Z((....{$...o+...X*...0..b........r...p......%..{#......%q.........-.&.+.......o,....%..{$......%q.........-.&.+.......o,....(-...*..s....}.....(%.....}.......o....o....(....}....*..{....**.{.......*...3..s....*..3..s....*..3..s....*...3..s....*.*..{....o/.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaDataExtractor.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):342016
                                                                                                                                Entropy (8bit):6.031228771347023
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3072:3jHLqibom2HVT8LfVrUHKj46VVGb6rbZG5dcbsVaIw/6et6uXecv9t4X8EU7bDkJ:zHLrbQHVAiHK1VVGOX8cbxICUMi/Urk
                                                                                                                                MD5:A1041B0A041C8516C2BE940A011DE30E
                                                                                                                                SHA1:E53320494BDD8A90810F456229A5A99A09A565F3
                                                                                                                                SHA-256:E9F66DDB9FBFB1769E6E7B0D1EA990B1C9067F9FAD442A4E56A4FDB9E5DA603D
                                                                                                                                SHA-512:C7CAB41F529357201EC5C9A8DFCE379D13729E1841E592F679010DBDF6E66899386F0E966C729039D1EC95811D9739298FC9D7CA745D3BFB69DA6BD9FF7B4743
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........\.n.=.=.=.=.=.=.[.<.=.=.[.<[=.=.U.<.=.=.U.<.=.=.U.<.=.=.[.<.=.=.[.<.=.=.[.<.=.=.=.=U=.=jT.<.=.=jT.<.=.=jT.<.=.=jT.=.=.=.=h=.=.=jT.<.=.=Rich.=.=................PE..d...B..`.........." .........J.......V....................................................`.................................................@........@..P>.......#..................`Q.......................R..(....Q............... ..x............................text...H........................... ..`.orpc...$........................... ..`.rdata....... ......................@..@.data....3....... ..................@....pdata...#.......$..................@..@.rsrc...P>...@...@..................@..@.reloc...............(..............@..B........................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaDataExtractorMC.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):735232
                                                                                                                                Entropy (8bit):6.328926037902178
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:YsYilitrkUJNF71p9O33txaDtqPRCqraAsO:Ysxlitr33YxaDtUCq
                                                                                                                                MD5:545F33DB0FBCCC60347C8AD380A764DC
                                                                                                                                SHA1:57EF11A6188EC2B7F0313E68E05C7EA445CB081F
                                                                                                                                SHA-256:2AD2ABD2379AC4DD0720F016A811F7591EFD5B7B5B8B125D8FF745DC3D31DBAE
                                                                                                                                SHA-512:16B5071A6465E86F31C8A1F3BB80568EA4A2FF7C41F2CA2B02457501A7B16249BCD8E52D82B3D85EDBB81AF40A30ECCC469307E4984CC766D2249666E5E53FD8
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O...............n......n......Y......Y......Y..$...n......n......n.....................................}....................Rich............PE..d......`.........." ................<.....................................................`.........................................0S.......S.......0...M.......f...................|..T....................~..(....}...............................................text............................... ..`.orpc...$........................... ..`.rdata.............................@..@.data....D...p...(...F..............@....pdata...f.......h...n..............@..@.rsrc....M...0...N..................@..@.reloc...............$..............@..B................................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaExpressions.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):221184
                                                                                                                                Entropy (8bit):5.879493433652497
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3072:mO5kH2RWCtFc6WCSTt5aSAsf7xk2qgV+YkAuB1soSlHC:mO5keWCncHTt5aSZ1kM0L7SlH
                                                                                                                                MD5:AB6B242752539387AE704E3E64CD37BD
                                                                                                                                SHA1:F434704172E54408007E66A7EC6502819EA70EAD
                                                                                                                                SHA-256:A9FEB00AC898465A328DB23F4BB1ECF2E85C23F9715E1B696061035837F073F8
                                                                                                                                SHA-512:141A1D81DB3A08BC7885B642BD904578B7D1089D94BC117D9C64F811FEB0FAE16992A56BF616D0FBD35D1B23383F87219E96CF90E88BF5B4C429FAC3031750D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G)\a.........." ..0..0... .......A... ...`....... ....................................`.................................8A..O....`............................................................................... ............... ..H............text....!... ...0.................. ..`.rsrc........`.......@..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaHDOffline.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1053184
                                                                                                                                Entropy (8bit):5.657040104901371
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:dmGXJFuRN3a8txNaZtmheEkai+Bn4aEdSEjqbUsRoo:dBspaixNutmhSv+aJSEj
                                                                                                                                MD5:7AB2F758EB7CA996E56950D75A1BD0D2
                                                                                                                                SHA1:7D7A81F34B227523681273A81A7B04293810877D
                                                                                                                                SHA-256:435BBB3243D061A6A9D6516611D6F98310320E1A84FBC65BF30A2A592C419087
                                                                                                                                SHA-512:B8508D07DCBDB469EFE99F0E7DACA8FC47083F2192168774210E3E2313B0A937D7BAC5C52B0F3F8962B3A8C0C5C5F787CA82A934F7B0EFA2E90D1C2B9305D357
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....-ab.........."!.....8...........W... ...`....... .......................`............`..................................V..K....`............................................................................... ............... ..H............text...47... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............>..............@..B.................W......H.......H....]..........D........................................................................................................................................................................................................................................................................".E.\..................................................................................................................................................................*.....................*.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaHdOfflineActiveX.ocx

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):312832
                                                                                                                                Entropy (8bit):5.132821690677885
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3072:XOT26pfKJvGQsoU8ndX2wUCodiH+oOOQ/eyGeZzaXk:60uXkXWC1yt/eyGeZv
                                                                                                                                MD5:EE18C2CE6D57D57EDFE3977D34CFCFE7
                                                                                                                                SHA1:B00C2F4FDA23C8DDA1B3CABE6F9077EBFD97B2ED
                                                                                                                                SHA-256:D67E35D814734CC971FEBBE6B86790870394AEC904AAA3B5F3B9053D5DDB070C
                                                                                                                                SHA-512:105B5A615D63115FE8F73244D38B247B837A472ED84C3D7E848DA28DE6C8959A864004D61AE1EE7E5808E9FE241D6635318A8AA6F5E3B6F38E4DE940AA3F35E3
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........J.+...+...+...S...+...y...+...@...+...@...+...^...+...^...+...^...+...+...*...^...+...^...+...^...+...^c..+...+...+...^...+..Rich.+..........................PE..d...I.ab.........." ......................................................... ............`.........................................0I.......I.......... )......l...............|...4 ..T.......................(.... ..8...............`...............H............text............................... ..`.nep....0........................... ..`.rdata...a.......b..................@..@.data....G...p...2...H..............@....pdata..l............z..............@..@.rsrc... ).......*...~..............@..@.reloc..H...........................@..B........................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaHdViewUtilities.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):13312
                                                                                                                                Entropy (8bit):5.112524342692505
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:hMU6VjGsOpM+eGA6p2z721E37EiFhI8NsRm0ebxXdmEYK:hMUuqsOut6QziCAiFhOEpdoK
                                                                                                                                MD5:6EB5907967FDB43DEA73FBD285B6940C
                                                                                                                                SHA1:EB156962701066D3231F9DDF3F23A7366D637A9C
                                                                                                                                SHA-256:A2C68D8193EF6697DD3325786784CEFCD8C409DAD393F722C3C2B78310B222DE
                                                                                                                                SHA-512:B601462FA481C1C657C4CC0FFB5B8250BC8F97503CD03088CF9D8C0BAEB7531374F2509848DC334EFA154C2598282D941145553E8E9AF1FC021321DE6D3473F2
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J)\a.........." ..0..,...........J... ...`....... ....................................`.................................`J..O....`..............................(I............................................... ............... ..H............text....*... ...,.................. ..`.rsrc........`......................@..@.reloc...............2..............@..B.................J......H........)..l............H.. ............................................0..R.......s......,G......(....o....u..........(....o....u......s.......o-.....o......o.....*...0............(......o....%o.....o....*Br...ps.........*.0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t...

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaLogger.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):192512
                                                                                                                                Entropy (8bit):5.535534550972867
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3072:L6X0ln6sun0wTXsiQcqVWWL8I+OdwW63Yfq1KthjAN:9ZYQVWW4I+Ol63Yfq1A
                                                                                                                                MD5:969E7E685724222F59F0917696B1724B
                                                                                                                                SHA1:C4225310C4500DD99C2E9F88C964ABEFCDAD4EA5
                                                                                                                                SHA-256:E7E1435874533AADF160241953427B0F5439EBE8C0D3057881D0A8C56CF2A666
                                                                                                                                SHA-512:6FAC63AC7E358BCD31843D6253362F8D51562F2837F27E3A7E0C7B46517B78B71672789D0EA55605AB35F57C55F51FA7DFA0202EA017D0FECACA3B64DB53611F
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0...... ......^.... ........... ....................... ............`.....................................O.......T............................................................................ ............... ..H............text........ ...................... ..`.rsrc...T...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaManagedFFT.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):31232
                                                                                                                                Entropy (8bit):5.447073331727446
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:UWeoDzUnbBahGyUVEv3lbv8i8CdktX7nS2SWrbN:UUsbrvVbSsX7nNV
                                                                                                                                MD5:A311488EBCFD191DD3ADF674C47DE82D
                                                                                                                                SHA1:752FB4ECE4EE0E10E4A4507538BFDA0341A07AE4
                                                                                                                                SHA-256:395FBCA54D8AFEE9B1B3DE5F0E4B236C5980AB3D90977751F259E325AA684EAC
                                                                                                                                SHA-512:C80117173760A8203C5AEF8F7A2D8855445ECAD801FEB531C659C2ED8A90944F416CFABF7673E88A9F243F2451767A2EC58B4B29B95F5F5D1663DE5EAB1D1E9F
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....{*`.........." ..0..r..........V.... ........... ....................................`.....................................O................................................................................... ............... ..H............text...\q... ...r.................. ..`.rsrc................t..............@..@.reloc...............x..............@..B................8.......H........V...9...........................................................0..D........(........(....(........}......}......}.......%...}...........}....*&.{.....i*..{....*&.{.....i*F.{....o....t....*...0..S...........(....;).......(....(..............{....9......i.{.....i/I..+,...{.....{.....i.{....X..iY.X.{.....i]....X....i2...}......}....8......+....{.....{.....X.{.....i]....X...{.....i2...{.....i}......}....+c..i.{....//...+.....{...........X......i2...}......}....+)...+...

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaPdaPluginInterface.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):16384
                                                                                                                                Entropy (8bit):1.9489411534011678
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:PE4ieOEyokSG/qi6Q1WDVVV6sy3okeNi8QRtJ:PoeOfSG/qw1WDl6sGxt
                                                                                                                                MD5:1AF8726800A9EC1AB2F0BBFD9F22A69D
                                                                                                                                SHA1:363395B0C5AF78FAEC24DA7D81BD042B354704DC
                                                                                                                                SHA-256:A0431E693105422BD942E1FA0752E1802882F982CED782CAB949D9F6E6ECACC7
                                                                                                                                SHA-512:8BDAE0FE2DD0267C241FCFC883A7D3E89593A647E2FE87AF62630CC9EAB77598280FB15E24C351995B15535AEA5F9B599F4CC4E675E3F27042C0B6E13360ADDD
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;)\a.........." ..0...... ......v.... ...@....... ....................................@.................................$...O....@..,....................`....................................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaPdaServerInterfaces.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):495616
                                                                                                                                Entropy (8bit):6.1983947016203995
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:R0250Cklz4Hta2B8NvavqzrTI40Blw6clbTjHPdjV5NXYwsumOAVAOyNbXparQL:RHScHtJB8yHBO1D75pYvVYppbL
                                                                                                                                MD5:2CE9C8DBB9327B3904A0CB51F3F2EB12
                                                                                                                                SHA1:0B24CA4556DB45C7EE06EB4F52645A915CB0D9AB
                                                                                                                                SHA-256:3494F09C87B2D84C729D68034F0C3420ABF3EFC0CB6AC33E5B1D1C69A963FF42
                                                                                                                                SHA-512:3A0A718F3BFEF002F86FFEFC9479D7AF04C2A0D88B78CB050CDAB33EDA49543F79F404CF548C19C8C7F55BDF519C989FB6EB0BE40AFFB73172BEF4ACD2C6387B
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<)\a.........." ..0..`... .......r... ........... ....................................`.................................Lr..O.......,............................................................................ ............... ..H............text...,S... ...`.................. ..`.rsrc...,............p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaRunTime64.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1488896
                                                                                                                                Entropy (8bit):6.386579696496501
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:rCInl/liS2Eic0S/ZphOjFeoWDnZYxKml9e6MgwgGpRAJO8i5R46e3AE4LRlpCse:TYS2Eic0uZp28oWDn4pLe4i4vwE43pC5
                                                                                                                                MD5:73C656C5E22626B8C1EC1FDE63CB16D7
                                                                                                                                SHA1:D95AD3CB6337618747A82726FFC56566DEA1F434
                                                                                                                                SHA-256:22BCC97D3C9774418CDA6FC40C43C2918E8588D153418D05A2D4E98F98E62383
                                                                                                                                SHA-512:647C2C3C6D2F1C0861A89F4F5AC6C2D9DF0AD9FD6616ABB933DE6868D81050FA60245205DED0113D516523ECE84B90F8D4BB78ED5C5ECF9A7D194713D545806B
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(D.Jl%m.l%m.l%m.....m%m.K...d%m.K....%m.....g%m.l%l..%m.K....%m.K...m%m.K...m%m.K...m%m.Richl%m.........PE..d......[.........." .........................................................0......................................................P...........x.... ..v...P....M...............-...................................................... ............................text............................... ..`.rdata..............................@..@.data............X..................@....pdata..8I...P...J..................@..@.hvm.................F..............@....hvm0....:.......<...H..............`..`.reloc...-..........................@..@.rsrc...v.... ......................@..@........................................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaShared.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):568832
                                                                                                                                Entropy (8bit):5.924238171742334
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:4Egkwvdtw/A8LeWfks/PA4x6DTMzUdqZYGaiXPtSYgWvDxL0M6dlxec0Ab36v4c1:4Lc/7p/4gOqtaiVQKRJZFL
                                                                                                                                MD5:92AFAE661B4D33E86198219B9B041F3A
                                                                                                                                SHA1:21C5EA293C7B54481805E8181AEA6A187B2D0736
                                                                                                                                SHA-256:B1FE30EDEA7ADEDD08FC8C6773DC5AF7AE4ED5164FEF5F21A8BD537EE0CA690A
                                                                                                                                SHA-512:FC4BC0AAD1D7C42BE7C0B794FB0752E25BBD395B6BE495CC441D1DB7BF6BA9A9774736B4D2828B5733EBA7298F8B909B0B73253FB01C1ACC48E551E28F8F12FD
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N\a.........." ..0.............&.... ........... ....................... ............`....................................O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........\...............>...}...........................................0............o....,..*.~.....o......o .....iXs!....~".........+K...........(#...-...r...p($.........($........o....,....+...o%...&......X......i2...o&...o'...*.0............o....,..*.,...(....*.~.....o......o .....iXs!....~".........8...............(#...-...r...p($.........($........o....,....+~.(#...-...o%...&...o....,....+_......o ....Y..+2.....o(........o....,....o%...&....o).....+....Y.....0...o ....

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaSharedGui.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):939008
                                                                                                                                Entropy (8bit):5.892331880687775
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:T1fqsmubFXDqSmYbDXG+drwGIjXe5I0mTABMWZYZuPPTqzm2q1:xZkV0mkMWZYZuPPuzm2q
                                                                                                                                MD5:3DB111626FABF8A7C1DFE98E4367E363
                                                                                                                                SHA1:6D036704C441705D14628B7760552E0E19743B5A
                                                                                                                                SHA-256:2234CA6F4391879EEF084DE43FB57BB46AAE37695E16B34F7EF9CC023D82BE3A
                                                                                                                                SHA-512:387C4DF9C963939801D5A54FDDEDD8B803B21B1746B1D063173B4FE9E6ECB658F0C09E7197924BAEBD146B3685F7944439A543CDEA88A6E323A81029271E391F
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..L...........i... ........... ....................................`.................................oi..O....................................h..8............................................ ............... ..H............text....J... ...L.................. ..`.rsrc................N..............@..@.reloc...............R..............@..B.................i......H........S..\4............................................................(2...*J.r...pr...p(!...&*..0..#...........(....&..o.....ta...o....&..&..*..................0...............3. ..........3. ...................(....*...0..3.....................(3...(4...}C.....(....&.{D.........*". ...._*....c*J.(.....(....s5...*". ...._*....c*...b*...d*....b*....d*&. ...._h*".......*.....*" ....._*..(2...*f.~6...}.....(2.....}....*...0............o.......(.....*.....................{.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaThreadSafeNativeFFT.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):136704
                                                                                                                                Entropy (8bit):6.32034053650098
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3072:xr/3tI3wl+sALHCmR/hn3jzRRlnuPl512Xs:JFll+JrR/h3jzRRluj1
                                                                                                                                MD5:3D9604F7205734BE4972FD1CB597DF08
                                                                                                                                SHA1:1B681527C19C425DF7787E688D850504473982F3
                                                                                                                                SHA-256:DF2476A22D8E8CDCBA51DE7897D3CD2DE3E2F9336402410B5F738F0AC95BDEA1
                                                                                                                                SHA-512:33482ED9EC8C35353EA397981533DB4D47738BBBBF40717137111021E0C82D26D6E671D48D78E20CE4F8D168FC87C1BCF729B05550B687E1E90DE85A4D897E16
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T@..:...:...:......:...;...:.......:...?...:...>...:...9...:...;...:...;...:...;...:...?...:.......:.......:...8...:.Rich..:.........................PE..d....l*_.........." .....d..........Gg.......................................`............`.................................................T........@..p....................P..h.......T........................... ...................(...............H............text....X.......Z.................. ..`.nep.........p.......^.............. ..`.rdata...d.......f...h..............@..@.data...............................@....pdata..............................@..@_RDATA...-..........................@..@.rsrc...p....@......................@..@.reloc..h....P......................@..B........................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaUser.Forms.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):192512
                                                                                                                                Entropy (8bit):5.779857151933466
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:cRTY61jj8lFP9Ik3pV3N7wvZ5UZD4B2YOXh41GJMRU2YIK6JgQmn0NvqHud4sFBv:Ejj8HG4LWCZD4DOXhUvJYIK0x42b
                                                                                                                                MD5:E7156F4CA7E29371F8A9291B6220ADED
                                                                                                                                SHA1:379942FD61BECE7ADF57E7D792FAADD9BBEB92F1
                                                                                                                                SHA-256:AACE65447C8D9C68207E26D25FC7F419E37A4E92F062E0592774C6170EEEA8F5
                                                                                                                                SHA-512:0CE58DFC3053656D3D39A069AAC6E7BAD6C9C86AFF43D45A912E2C6797ED0FAF64F23CFDBA8FA00DA5FA92E65E60A07F069FB3473CEA91CBCDB0F67AD105897E
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H............." ..0.................. ... ....... .......................`............`.................................}...O.... .......................@..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........................X...............................................0..Y........(......}......}......}......o.......}.......}.......}..........(.......}..........($...*..{....*....0..N........(...... ....0...d.(. ......+*. ,...... ......+.(o...*(p...*(r...*(q...*r...p*..{....*..{....*..{....*..{....*..{....*"..}....*6..o....o....*v..(n...(....-..+..(....o....*>.-.(m...*(n...*R.o....,.(m...*(n...*..{....*"..}....*>...(...._o....*R..J.(....f_.o....`T*..{....*"..}....*6..(.

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaUser.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):14848
                                                                                                                                Entropy (8bit):5.223745338549667
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:Tiis9uW8bXmDVl98+aKAVcbrofrT9o1UR:2N8b2DV87G3+N
                                                                                                                                MD5:4629FE2BE826F8BFDD936361D88CEA88
                                                                                                                                SHA1:0E25BDB2D0452E22065351DDEAC6B6F1B2F657D0
                                                                                                                                SHA-256:BFEAE3E4EF7CAB6C4C9A416E00EE6FE700F5BF292BFCB71AAAB9B3026194C4D2
                                                                                                                                SHA-512:6C38A0D56EC0771DDDEFA99AA2758C7C44A6FDC63FD261E4C2158AEB3D1F466703E7FF1E8F2429EC71318AEBCF717CB0FC016EFBB89F2BC17EE0630D26E07D7A
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...o............." ..0..2...........Q... ...`....... ....................................`..................................P..O....`...............................P..T............................................ ............... ..H............text...41... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................Q......H........,..H!..........TM..............................................f.(......}.....s....}....*...0...........(......o.....o....r...po....o....u'......(......(4....(....Q...D.,..o........{....o....,..(3...Q+..(2....{....o......o....(....Q.....*.........:A..........KK.:.....0..L........(......s......s......r%..p..(....(....o......(........,..o......,..o......*........(6..........9@.......0..............(.......(....*...0................(.......s......s......r...po ...,..r..

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaViewInterfaces.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):44032
                                                                                                                                Entropy (8bit):5.623918763496899
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:CHkp+aUImUc7k01cw79Zi+eVWw1Kf0W9lrD1x4:Ykp+aSL+u9ZiNWMKfxX1x4
                                                                                                                                MD5:03A1D6B31124FFA78AF404F1DFFD9BCC
                                                                                                                                SHA1:A007C2CB3D6EAEC8EF9738C9DC104B748A9E6F42
                                                                                                                                SHA-256:D6EECC6BFBCB9D6761180185F24EF8CD71D754EA8F1523A3781E4853C2BB79BD
                                                                                                                                SHA-512:65F86D5FB80E45BA94F03632A5D298AFC3510018EB5EF69031947DC465E1BCD6A630BE29BB77521A3117F44D34C4332D7AEC8778966505314834836E96189AD6
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;)\a.........." ..0.................. ........... ....................... ............@.................................|...O.......0...........................D................................................ ............... ..H............text....... ...................... ..`.rsrc...0...........................@..@.reloc..............................@..B........................H........*..............................................................>..}......}....*^..}........(....X}....*N.{.....{....Y(....*J.{.....{.........*~.{.....{....3..{.....{......*.*..{.....{....3..{.....{.........*.*...0..................q.....(....*v.{.... @B..j[.{.....{....YXi*...{.....{....(....}......{.....{....(....}....*...0..e..........{....(.......{....(....r...p..r...p(......r...p(....(......$&r...p.{.....M....{.....M...(........*...........??.$....6.......o....*..

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\ibaViewUtilities.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):423424
                                                                                                                                Entropy (8bit):6.119668757985366
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:Qk+WOQ3WpCUD03DIcViVsnajsvZ2i02MsJ2LLThsQXMNfwH6P0:QkykUDszViWnawhQXMNfd
                                                                                                                                MD5:D52F6A7EB456EB6C955FB3EF2270795C
                                                                                                                                SHA1:F99C40293432566010E67EE62BB43CA54B49DF5E
                                                                                                                                SHA-256:7AF5D17BEAB6BBE635ECA98B2CACE90BF295B38A0C25027A4D448A9259CAC3FD
                                                                                                                                SHA-512:92A7EA730751EC5879BCC951DF0D23723253AD5639CAEF83C26B21D15A66F3B51EC7DBBCADF1E30ADABDA46384449F39E4B29E113B86CD301BD650C4CB46A540
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B)\a.........." ..0..l.............. ........... ....................................@.................................x...O....... ...........................@................................................ ............... ..H............text...0j... ...l.................. ..`.rsrc... ............n..............@..@.reloc...............t..............@..B........................H........:..L...............p.............................................sl...}.....s-...}.....(......}....*....0.............(......{......o/....om...*....0..........s.......oK....{....o0...o1....+M..(2.....{.....o3.....o.....o4...,*.o.....o5.......o6....on...(7...,....op.....(8...-...........o9....*.........Zx.......0.._.......s:.....{....o0...o1....+ ..(2.......{.....o3...oo...o;.....(8...-...........o9......s....oK...*.........-D.......0..|........{.....{.....oj.....om..

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\libiomp5md.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1177288
                                                                                                                                Entropy (8bit):6.420824331145782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:NzXTfLhPVxmFiyeBHc+h/xHZJDkyEHzZF9t7gRfChPr9ZfW:NzXvhT8+NtZJDkyETZF37gRerzW
                                                                                                                                MD5:B9ECA4A35B09CCF41870A20EF791952A
                                                                                                                                SHA1:5C441C11682018ABC98000820D68F9566F84B193
                                                                                                                                SHA-256:5F14C93BFFC32B50EE291402F56453F22469E798FA086D472A2D3D87B93B9D36
                                                                                                                                SHA-512:A0B16E821C4E068B7B774FFBC70A7EA5B7609FB743E6E193631B460DA45A65EACA48D34CD95C1B74BF5DA7137A26B12A52279F935A8BF920132A24E7A9948DD0
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.X...X...X...Q...[...X..."...F..Z......Y...7...z...7......C...Y...X...g...7.T...7.Y...7.Y...7.Y...RichX...........................PE..d...>/gV.........." .....<...\...........................................................@.............................................U{......(........................"......,!...T...............................................P...............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data....j...p.......X..............@....pdata..............................@..@.data1..............................@..._RDATA..............................@..@.rsrc...............................@..@.reloc..R-..........................@..B................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\mkl64_parallel.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):37510144
                                                                                                                                Entropy (8bit):6.686180554028836
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:196608:slvlOzfHW36EHyFEsaoCQnwePnbrU/FMKMe6ZH7DnrZxmK63dI9S2bOkSve3ebPi:4uKl6ZXnrZtOkS05n
                                                                                                                                MD5:6B81FDC3D10F3C4DD9673B266A7BDD41
                                                                                                                                SHA1:23A9E98E2D39F1A6A759DC38397DD92E58EDF364
                                                                                                                                SHA-256:D69F563AFAC5966ADDC734CF8F592A7181082AC48D78378403834EC7C6621660
                                                                                                                                SHA-512:95AC71CB251D7813C8CE5C0955BDC048320EF314F7521E71744F215B3AA1DEB563512254076277DB1A9AE1AA31D0EAC62AFC9C2DFAD9D0A78C0B2FD2F0C94502
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..t>.'>.'>.'[..&2.'[..&-.'[..&..'[..&=.'l..&#.'l..&..'l..&6.'>.'..'Q.$'<.'...'..'>.'}.'...&?.'..G'?.'...&?.'Rich>.'........PE..d....g._.........." .....:....!...............................................@.....hF=...`..........................................a4.....Lc4.<....P@......p:.D............`@..W.. .*.............................@.*..............P...............................text....9.......:.................. ..`.rdata.......P... ...>..............@..@.data...p....p4......^4.............@....pdata..D....p:...... 6.............@..@.rsrc........P@.......;.............@..@.reloc...W...`@..X....<.............@..B................................................................................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\msvcp100.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):608080
                                                                                                                                Entropy (8bit):6.297676823354886
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:koBFUsQ1H5FH3YUTd/df0RA7XkNvEKZm+aWodEEiblHN/:dFUsQ1H5FHdGKkNvEKZm+aWodEEcHN/
                                                                                                                                MD5:D029339C0F59CF662094EDDF8C42B2B5
                                                                                                                                SHA1:A0B6DE44255CE7BFADE9A5B559DD04F2972BFDC8
                                                                                                                                SHA-256:934D882EFD3C0F3F1EFBC238EF87708F3879F5BB456D30AF62F3368D58B6AA4C
                                                                                                                                SHA-512:021D9AF52E68CB7A3B0042D9ED6C9418552EE16DF966F9CCEDD458567C47D70471CB8851A69D3982D64571369664FAEEAE3BE90E2E88A909005B9CDB73679C82
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$..-`..~`..~`..~i.4~b..~{.;~c..~`..~...~..?~a..~{.9~a..~{..~P..~{..~Y..~{..~e..~{.<~a..~{.=~a..~{.:~a..~Rich`..~........................PE..d.....M.........." .........f.......q........cy..........................................@.............................................m......<....P...........=...0..P....`.......................................................................................text............................... ..`.rdata..-...........................@..@.data...0L.......8..................@....pdata...=.......>..................@..@.rsrc........P......................@..@.reloc..R....`......................@..B........................................................................................................................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\msvcr100.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):829264
                                                                                                                                Entropy (8bit):6.553848816796836
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:QgzGPEett9Mw9HfBCddjMb2NQVmTW75JfmyyKWeHQGoko+1:HzJetPMw9HfBCrMb2Kc6dmyyKWewGzB1
                                                                                                                                MD5:366FD6F3A451351B5DF2D7C4ECF4C73A
                                                                                                                                SHA1:50DB750522B9630757F91B53DF377FD4ED4E2D66
                                                                                                                                SHA-256:AE3CB6C6AFBA9A4AA5C85F66023C35338CA579B30326DD02918F9D55259503D5
                                                                                                                                SHA-512:2DE764772B68A85204B7435C87E9409D753C2196CF5B2F46E7796C99A33943E167F62A92E8753EAA184CD81FB14361E83228EB1B474E0C3349ED387EC93E6130
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........pm...>...>...>..>...>...>F..>...>...>...>..>...>..>...>D..>...>...>...>...>...>...>Rich...>........................PE..d......M.........." ..........................sy............................. ......A.....@.........................................pt.......`..(...............pb......P............................................................................................text...F........................... ..`.rdata..............................@..@.data...L}... ...R..................@....pdata..pb.......d...Z..............@..@_CONST..............................@...text.....2... ...4..................@.. data.........`......................@..@.rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\reg_dataextractor.bat

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):74
                                                                                                                                Entropy (8bit):4.529549786187404
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:vBimAFFFFFxwLuI/E3yeKrn:vBqNULV/xVrn
                                                                                                                                MD5:5A2771E49D1C1E14736910C94FDB1966
                                                                                                                                SHA1:A9F8511CD4CBC3150280776487FF49D26E1CC178
                                                                                                                                SHA-256:31500328F2377CABCA90B8C1A3CD8C6C1E41211FEB839C95011547595B729314
                                                                                                                                SHA-512:7E9C563D7A0E49C22E20E61D3E1B9521E1239B36B3F69E8977400727D0498EED82EFAE2F4EF2B6B74E6184414E6F7E80111DE2E66D996D84E514B4302D34322C
                                                                                                                                Malicious:false
                                                                                                                                Preview:pushd "%CD%" ..CD /D "%~dp0"....regsvr32 ibadataextractor.dll....popd

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\reg_dataextractorMC.bat

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):76
                                                                                                                                Entropy (8bit):4.5759834031694036
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:vBimAFFFFFxwLuI/E3YQJJovGKrn:vBqNULV/4Jydrn
                                                                                                                                MD5:E98207961C995F066CF7C62E92506883
                                                                                                                                SHA1:DCBC155B28E87511DA042CB7005E2DC154E2DC69
                                                                                                                                SHA-256:6EF4A0171DFC3C9CA6BE3E92FCF21BD36EE01E4BE9C216A890FC4CA5F67FB230
                                                                                                                                SHA-512:BAE292E69418CAFCF5D1A98852ED4AD8A59B2E35EE4F4FF65B9F904A2DF1398C39E279F389B4FCFBF97E76E1EEA3C0C95CE2B7DD0DA4EF6B8EA4718FAA96E277
                                                                                                                                Malicious:false
                                                                                                                                Preview:pushd "%CD%" ..CD /D "%~dp0"....regsvr32 ibadataextractorMC.dll....popd

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\support.htm

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:HTML document, UTF-8 Unicode text, with very long lines
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):45027
                                                                                                                                Entropy (8bit):5.351882502356651
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:+BF/pCHHS6zKe2TZK+9V7mUPyS/pQTNm0cHW0G2jYVRG/CmHHA/eAct2MisMd9ln:+BFoL7KVpimwTmHHt4VRYkQxMK0jvDvf
                                                                                                                                MD5:12441363165020A84B4624746A56F1A5
                                                                                                                                SHA1:3C7CFE8637575B4EF07465014C966EA3AEE2F9C2
                                                                                                                                SHA-256:4D43B6E1C6F08352BAD65724F4D0FE891CDD03FD187E32CFFD89C30E31CD69EA
                                                                                                                                SHA-512:CCFB61A5D326C4D989F820AABDB87E4B18B6C07BC6EB2DFC3629686871C78FD0676B4283B0C89CB064708B6E3B55C05F2D498ADA21136900D5C39E33C0868278
                                                                                                                                Malicious:false
                                                                                                                                Preview:<!DOCTYPE html>.<html lang="en">. <head>...<title>iba Support</title>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">. <style>. body {. margin-top: 20px;. }.. * {. font-family: "Arial", sans-serif;. }.. .col-lg-7,. .col-lg-5 {. padding-left: 20px;. }.. h1 {. color: #037748;. font-size: 26px;. padding-left: 25px;. }.. h3 {. color: #aaa;. font-size: 22px;. padding-left: 25px;. }.. h5 {. color: #037748;. font-size: 14px;. padding-left: 20px;. }.. .container {. width: 320px;. display: inline-flex;. border-top: 2px solid #f4f4f4;. margin: 5px;. }..

                                                                                                                                C:\Program Files\iba\ibaAnalyzer\versions.htm

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):311791
                                                                                                                                Entropy (8bit):4.535690207805419
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:Nvr4RMUkOH98c1QGCfcL6rvbXtluI4B/WnFAXUbhNdUwc2sX7t6OSoT:l0tkiecmjtluNB/WnFAXUbhNdUwc2sXP
                                                                                                                                MD5:C9AA499AB7EB9800B956EFD5B2D59D65
                                                                                                                                SHA1:BAEB133A67AE7A406EADB87D3745DA64C176F78B
                                                                                                                                SHA-256:D929BD0CF7E91AAB6FEDBD7057D33813D323FF315B19C2037D920B9DD981246A
                                                                                                                                SHA-512:EE9E280CB5F78DE32A8F5E2F74A32C9EB68339F283BFF76669A55BE3788C319117B1D5FF71454F65A856D15C708804B68C46F5A2FFEE22A72800D64181F69918
                                                                                                                                Malicious:false
                                                                                                                                Preview:.<HTML> ..<HEAD> ..<style type="text/css"> .. body...{background-color: white; font-family: Tahoma, Helvetica, Arial; font-size: 13px}.. .title..{color: navy; font-size: 26px; font-weight: bold}.. .header1..{color: white; background-color: #315BA9; font-size: 16px; font-weight: bold; margin: 0px; padding: 2px}.. .header2..{color: black; font-size: 14px; font-weight: bold}.. .warning {color: red; font-size: 14px; font-weight: bold}.. .btn_selected.{cursor: pointer; cursor: hand; color: white; background-color: #00AA00; font-size: 20px; font-weight: bold; padding: 4px}.. .btn_normal.{cursor: pointer; cursor: hand; color: white; background-color: #006600; font-size: 20p

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\regsvr32.exe.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\regsvr32.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1281
                                                                                                                                Entropy (8bit):5.367899416177239
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:ML9E4KrL1qE4GiD0E4KeGiKDE4KGKN08AKhPKIE4TKD1KoZAE4KKPz:MxHKn1qHGiD0HKeGiYHKGD8AoPtHTG1Q
                                                                                                                                MD5:7115A3215A4C22EF20AB9AF4160EE8F5
                                                                                                                                SHA1:A4CAB34355971C1FBAABECEFA91458C4936F2C24
                                                                                                                                SHA-256:A4A689E8149166591F94A8C84E99BE744992B9E80BDB7A0713453EB6C59BBBB2
                                                                                                                                SHA-512:2CEF2BCD284265B147ABF300A4D26AD1AAC743EFE0B47A394FB614B6843A60B9F918E56261A56334078D0D9681132F3403FB734EE66E1915CF76F29411D5CE20
                                                                                                                                Malicious:false
                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\49e5c0579db170be9741dccc34c1998e\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\6d7d43e19d7fc0006285b85b7e2c8702\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                                                                C:\Users\user\AppData\Local\Temp\nss310.tmp\InstallOptions.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):14848
                                                                                                                                Entropy (8bit):5.550299117674118
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
                                                                                                                                MD5:325B008AEC81E5AAA57096F05D4212B5
                                                                                                                                SHA1:27A2D89747A20305B6518438EFF5B9F57F7DF5C3
                                                                                                                                SHA-256:C9CD5C9609E70005926AE5171726A4142FFBCCCC771D307EFCD195DAFC1E6B4B
                                                                                                                                SHA-512:18362B3AEE529A27E85CC087627ECF6E2D21196D725F499C4A185CB3A380999F43FF1833A8EBEC3F5BA1D3A113EF83185770E663854121F2D8B885790115AFDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.p..q.,.q.,.q.,.q.,@q.,.~C,.q.,\R.,.q.,\R/,.q.,.w.,.q.,.Q.,.q.,Rich.q.,........................PE..L......K...........!.........<.......).......0.......................................................................8..p...81.......p..........................@....................................................0..8............................text...@........................... ..`.rdata.......0....... ..............@..@.data... (...@.......*..............@....rsrc........p.......2..............@..@.reloc...............4..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\nss310.tmp\SimpleSC.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):62976
                                                                                                                                Entropy (8bit):6.324320451317714
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:i/qXv1si+Xsp9MNptZ8KMT6+nMA4fx+kmA:Bv1EXZnLMT5M3x+km
                                                                                                                                MD5:D63975CE28F801F236C4ACA5AF726961
                                                                                                                                SHA1:3D93AD9816D3B3DBA1E63DFCBFA3BD05F787A8C9
                                                                                                                                SHA-256:E0C580BBE48A483075C21277C6E0F23F3CBD6CE3EB2CCD3BF48CF68F05628F43
                                                                                                                                SHA-512:8357E1955560BF0C42A8F4091550C87C19B4939BF1E6A53A54173D1C163B133B9C517014AF6F7614EDDC0C9BBF93B3B987C4977B024B10B05B3DC4EB20141810
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................4......`.............@..........................0..................................................R.... ..............................................................................................................CODE....x........................... ..`DATA....@...........................@...BSS.....y................................idata..R...........................@....edata..............................@..P.reloc..............................@..P.rsrc........ ......................@..P.............0......................@..P................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\nss310.tmp\System.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):11264
                                                                                                                                Entropy (8bit):5.568877095847681
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
                                                                                                                                MD5:C17103AE9072A06DA581DEC998343FC1
                                                                                                                                SHA1:B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
                                                                                                                                SHA-256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
                                                                                                                                SHA-512:D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\nss310.tmp\UserInfo.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4096
                                                                                                                                Entropy (8bit):3.331979080664426
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:iViF7LLM4wXqQH1wRrOpArXMVyjlZSXRN:ky7EcQHu4tVy4R
                                                                                                                                MD5:7579ADE7AE1747A31960A228CE02E666
                                                                                                                                SHA1:8EC8571A296737E819DCF86353A43FCF8EC63351
                                                                                                                                SHA-256:564C80DEC62D76C53497C40094DB360FF8A36E0DC1BDA8383D0F9583138997F5
                                                                                                                                SHA-512:A88BC56E938374C333B0E33CB72951635B5D5A98B9CB2D6785073CBCAD23BF4C0F9F69D3B7E87B46C76EB03CED9BB786844CE87656A9E3DF4CA24ACF43D7A05B
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................4..............Rich..................PE..L......K...........!......................... ...............................P...................................... "......L ..<............................@..d.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data...X....0......................@....reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\nss310.tmp\databaseoptions.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):493
                                                                                                                                Entropy (8bit):5.105955790691739
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:ZYrltNY1Q9uQ3QD2SUsUoUXQ3QB2VSfLNMv:ZYi1+uyUZUs2Xy4W6LNu
                                                                                                                                MD5:47B11716B703AA82956A84F494F16222
                                                                                                                                SHA1:D54F91B482F544420F058FEE4B158A910B547FD0
                                                                                                                                SHA-256:44B107479B06FB6AB4706B64E9E28BE915AFFF5F7D017CB181228665C04EB9C5
                                                                                                                                SHA-512:0C3A1308FCCB214F3750BDEB4547F5F5423719D97DDD8ECB32E27F1363DA32C3020AFC6FE5C48AE3207AB69BCF81A082A9908D36FDE7C58717FE8A4F5128F31A
                                                                                                                                Malicious:false
                                                                                                                                Preview:; Ini file generated by the HM NIS Edit IO designer...[Settings]..NumFields=3..RTL=0..State=0....[Field 1]..Type=RadioButton..Text=no database support..Left=16..Right=288..Top=20..Bottom=31..State=1..HWND=459330....[Field 2]..Type=RadioButton..Text=install the Extractor database library..Left=16..Right=289..Top=40..Bottom=51..State=0..HWND=1114204....[Field 3]..Type=RadioButton..Text=install the MC Extractor database library..Left=16..Right=289..Top=60..Bottom=71....State=0..HWND=524858..

                                                                                                                                C:\Users\user\AppData\Local\Temp\nss310.tmp\ioSpecial.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):786
                                                                                                                                Entropy (8bit):5.318020615769567
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:lOO8VTXAgQRvA4ZEh6H4gNo4f1hb+s+7mjp4gNRhIoiX4GXWkNzD6lrVf6QD/:kTsRvA42hw1O42s+g1ViXxmkNHQVCQD/
                                                                                                                                MD5:968BDD1066CDB9F12E83DC962ED1F931
                                                                                                                                SHA1:46CA6CB78EBFEF29AA678206A3C8A18E41871A2A
                                                                                                                                SHA-256:67FCE4D3967DF10862E881BC2889EBAFFEDD9526BA10741E7F856D8B66AB244A
                                                                                                                                SHA-512:074AE6B7ACF472E9144169EA36B8E33F6C26CBBAC23828CCA347B1CF7058EBAC8AF3A706BED8698E460EED403A1F5C06D8961E2FEF2CFABA12B300CBF0A1FB61
                                                                                                                                Malicious:false
                                                                                                                                Preview:[Settings]..Rect=1044..NumFields=3..BackEnabled=0..RTL=0..NextButtonText=..CancelEnabled=..State=0....[Field 1]..Type=bitmap..Left=0..Right=109..Top=0..Bottom=193..Flags=RESIZETOFIT..Text=C:\Users\user\AppData\Local\Temp\nss310.tmp\modern-wizard.bmp..HWND=132022....[Field 2]..Type=label..Left=120..Right=315..Top=9..Bottom=48..Text=Welcome to the ibaAnalyzer v7.3.6 (x64) Setup Wizard..HWND=132026....[Field 3]..Type=label..Left=120..Right=315..Top=55..Bottom=185....Text=This wizard will guide you through the installation of ibaAnalyzer v7.3.6 (x64).\r\n\r\nIt is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer.\r\n\r\nClick Next to continue...HWND=132028..

                                                                                                                                C:\Users\user\AppData\Local\Temp\nss310.tmp\licenseserveroptions.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):729
                                                                                                                                Entropy (8bit):5.022967999468027
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:lNNwpZEGXvz6g8CFJKdX+PjDKyHQc506pdNgF46k+uvcTKSv35hwEwqm:pwV/z18eKE7WyHJ97gFfFTvoEwqm
                                                                                                                                MD5:9381BA9CDE37F9F745AB52B7C79BBF8B
                                                                                                                                SHA1:3B7EA51AA38151EB9FED44CC824245A84FFA0796
                                                                                                                                SHA-256:E93C088744103641C50799E22B3974928C01BD40908269EC4437FBCBBE5975F7
                                                                                                                                SHA-512:C185CE2C6D9210AAB0FA4794B1E54DCAE497B8F5731984ABBEBEFB16060D59B7D9205D6A3A5587F38945B7F38CC6D79935C8ABCE848DB0D8CEA67DE360A6CC23
                                                                                                                                Malicious:false
                                                                                                                                Preview:[Settings]..NumFields=2..RTL=0..State=0....[Field 1]..Type=Label..Text=This version of ibaAnalyzer is NOT compatible with the old license service (ibaLicenseService). If you use licensed components of ibaAnalyzer handled by a license service, please contact your local iba support to update your license service to ibaLicenseService-V2.\....You can safely ignore this message if you do not require any licensed components of ibaAnalyzer or if the licensing for ibaAnalyzer is handled by a locally attached dongle...Left=16..Right=288..Top=20..Bottom=90..HWND=524836....[Field 2]..Type=Checkbox..Text=Do not show this page again in future ibaAnalyzer installations...Left=16..Right=288..Top=91..Bottom=102..State=0..HWND=1769576..

                                                                                                                                C:\Users\user\AppData\Local\Temp\nss310.tmp\modern-header.bmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PC bitmap, Windows 3.x format, 150 x 57 x 24
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):25820
                                                                                                                                Entropy (8bit):2.0503212840436267
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:aXVERfRyriqayRIUHN7q4ldlVl3CZ38J1MLJF7IWoNe1T:aMYr0XEq4DvBqEOJFlT
                                                                                                                                MD5:BACF7C26EF8F85D3AB86670B59605F5B
                                                                                                                                SHA1:E461A2CC770155F24532F41E275E97ED7DACB47F
                                                                                                                                SHA-256:BAB75066C6CCEF8FE6070E8C0A354E24439AB6D988EF49C4CF2B5924EF7F83FF
                                                                                                                                SHA-512:5061A5D91902109AC3E91E1828A279E79E96DDF4B1D972D64E7A1D631058222628FE6F2FE1DF19D5180FB35624B96443E253132773DB669D31DB5C4FE33AEF57
                                                                                                                                Malicious:false
                                                                                                                                Preview:BM.d......6...(.......9............d.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................?...................................................................................................................................................................................................................................................................................................................................................................................................................................................................?..........................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\nss310.tmp\modern-wizard.bmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):154542
                                                                                                                                Entropy (8bit):3.3322603686910237
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:2DpLES1HgquaaW3ClVJkgNKTf5/PR50Ogm2:2FLES1ubWSl7IfpH0V
                                                                                                                                MD5:DE4F933E003528B0376766A4666EDFC5
                                                                                                                                SHA1:5BCD485EA0279CD577EACA55B8A8510C83146634
                                                                                                                                SHA-256:07B81FDA0231FA03BD265F3A2665E12C99CF7679D054BBAB92EE34DFE66CA6AE
                                                                                                                                SHA-512:F3E44BCDA1F458735EE58DF0A89F04641A40DD685BF3263963E87D54921344B6A46ED1550A157F8198C0F303682097589C245843830554BB9945D0D8FECF7A45
                                                                                                                                Malicious:false
                                                                                                                                Preview:BM.[......6...(.......:.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\nss310.tmp\nsSCMEx.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):330240
                                                                                                                                Entropy (8bit):6.783443040903562
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:UOAFF2QXiZEoeRiwgMbvSwyZyyB5ErpvuTLkRiAj0Grm5+Gl:UOAFXXsoiwgMbvSwyZL5wuXkRBjHVGl
                                                                                                                                MD5:F4D7CAB85C4452407C5861E5E864DAC6
                                                                                                                                SHA1:896CF8D8B18AF75C3AE51E24A24DD6214C8DBBA9
                                                                                                                                SHA-256:7C35F19E09F182CEDC27AA5E73E3D1FA1AB9642471DCB1A817EF64D844AA3005
                                                                                                                                SHA-512:3CBE203B4FF4D9CB30D9561019F8DCBC7C7023138795B553BE459931912E06C875434B356F5589703E1CEC8C7AF3DAE014F65D833FFE163DB7EDEDB961FBFC5F
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......oKf.+*..+*..+*..NL..:*..NL...*.....-*..yB...*..yB..;*..yB..2*..NL..=*....e.**...t..**...t../*..NL..<*..+*...+...C..**...C..'*...C..**...C..**..+*..**...C..**..Rich+*..........PE..L...v.ga...........!................`................................................................................................@.......................P...7......T...............................@...............$............................text...*........................... ..`.rdata..............................@..@.data............ ..................@....rsrc........@......................@..@.reloc...7...P...8..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                Static File Info

                                                                                                                                General

                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                Entropy (8bit):7.999990419784602
                                                                                                                                TrID:
                                                                                                                                • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                                                • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                File name:ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                File size:69983376
                                                                                                                                MD5:c1ae350f67039cbe69f10df9b8001371
                                                                                                                                SHA1:6362ba848a6027939c642d4b405994ca5a96272c
                                                                                                                                SHA256:fbf6ebb863e6ee15a9fbe144116fc568d929cdb560ad1380a45c71f761946cd1
                                                                                                                                SHA512:032cde395658b300fc1d6e79a04c6da04169d35cfbd277ec6cb5044f391ae8ed88d31ec653be87cbfc8823e2a21918d2d269217c8e4f04e30138907243d7b635
                                                                                                                                SSDEEP:1572864:tzpBbJ2s2nciVKOUmUQyja9kAdvnyRe/WhIS:L2RciCmUjaiAdvEhhIS
                                                                                                                                TLSH:4FE733D85E1E8039E2684475D46AB8F11F3458F6A438C0932607BFFFD78F3E66026699
                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\.........

                                                                                                                                File Icon

                                                                                                                                Icon Hash:822648dad6d26992

                                                                                                                                Static PE Info

                                                                                                                                General

                                                                                                                                Entrypoint:0x40323c
                                                                                                                                Entrypoint Section:.text
                                                                                                                                Digitally signed:true
                                                                                                                                Imagebase:0x400000
                                                                                                                                Subsystem:windows gui
                                                                                                                                Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                Time Stamp:0x4B1AE3C6 [Sat Dec 5 22:50:46 2009 UTC]
                                                                                                                                TLS Callbacks:
                                                                                                                                CLR (.Net) Version:
                                                                                                                                OS Version Major:4
                                                                                                                                OS Version Minor:0
                                                                                                                                File Version Major:4
                                                                                                                                File Version Minor:0
                                                                                                                                Subsystem Version Major:4
                                                                                                                                Subsystem Version Minor:0
                                                                                                                                Import Hash:099c0646ea7282d232219f8807883be0

                                                                                                                                Authenticode Signature

                                                                                                                                Signature Valid:true
                                                                                                                                Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                Signature Validation Error:The operation completed successfully
                                                                                                                                Error Number:0
                                                                                                                                Not Before, Not After
                                                                                                                                • 11/24/2021 4:00:00 PM 11/26/2024 3:59:59 PM
                                                                                                                                Subject Chain
                                                                                                                                • CN=iba AG, OU=iba AG, O=iba AG, L=F&#195;&#188;rth, C=DE
                                                                                                                                Version:3
                                                                                                                                Thumbprint MD5:CB5010FA85020150A3B61712597B8B2E
                                                                                                                                Thumbprint SHA-1:ED30F5B2E756DD3CAFB89E5055E5823BD9D82FE3
                                                                                                                                Thumbprint SHA-256:062CF22CB3B0087BBB7D6F3193B43CDA8A2C76E205310D729B82D8557C675D8D
                                                                                                                                Serial:0DB533CEF828D7CC61E6D2ABB9AFECE1

                                                                                                                                Entrypoint Preview

                                                                                                                                Instruction
                                                                                                                                sub esp, 00000180h
                                                                                                                                push ebx
                                                                                                                                push ebp
                                                                                                                                push esi
                                                                                                                                xor ebx, ebx
                                                                                                                                push edi
                                                                                                                                mov dword ptr [esp+18h], ebx
                                                                                                                                mov dword ptr [esp+10h], 00409130h
                                                                                                                                xor esi, esi
                                                                                                                                mov byte ptr [esp+14h], 00000020h
                                                                                                                                call dword ptr [00407030h]
                                                                                                                                push 00008001h
                                                                                                                                call dword ptr [004070B4h]
                                                                                                                                push ebx
                                                                                                                                call dword ptr [0040727Ch]
                                                                                                                                push 00000008h
                                                                                                                                mov dword ptr [00423F58h], eax
                                                                                                                                call 00007FF708BCF82Eh
                                                                                                                                mov dword ptr [00423EA4h], eax
                                                                                                                                push ebx
                                                                                                                                lea eax, dword ptr [esp+34h]
                                                                                                                                push 00000160h
                                                                                                                                push eax
                                                                                                                                push ebx
                                                                                                                                push 0041F458h
                                                                                                                                call dword ptr [00407158h]
                                                                                                                                push 004091B8h
                                                                                                                                push 004236A0h
                                                                                                                                call 00007FF708BCF4E1h
                                                                                                                                call dword ptr [004070B0h]
                                                                                                                                mov edi, 00429000h
                                                                                                                                push eax
                                                                                                                                push edi
                                                                                                                                call 00007FF708BCF4CFh
                                                                                                                                push ebx
                                                                                                                                call dword ptr [0040710Ch]
                                                                                                                                cmp byte ptr [00429000h], 00000022h
                                                                                                                                mov dword ptr [00423EA0h], eax
                                                                                                                                mov eax, edi
                                                                                                                                jne 00007FF708BCCC2Ch
                                                                                                                                mov byte ptr [esp+14h], 00000022h
                                                                                                                                mov eax, 00429001h
                                                                                                                                push dword ptr [esp+14h]
                                                                                                                                push eax
                                                                                                                                call 00007FF708BCEFC2h
                                                                                                                                push eax
                                                                                                                                call dword ptr [0040721Ch]
                                                                                                                                mov dword ptr [esp+1Ch], eax
                                                                                                                                jmp 00007FF708BCCC85h
                                                                                                                                cmp cl, 00000020h
                                                                                                                                jne 00007FF708BCCC28h
                                                                                                                                inc eax
                                                                                                                                cmp byte ptr [eax], 00000020h
                                                                                                                                je 00007FF708BCCC1Ch
                                                                                                                                cmp byte ptr [eax], 00000022h
                                                                                                                                mov byte ptr [eax+eax+00h], 00000000h

                                                                                                                                Rich Headers

                                                                                                                                Programming Language:
                                                                                                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                Data Directories

                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x300000x65d0.rsrc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x42bba100x2280
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                Sections

                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                .text0x10000x5a5a0x5c00False0.660453464674data6.41769823686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                .rdata0x70000x11900x1200False0.4453125data5.18162709925IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .data0x90000x1af980x400False0.55859375data4.70902740305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                .ndata0x240000xc0000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .rsrc0x300000x65d00x6600False0.37779564951data5.22258519203IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                Resources

                                                                                                                                NameRVASizeTypeLanguageCountry
                                                                                                                                RT_ICON0x302c80x25a8dataEnglishUnited States
                                                                                                                                RT_ICON0x328700x1bd9PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                RT_ICON0x344500x10a8dataEnglishUnited States
                                                                                                                                RT_ICON0x354f80x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                RT_DIALOG0x359600xb4dataEnglishUnited States
                                                                                                                                RT_DIALOG0x35a180x120dataEnglishUnited States
                                                                                                                                RT_DIALOG0x35b380x200dataEnglishUnited States
                                                                                                                                RT_DIALOG0x35d380xf8dataEnglishUnited States
                                                                                                                                RT_DIALOG0x35e300xeedataEnglishUnited States
                                                                                                                                RT_GROUP_ICON0x35f200x3edataEnglishUnited States
                                                                                                                                RT_VERSION0x35f600x2acdataEnglishUnited States
                                                                                                                                RT_MANIFEST0x362100x3baXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                                Imports

                                                                                                                                DLLImport
                                                                                                                                KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                                                                                                                USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                                                                GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                                                                SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                                                                ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                                                                COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                                                Version Infos

                                                                                                                                DescriptionData
                                                                                                                                LegalCopyright iba AG. All rights reserved
                                                                                                                                FileVersion7.3.6.0
                                                                                                                                CompanyNameiba AG
                                                                                                                                LegalTrademarks
                                                                                                                                Comments
                                                                                                                                ProductNameibaAnalyzer (x64)
                                                                                                                                ProductVersion7.3.6
                                                                                                                                FileDescriptionibaAnalyzer installer
                                                                                                                                Translation0x0409 0x0000

                                                                                                                                Possible Origin

                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                EnglishUnited States

                                                                                                                                Network Behavior

                                                                                                                                No network behavior found

                                                                                                                                Statistics

                                                                                                                                CPU Usage

                                                                                                                                Click to jump to process

                                                                                                                                Memory Usage

                                                                                                                                Click to jump to process

                                                                                                                                High Level Behavior Distribution

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                Behavior

                                                                                                                                Click to jump to process

                                                                                                                                System Behavior

                                                                                                                                General

                                                                                                                                Target ID:0
                                                                                                                                Start time:18:42:27
                                                                                                                                Start date:23/05/2022
                                                                                                                                Path:C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe"
                                                                                                                                Imagebase:0x400000
                                                                                                                                File size:69983376 bytes
                                                                                                                                MD5 hash:C1AE350F67039CBE69F10DF9B8001371
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                Reputation:low

                                                                                                                                General

                                                                                                                                Target ID:14
                                                                                                                                Start time:18:43:53
                                                                                                                                Start date:23/05/2022
                                                                                                                                Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaHDOfflineActiveX.ocx
                                                                                                                                Imagebase:0x1290000
                                                                                                                                File size:20992 bytes
                                                                                                                                MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high

                                                                                                                                General

                                                                                                                                Target ID:15
                                                                                                                                Start time:18:43:56
                                                                                                                                Start date:23/05/2022
                                                                                                                                Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline: /s "C:\Program Files\iba\ibaAnalyzer\ibaHDOfflineActiveX.ocx"
                                                                                                                                Imagebase:0x7ff73dea0000
                                                                                                                                File size:24064 bytes
                                                                                                                                MD5 hash:D78B75FC68247E8A63ACBA846182740E
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                Reputation:high

                                                                                                                                General

                                                                                                                                Target ID:21
                                                                                                                                Start time:18:44:30
                                                                                                                                Start date:23/05/2022
                                                                                                                                Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx
                                                                                                                                Imagebase:0x1290000
                                                                                                                                File size:20992 bytes
                                                                                                                                MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high

                                                                                                                                General

                                                                                                                                Target ID:22
                                                                                                                                Start time:18:44:31
                                                                                                                                Start date:23/05/2022
                                                                                                                                Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline: /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx"
                                                                                                                                Imagebase:0x7ff73dea0000
                                                                                                                                File size:24064 bytes
                                                                                                                                MD5 hash:D78B75FC68247E8A63ACBA846182740E
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                Reputation:high

                                                                                                                                Disassembly

                                                                                                                                Reset < >

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:4.8%
                                                                                                                                  Dynamic/Decrypted Code Coverage:46.5%
                                                                                                                                  Signature Coverage:19.9%
                                                                                                                                  Total number of Nodes:1668
                                                                                                                                  Total number of Limit Nodes:75
                                                                                                                                  execution_graph 31325 10001000 8 API calls 29546 405042 29547 405063 GetDlgItem GetDlgItem GetDlgItem 29546->29547 29548 4051ee 29546->29548 29592 403f4d SendMessageA 29547->29592 29549 4051f7 GetDlgItem CreateThread FindCloseChangeNotification 29548->29549 29550 40521f 29548->29550 29549->29550 29613 404fd6 OleInitialize 29549->29613 29552 40524a 29550->29552 29554 405236 ShowWindow ShowWindow 29550->29554 29555 40526c 29550->29555 29556 4052a8 29552->29556 29559 405281 ShowWindow 29552->29559 29560 40525b 29552->29560 29553 4050d4 29557 4050db GetClientRect GetSystemMetrics SendMessageA SendMessageA 29553->29557 29597 403f4d SendMessageA 29554->29597 29601 403f7f 8 API calls 29555->29601 29556->29555 29564 4052b3 SendMessageA 29556->29564 29562 40514a 29557->29562 29563 40512e SendMessageA SendMessageA 29557->29563 29567 4052a1 29559->29567 29568 405293 29559->29568 29598 403ef1 29560->29598 29570 40515d 29562->29570 29571 40514f SendMessageA 29562->29571 29563->29562 29566 40527a 29564->29566 29572 4052cc CreatePopupMenu 29564->29572 29569 403ef1 SendMessageA 29567->29569 29602 404f04 29568->29602 29569->29556 29593 403f18 29570->29593 29571->29570 29574 405b88 18 API calls 29572->29574 29576 4052dc AppendMenuA 29574->29576 29578 405302 29576->29578 29579 4052ef GetWindowRect 29576->29579 29577 40516d 29580 405176 ShowWindow 29577->29580 29581 4051aa GetDlgItem SendMessageA 29577->29581 29582 40530b TrackPopupMenu 29578->29582 29579->29582 29583 405199 29580->29583 29584 40518c ShowWindow 29580->29584 29581->29566 29585 4051d1 SendMessageA SendMessageA 29581->29585 29582->29566 29586 405329 29582->29586 29596 403f4d SendMessageA 29583->29596 29584->29583 29585->29566 29587 405345 SendMessageA 29586->29587 29587->29587 29589 405362 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 29587->29589 29590 405384 SendMessageA 29589->29590 29590->29590 29591 4053a5 GlobalUnlock SetClipboardData CloseClipboard 29590->29591 29591->29566 29592->29553 29594 405b88 18 API calls 29593->29594 29595 403f23 SetDlgItemTextA 29594->29595 29595->29577 29596->29581 29597->29552 29599 403ef8 29598->29599 29600 403efe SendMessageA 29598->29600 29599->29600 29600->29555 29601->29566 29603 404f1f 29602->29603 29611 404fc2 29602->29611 29604 404f3c lstrlenA 29603->29604 29605 405b88 18 API calls 29603->29605 29606 404f65 29604->29606 29607 404f4a lstrlenA 29604->29607 29605->29604 29609 404f78 29606->29609 29610 404f6b SetWindowTextA 29606->29610 29608 404f5c lstrcatA 29607->29608 29607->29611 29608->29606 29609->29611 29612 404f7e SendMessageA SendMessageA SendMessageA 29609->29612 29610->29609 29611->29567 29612->29611 29620 403f64 29613->29620 29615 403f64 SendMessageA 29617 405032 OleUninitialize 29615->29617 29616 404ff9 29618 405020 29616->29618 29623 401389 29616->29623 29618->29615 29621 403f7c 29620->29621 29622 403f6d SendMessageA 29620->29622 29621->29616 29622->29621 29625 401390 29623->29625 29624 4013fe 29624->29616 29625->29624 29626 4013cb MulDiv SendMessageA 29625->29626 29626->29625 31454 32be52f 26 API calls std::exception::exception 29638 403a45 29639 403b98 29638->29639 29640 403a5d 29638->29640 29642 403be9 29639->29642 29643 403ba9 GetDlgItem GetDlgItem 29639->29643 29640->29639 29641 403a69 29640->29641 29646 403a74 SetWindowPos 29641->29646 29647 403a87 29641->29647 29645 403c43 29642->29645 29655 401389 2 API calls 29642->29655 29644 403f18 19 API calls 29643->29644 29650 403bd3 KiUserCallbackDispatcher 29644->29650 29651 403f64 SendMessageA 29645->29651 29656 403b93 29645->29656 29646->29647 29648 403aa4 29647->29648 29649 403a8c ShowWindow 29647->29649 29652 403ac6 29648->29652 29653 403aac KiUserCallbackDispatcher 29648->29653 29649->29648 29706 40140b 29650->29706 29676 403c55 29651->29676 29658 403acb SetWindowLongA 29652->29658 29659 403adc 29652->29659 29657 403ea1 29653->29657 29660 403c1b 29655->29660 29657->29656 29669 403ed2 ShowWindow 29657->29669 29658->29656 29662 403b53 29659->29662 29663 403ae8 GetDlgItem 29659->29663 29660->29645 29664 403c1f SendMessageA 29660->29664 29661 403ea3 DestroyWindow EndDialog 29661->29657 29712 403f7f 8 API calls 29662->29712 29666 403b18 29663->29666 29667 403afb SendMessageA IsWindowEnabled 29663->29667 29664->29656 29665 40140b 2 API calls 29665->29676 29671 403b25 29666->29671 29674 403b6c SendMessageA 29666->29674 29675 403b38 29666->29675 29681 403b1d 29666->29681 29667->29656 29667->29666 29669->29656 29670 405b88 18 API calls 29670->29676 29671->29674 29671->29681 29672 403ef1 SendMessageA 29672->29662 29673 403f18 19 API calls 29673->29676 29674->29662 29677 403b40 29675->29677 29678 403b55 29675->29678 29676->29656 29676->29661 29676->29665 29676->29670 29676->29673 29682 403f18 19 API calls 29676->29682 29697 403de3 DestroyWindow 29676->29697 29679 40140b 2 API calls 29677->29679 29680 40140b 2 API calls 29678->29680 29679->29681 29680->29681 29681->29662 29681->29672 29683 403cd0 GetDlgItem 29682->29683 29684 403ce5 29683->29684 29685 403ced ShowWindow KiUserCallbackDispatcher 29683->29685 29684->29685 29709 403f3a KiUserCallbackDispatcher 29685->29709 29687 403d17 KiUserCallbackDispatcher 29690 403d2b 29687->29690 29688 403d30 GetSystemMenu EnableMenuItem SendMessageA 29689 403d60 SendMessageA 29688->29689 29688->29690 29689->29690 29690->29688 29710 403f4d SendMessageA 29690->29710 29711 405b66 lstrcpynA 29690->29711 29693 403d8e lstrlenA 29694 405b88 18 API calls 29693->29694 29695 403d9f SetWindowTextA 29694->29695 29696 401389 2 API calls 29695->29696 29696->29676 29697->29657 29698 403dfd CreateDialogParamA 29697->29698 29698->29657 29699 403e30 29698->29699 29700 403f18 19 API calls 29699->29700 29701 403e3b GetDlgItem GetWindowRect ScreenToClient SetWindowPos 29700->29701 29702 401389 2 API calls 29701->29702 29703 403e81 29702->29703 29703->29656 29704 403e89 ShowWindow 29703->29704 29705 403f64 SendMessageA 29704->29705 29705->29657 29707 401389 2 API calls 29706->29707 29708 401420 29707->29708 29708->29642 29709->29687 29710->29690 29711->29693 29712->29656 31455 401645 48 API calls 31327 32bb320 60 API calls 31328 32d3726 41 API calls 3 library calls 31456 32b2520 78 API calls 31457 32d8526 47 API calls 31458 32acd24 11 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 31329 404853 71 API calls 31460 404e54 12 API calls 31330 31c1b09 23 API calls 31462 32b1d30 15 API calls 30740 404060 30741 404076 30740->30741 30748 404183 30740->30748 30744 403f18 19 API calls 30741->30744 30742 4041f2 30743 4042c6 30742->30743 30745 4041fc GetDlgItem 30742->30745 30773 403f7f 8 API calls 30743->30773 30749 4040cc 30744->30749 30746 404212 30745->30746 30747 404284 30745->30747 30746->30747 30753 404238 6 API calls 30746->30753 30747->30743 30754 404296 30747->30754 30748->30742 30748->30743 30750 4041c7 GetDlgItem SendMessageA 30748->30750 30752 403f18 19 API calls 30749->30752 30771 403f3a KiUserCallbackDispatcher 30750->30771 30757 4040d9 CheckDlgButton 30752->30757 30753->30747 30759 40429c SendMessageA 30754->30759 30760 4042ad 30754->30760 30756 4042c1 30769 403f3a KiUserCallbackDispatcher 30757->30769 30759->30760 30760->30756 30763 4042b3 SendMessageA 30760->30763 30761 4041ed 30772 4042eb SendMessageA 30761->30772 30762 4040f7 GetDlgItem 30770 403f4d SendMessageA 30762->30770 30763->30756 30766 40410d SendMessageA 30767 404134 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 30766->30767 30768 40412b GetSysColor 30766->30768 30767->30756 30768->30767 30769->30762 30770->30766 30771->30761 30772->30742 30773->30756 31465 32cd10e 7 API calls 30794 402866 SendMessageA 30795 402880 InvalidateRect 30794->30795 30796 40288b 30794->30796 30795->30796 30811 402267 30812 4029f6 18 API calls 30811->30812 30813 402275 30812->30813 30814 4029f6 18 API calls 30813->30814 30815 40227e 30814->30815 30816 4029f6 18 API calls 30815->30816 30817 402288 GetPrivateProfileStringA 30816->30817 31334 32b2b00 6 API calls 31466 32b3500 113 API calls 2 library calls 31467 32b4d00 19 API calls 31335 4019d6 19 API calls 31468 40366d GlobalAlloc 30884 31c2732 SetWindowLongA SendMessageA ShowWindow 30885 31c278e KiUserCallbackDispatcher IsDialogMessageA 30884->30885 30886 31c27ad IsDialogMessageA 30885->30886 30887 31c27d4 30885->30887 30886->30887 30888 31c27be TranslateMessage DispatchMessageA 30886->30888 30887->30885 30889 31c27dc 30887->30889 30888->30887 30890 31c27e9 SetWindowLongA DestroyWindow 30889->30890 30912 31c10dc 30889->30912 30892 31c280e ShowWindow 30890->30892 30893 31c2823 30890->30893 30892->30893 30894 31c100f GlobalFree 30893->30894 30895 31c282e 30894->30895 30896 31c100f GlobalFree 30895->30896 30897 31c2839 30896->30897 30898 31c100f GlobalFree 30897->30898 30899 31c2844 30898->30899 30900 31c100f GlobalFree 30899->30900 30901 31c284f 30900->30901 30902 31c100f GlobalFree 30901->30902 30906 31c285a 30902->30906 30903 31c28ab 30904 31c100f GlobalFree 30903->30904 30905 31c28b6 30904->30905 30908 31c2afb 2 API calls 30905->30908 30906->30903 30907 31c100f GlobalFree 30906->30907 30910 31c288d DeleteObject 30906->30910 30911 31c289c DestroyIcon 30906->30911 30907->30906 30909 31c28dd 30908->30909 30910->30906 30911->30906 30934 31c1000 GlobalAlloc 30912->30934 30914 31c1398 30914->30890 30915 31c1366 wsprintfA WritePrivateProfileStringA 30916 31c100f GlobalFree 30915->30916 30916->30914 30917 31c12e2 SendMessageA wsprintfA 30918 31c1305 wsprintfA WritePrivateProfileStringA 30917->30918 30922 31c10ee 30918->30922 30919 31c1202 SendMessageA 30921 31c122b GetWindowTextA 30919->30921 30926 31c11c1 30919->30926 30920 31c1159 lstrlenA 30920->30922 30921->30918 30921->30926 30922->30914 30922->30915 30922->30917 30922->30919 30922->30920 30923 31c100f GlobalFree 30922->30923 30924 31c1000 GlobalAlloc 30922->30924 30927 31c1197 SendMessageA 30922->30927 30923->30922 30924->30922 30925 31c1000 GlobalAlloc 30925->30926 30926->30914 30926->30918 30926->30921 30926->30925 30928 31c11af SendMessageA 30926->30928 30929 31c100f GlobalFree 30926->30929 30930 31c11c6 lstrcatA 30926->30930 30931 31c11d2 SendMessageA lstrcatA 30926->30931 30932 31c12bb CharNextA CharNextA 30926->30932 30933 31c128e CharNextA lstrcpynA 30926->30933 30927->30926 30927->30928 30928->30926 30929->30926 30930->30931 30931->30926 30932->30926 30933->30932 30934->30922 31336 1000102f 10 API calls 31337 32beb18 15 API calls ___vcrt_freefls@4 31471 32d2519 48 API calls 6 library calls 31338 32b4710 99 API calls 31473 32b4510 GlobalAlloc lstrcpyA GlobalFree GlobalAlloc wsprintfA 31474 32b9117 6 API calls 31475 40267c 59 API calls 31476 32bc517 70 API calls 31477 32c1910 RtlUnwind 31340 32ceb12 15 API calls 31341 401000 14 API calls 29969 32ac560 SetEvent 29972 32abfd0 29969->29972 29973 32ac000 29972->29973 29974 32ac024 29973->29974 29975 32ac013 GetCurrentProcess WaitForInputIdle 29973->29975 30048 32ac02e 29974->30048 30056 32b6cf0 45 API calls 2 library calls 29974->30056 29975->29973 29975->29974 29977 32ac056 30057 32a1c40 InitializeSecurityDescriptor 29977->30057 29980 32ac4cb 29982 32ac064 29983 32ac09b 29982->29983 29982->30048 30061 32a1cb0 WaitForSingleObject 29982->30061 29984 32ac0bc 29983->29984 29985 32ac0a5 29983->29985 29987 32ac0c0 29984->29987 30012 32ac0d7 29984->30012 29986 32ac0a9 29985->29986 29985->29987 30063 32a1ce0 ReleaseMutex 29986->30063 30065 32a1d00 CloseHandle 29987->30065 29990 32ac0b0 30064 32a1d00 CloseHandle 29990->30064 29991 32ac0f4 FindWindowA 29993 32ac10f GetWindowThreadProcessId PostThreadMessageA 29991->29993 30015 32ac130 ___scrt_fastfail 29991->30015 29993->30015 29994 32a1cb0 WaitForSingleObject 29994->30015 29996 32ac4d2 29997 32ac526 29996->29997 29998 32ac4d6 29996->29998 30089 32a1ce0 ReleaseMutex 29997->30089 30082 32a1d00 CloseHandle 29998->30082 30001 32ac52d 30090 32a1d00 CloseHandle 30001->30090 30004 32ac534 30091 32a1ce0 ReleaseMutex 30004->30091 30006 32a1ca0 OpenMutexA 30006->30012 30007 32ac53b 30092 32a1d00 CloseHandle 30007->30092 30009 32a1cb0 WaitForSingleObject 30009->30012 30010 32a1c40 InitializeSecurityDescriptor SetSecurityDescriptorDacl CreateMutexA 30010->30012 30011 32a1ce0 ReleaseMutex 30011->30012 30012->29991 30012->30006 30012->30009 30012->30010 30012->30011 30013 32a1d00 CloseHandle 30012->30013 30014 32ac547 30012->30014 30012->30015 30016 32ac4ee 30012->30016 30017 32ac21d 30012->30017 30012->30048 30067 32b6cf0 45 API calls 2 library calls 30012->30067 30013->30012 30015->29994 30015->29996 30015->29998 30015->30012 30019 32ac284 RegisterClassExA 30015->30019 30041 32ac3cf DispatchMessageA 30015->30041 30043 32a1ce0 ReleaseMutex 30015->30043 30046 32a1d00 CloseHandle 30015->30046 30049 32ac450 UnregisterDeviceNotification GetModuleHandleA GetProcAddress 30015->30049 30050 32ac49b 30015->30050 30066 32ab300 90 API calls ___scrt_fastfail 30015->30066 30016->30017 30018 32ac4f6 30016->30018 30068 32a1d00 CloseHandle 30017->30068 30083 32a1ce0 ReleaseMutex 30018->30083 30071 32c8fec 25 API calls 30019->30071 30023 32ac4fd 30084 32a1d00 CloseHandle 30023->30084 30024 32ac22e 30069 32a1ce0 ReleaseMutex 30024->30069 30025 32ac2e8 GetModuleHandleA GetProcAddress 30030 32ac314 30025->30030 30028 32ac504 30085 32a1ce0 ReleaseMutex 30028->30085 30029 32ac235 30070 32a1d00 CloseHandle 30029->30070 30033 32ac3ee GetLastError 30030->30033 30034 32ac326 ShowWindow RegisterDeviceNotificationA 30030->30034 30072 32c8fec 25 API calls 30033->30072 30035 32ac3a1 PeekMessageA 30034->30035 30035->30015 30038 32ac3da Sleep 30035->30038 30037 32ac50b 30086 32a1d00 CloseHandle 30037->30086 30038->30015 30038->30035 30039 32ac406 FormatMessageA 30039->30015 30041->30038 30042 32ac512 30087 32a1ce0 ReleaseMutex 30042->30087 30043->30015 30045 32ac51d 30088 32a1d00 CloseHandle 30045->30088 30046->30015 30075 32bd98d 30048->30075 30051 32ac47b UnregisterClassA 30049->30051 30073 32a1ce0 ReleaseMutex 30050->30073 30051->30015 30053 32ac4a6 30074 32a1d00 CloseHandle 30053->30074 30055 32ac4ad 30055->30048 30056->29977 30058 32a1c98 30057->30058 30059 32a1c57 SetSecurityDescriptorDacl 30057->30059 30058->29982 30059->30058 30060 32a1c6a CreateMutexA 30059->30060 30060->29982 30062 32a1cbf 30061->30062 30062->29982 30063->29990 30064->30048 30065->30048 30066->30015 30067->30012 30068->30024 30069->30029 30070->30048 30071->30025 30072->30039 30073->30053 30074->30055 30076 32bd998 IsProcessorFeaturePresent 30075->30076 30077 32bd996 30075->30077 30079 32be370 30076->30079 30077->29980 30093 32be334 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 30079->30093 30081 32be453 30081->29980 30082->30055 30083->30023 30084->30028 30085->30037 30086->30042 30087->30045 30088->30048 30089->30001 30090->30004 30091->30007 30092->30055 30093->30081 31343 32adf60 9 API calls 30094 32bdd60 30095 32bdd69 30094->30095 30096 32bdd6e dllmain_dispatch 30094->30096 30098 32be693 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 30095->30098 30098->30096 31344 32c8367 51 API calls 2 library calls 31481 31c1d4e 11 API calls 31482 32ba978 SysFreeString SysFreeString 31483 402615 FindNextFileA lstrcpynA 31484 32ae57f 9 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 31348 32bab73 SysFreeString 30720 401e1b 30721 4029f6 18 API calls 30720->30721 30722 401e21 30721->30722 30723 404f04 25 API calls 30722->30723 30724 401e2b 30723->30724 30735 4053c6 CreateProcessA 30724->30735 30726 401e87 FindCloseChangeNotification 30728 40265c 30726->30728 30727 401e50 WaitForSingleObject 30729 401e31 30727->30729 30730 401e5e GetExitCodeProcess 30727->30730 30729->30726 30729->30727 30729->30728 30738 405ec1 DispatchMessageA PeekMessageA 30729->30738 30732 401e70 30730->30732 30733 401e79 30730->30733 30739 405ac4 wsprintfA 30732->30739 30733->30726 30736 405401 30735->30736 30737 4053f5 CloseHandle 30735->30737 30736->30729 30737->30736 30738->30727 30739->30733 31485 32b4570 104 API calls 31349 402020 27 API calls 31486 32aa3e0 80 API calls ___scrt_fastfail 30784 402223 30785 402231 30784->30785 30786 40222b 30784->30786 30788 402241 30785->30788 30789 4029f6 18 API calls 30785->30789 30787 4029f6 18 API calls 30786->30787 30787->30785 30790 4029f6 18 API calls 30788->30790 30792 40224f 30788->30792 30789->30788 30790->30792 30791 4029f6 18 API calls 30793 402258 WritePrivateProfileStringA 30791->30793 30792->30791 30797 402427 30807 402b00 30797->30807 30799 402431 30800 4029d9 18 API calls 30799->30800 30801 40243a 30800->30801 30802 40265c 30801->30802 30803 402451 RegEnumKeyA 30801->30803 30804 40245d RegEnumValueA 30801->30804 30805 402476 RegCloseKey 30803->30805 30804->30802 30804->30805 30805->30802 30808 4029f6 18 API calls 30807->30808 30809 402b19 30808->30809 30810 402b27 RegOpenKeyExA 30809->30810 30810->30799 31488 32ac940 32 API calls 31352 32b4740 54 API calls 3 library calls 31353 40402c lstrcpynA lstrlenA 31490 32ae55b 6 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 31491 401634 20 API calls 31357 32b1350 16 API calls 31492 32b1150 6 API calls 31493 32b2550 157 API calls 31135 40323c #17 SetErrorMode OleInitialize 31136 405e88 3 API calls 31135->31136 31137 40327f SHGetFileInfoA 31136->31137 31205 405b66 lstrcpynA 31137->31205 31139 4032aa GetCommandLineA 31206 405b66 lstrcpynA 31139->31206 31141 4032bc GetModuleHandleA 31142 4032d3 31141->31142 31143 405684 CharNextA 31142->31143 31144 4032e7 CharNextA 31143->31144 31150 4032f4 31144->31150 31145 40335d 31146 403370 GetTempPathA 31145->31146 31207 403208 31146->31207 31148 403386 31151 4033aa DeleteFileA 31148->31151 31152 40338a GetWindowsDirectoryA lstrcatA 31148->31152 31149 405684 CharNextA 31149->31150 31150->31145 31150->31149 31156 40335f 31150->31156 31215 402c72 GetTickCount GetModuleFileNameA 31151->31215 31153 403208 11 API calls 31152->31153 31155 4033a6 31153->31155 31155->31151 31163 403424 31155->31163 31299 405b66 lstrcpynA 31156->31299 31157 4033bb 31161 405684 CharNextA 31157->31161 31157->31163 31192 403414 31157->31192 31164 4033d2 31161->31164 31162 40342d OleUninitialize 31165 403522 31162->31165 31166 40343d 31162->31166 31302 4035bd 72 API calls 31163->31302 31173 403453 lstrcatA lstrcmpiA 31164->31173 31174 4033ef 31164->31174 31167 4035a5 ExitProcess 31165->31167 31169 405e88 3 API calls 31165->31169 31303 405427 MessageBoxIndirectA 31166->31303 31172 403531 31169->31172 31171 40344b ExitProcess 31175 405e88 3 API calls 31172->31175 31173->31163 31177 40346f CreateDirectoryA SetCurrentDirectoryA 31173->31177 31176 40573a 18 API calls 31174->31176 31180 40353a 31175->31180 31181 4033fa 31176->31181 31178 403491 31177->31178 31179 403486 31177->31179 31305 405b66 lstrcpynA 31178->31305 31304 405b66 lstrcpynA 31179->31304 31184 405e88 3 API calls 31180->31184 31181->31163 31300 405b66 lstrcpynA 31181->31300 31186 403543 31184->31186 31188 403591 ExitWindowsEx 31186->31188 31195 403551 GetCurrentProcess 31186->31195 31187 403409 31301 405b66 lstrcpynA 31187->31301 31188->31167 31191 40359e 31188->31191 31190 405b88 18 API calls 31193 4034c1 DeleteFileA 31190->31193 31194 40140b 2 API calls 31191->31194 31245 4036af 31192->31245 31196 4034ce CopyFileA 31193->31196 31202 40349f 31193->31202 31194->31167 31197 403561 31195->31197 31196->31202 31197->31188 31198 403516 31307 4058b4 38 API calls 31198->31307 31201 405b88 18 API calls 31201->31202 31202->31190 31202->31198 31202->31201 31203 4053c6 2 API calls 31202->31203 31204 403502 CloseHandle 31202->31204 31306 4058b4 38 API calls 31202->31306 31203->31202 31204->31202 31205->31139 31206->31141 31208 405dc8 5 API calls 31207->31208 31209 403214 31208->31209 31210 40321e 31209->31210 31211 405659 3 API calls 31209->31211 31210->31148 31212 403226 CreateDirectoryA 31211->31212 31213 40586c 2 API calls 31212->31213 31214 40323a 31213->31214 31214->31148 31308 40583d GetFileAttributesA CreateFileA 31215->31308 31217 402cb5 31244 402cc2 31217->31244 31309 405b66 lstrcpynA 31217->31309 31219 402cd8 31220 4056a0 2 API calls 31219->31220 31221 402cde 31220->31221 31310 405b66 lstrcpynA 31221->31310 31223 402ce9 GetFileSize 31224 402dea 31223->31224 31226 402d00 31223->31226 31225 402bd3 33 API calls 31224->31225 31227 402df1 31225->31227 31226->31224 31228 4031bf ReadFile 31226->31228 31230 402e85 31226->31230 31236 402bd3 33 API calls 31226->31236 31226->31244 31229 402e2d GlobalAlloc 31227->31229 31227->31244 31311 4031f1 SetFilePointer 31227->31311 31228->31226 31234 402e44 31229->31234 31231 402bd3 33 API calls 31230->31231 31231->31244 31233 402e0e 31235 4031bf ReadFile 31233->31235 31237 40586c 2 API calls 31234->31237 31238 402e19 31235->31238 31236->31226 31239 402e55 CreateFileA 31237->31239 31238->31229 31238->31244 31240 402e8f 31239->31240 31239->31244 31312 4031f1 SetFilePointer 31240->31312 31242 402e9d 31243 402f18 48 API calls 31242->31243 31243->31244 31244->31157 31246 405e88 3 API calls 31245->31246 31247 4036c3 31246->31247 31248 4036c9 31247->31248 31249 4036db 31247->31249 31322 405ac4 wsprintfA 31248->31322 31250 405a4d 3 API calls 31249->31250 31251 4036fc 31250->31251 31253 40371a lstrcatA 31251->31253 31255 405a4d 3 API calls 31251->31255 31254 4036d9 31253->31254 31313 403978 31254->31313 31255->31253 31258 40573a 18 API calls 31259 40374c 31258->31259 31260 4037d5 31259->31260 31262 405a4d 3 API calls 31259->31262 31261 40573a 18 API calls 31260->31261 31263 4037db 31261->31263 31264 403778 31262->31264 31265 4037eb LoadImageA 31263->31265 31266 405b88 18 API calls 31263->31266 31264->31260 31269 403794 lstrlenA 31264->31269 31273 405684 CharNextA 31264->31273 31267 403816 RegisterClassA 31265->31267 31268 40389f 31265->31268 31266->31265 31270 403852 SystemParametersInfoA CreateWindowExA 31267->31270 31271 4038a9 31267->31271 31272 40140b 2 API calls 31268->31272 31274 4037a2 lstrcmpiA 31269->31274 31275 4037c8 31269->31275 31270->31268 31271->31163 31276 4038a5 31272->31276 31277 403792 31273->31277 31274->31275 31278 4037b2 GetFileAttributesA 31274->31278 31279 405659 3 API calls 31275->31279 31276->31271 31282 403978 19 API calls 31276->31282 31277->31269 31281 4037be 31278->31281 31280 4037ce 31279->31280 31323 405b66 lstrcpynA 31280->31323 31281->31275 31285 4056a0 2 API calls 31281->31285 31283 4038b6 31282->31283 31286 4038c2 ShowWindow LoadLibraryA 31283->31286 31287 403945 31283->31287 31285->31275 31288 4038e1 LoadLibraryA 31286->31288 31289 4038e8 GetClassInfoA 31286->31289 31290 404fd6 5 API calls 31287->31290 31288->31289 31291 403912 DialogBoxParamA 31289->31291 31292 4038fc GetClassInfoA RegisterClassA 31289->31292 31293 40394b 31290->31293 31294 40140b 2 API calls 31291->31294 31292->31291 31295 403967 31293->31295 31296 40394f 31293->31296 31294->31271 31297 40140b 2 API calls 31295->31297 31296->31271 31298 40140b 2 API calls 31296->31298 31297->31271 31298->31271 31299->31146 31300->31187 31301->31192 31302->31162 31303->31171 31304->31178 31305->31202 31306->31202 31307->31163 31308->31217 31309->31219 31310->31223 31311->31233 31312->31242 31314 40398c 31313->31314 31324 405ac4 wsprintfA 31314->31324 31316 4039fd 31317 405b88 18 API calls 31316->31317 31318 403a09 SetWindowTextA 31317->31318 31319 40372a 31318->31319 31320 403a25 31318->31320 31319->31258 31320->31319 31321 405b88 18 API calls 31320->31321 31321->31320 31322->31254 31323->31260 31324->31316 31494 40263e 19 API calls 29496 401cc1 GetDlgItem GetClientRect 29501 4029f6 29496->29501 29499 401d0f DeleteObject 29500 40288b 29499->29500 29502 402a02 29501->29502 29507 405b88 29502->29507 29505 401cf1 LoadImageA SendMessageA 29505->29499 29505->29500 29519 405b95 29507->29519 29508 402a23 29508->29505 29525 405dc8 29508->29525 29509 405daf 29509->29508 29541 405b66 lstrcpynA 29509->29541 29511 405c2d GetVersion 29511->29519 29512 405d86 lstrlenA 29512->29519 29513 405b88 10 API calls 29513->29512 29516 405ca5 GetSystemDirectoryA 29516->29519 29518 405cb8 GetWindowsDirectoryA 29518->29519 29519->29509 29519->29511 29519->29512 29519->29513 29519->29516 29519->29518 29520 405dc8 5 API calls 29519->29520 29521 405b88 10 API calls 29519->29521 29522 405d2f lstrcatA 29519->29522 29523 405cec SHGetSpecialFolderLocation 29519->29523 29534 405a4d RegOpenKeyExA 29519->29534 29539 405ac4 wsprintfA 29519->29539 29540 405b66 lstrcpynA 29519->29540 29520->29519 29521->29519 29522->29519 29523->29519 29524 405d04 SHGetPathFromIDListA CoTaskMemFree 29523->29524 29524->29519 29531 405dd4 29525->29531 29526 405e3c 29527 405e40 CharPrevA 29526->29527 29530 405e5b 29526->29530 29527->29526 29528 405e31 CharNextA 29528->29526 29528->29531 29530->29505 29531->29526 29531->29528 29532 405e1f CharNextA 29531->29532 29533 405e2c CharNextA 29531->29533 29542 405684 29531->29542 29532->29531 29533->29528 29535 405a80 RegQueryValueExA 29534->29535 29536 405abe 29534->29536 29537 405aa1 RegCloseKey 29535->29537 29536->29519 29537->29536 29539->29519 29540->29519 29541->29508 29543 40568a 29542->29543 29544 40569d 29543->29544 29545 405690 CharNextA 29543->29545 29544->29531 29545->29543 31358 32d1bae 28 API calls 3 library calls 29713 401ec5 29714 4029f6 18 API calls 29713->29714 29715 401ecc GetFileVersionInfoSizeA 29714->29715 29716 401eef GlobalAlloc 29715->29716 29717 401f45 29715->29717 29716->29717 29718 401f03 GetFileVersionInfoA 29716->29718 29718->29717 29719 401f14 VerQueryValueA 29718->29719 29719->29717 29720 401f2d 29719->29720 29724 405ac4 wsprintfA 29720->29724 29722 401f39 29725 405ac4 wsprintfA 29722->29725 29724->29722 29725->29717 29750 4014ca 29751 404f04 25 API calls 29750->29751 29752 4014d1 29751->29752 31360 32abba0 96 API calls 3 library calls 31495 32b25a0 76 API calls 31496 31c298e GlobalAlloc lstrcpynA 31363 4014d6 19 API calls 30610 4018d8 68 API calls 31364 32affb0 12 API calls 31365 4018db 19 API calls 31366 32b2bb0 38 API calls 3 library calls 31498 401ae5 19 API calls 30818 32bdd83 30829 32bddc7 InitializeCriticalSectionAndSpinCount GetModuleHandleW 30818->30829 30820 32bdd88 30840 32be04a 30820->30840 30822 32bdd8f 30823 32bdda2 30822->30823 30824 32bdd94 30822->30824 30847 32be719 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 30823->30847 30846 32be203 28 API calls __onexit 30824->30846 30827 32bdd9e 30828 32bdda9 30830 32bde0d GetModuleHandleW 30829->30830 30831 32bde22 GetProcAddress GetProcAddress GetProcAddress 30829->30831 30830->30831 30832 32bdeae 30830->30832 30833 32bde88 CreateEventW 30831->30833 30834 32bde50 30831->30834 30848 32be719 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 30832->30848 30833->30832 30839 32bde58 __crt_fast_encode_pointer 30833->30839 30834->30833 30834->30839 30836 32bdeb5 DeleteCriticalSection 30837 32bdeca CloseHandle 30836->30837 30838 32bded1 30836->30838 30837->30838 30838->30820 30839->30820 30841 32be059 30840->30841 30842 32be05d 30840->30842 30841->30822 30845 32be06a ___scrt_release_startup_lock 30842->30845 30849 32be719 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 30842->30849 30844 32be0ee 30845->30822 30846->30827 30847->30828 30848->30836 30849->30844 31368 32cef86 44 API calls 2 library calls 31500 32c6580 25 API calls 3 library calls 31370 4014f0 SetForegroundWindow 31371 32bdb9d 80 API calls 4 library calls 31372 100010b7 GlobalFree GlobalAlloc lstrcpyA GlobalFree GlobalFree 31109 32a1590 31110 32a1603 CreateFileA 31109->31110 31111 32a1634 31109->31111 31114 32bd98d __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 31110->31114 31111->31110 31113 32a164f 31111->31113 31115 32bd98d __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 31113->31115 31117 32a1630 31114->31117 31116 32a165c 31115->31116 31503 4016fa 19 API calls 31505 32a4d96 14 API calls ___vcrt_freefls@4 31374 4014fe 18 API calls 31375 32c6792 43 API calls 5 library calls 31378 32c0fe4 47 API calls 31379 401c8a 19 API calls 31380 32b17e0 75 API calls 31381 32bcfe0 202 API calls 2 library calls 31507 40468b 6 API calls 31508 32b45e0 15 API calls 30099 32acbe6 30100 32acbfb 30099->30100 30105 32ac960 45 API calls initialize_legacy_wide_specifiers 30100->30105 30102 32acc95 30106 32bae00 30102->30106 30104 32acca0 30105->30102 30107 32bae10 30106->30107 30108 32bae2a 30107->30108 30109 32bae23 CloseHandle 30107->30109 30108->30104 30109->30108 31382 401490 25 API calls 31509 32ca5fd 16 API calls _free 31383 100010d6 11 API calls 31511 401696 22 API calls 31385 32a93f3 5 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 31512 100022d9 GetModuleHandleA LoadLibraryA GetProcAddress lstrcatA GetProcAddress 31386 32af3f0 52 API calls 31387 32b5bf0 7 API calls 31513 32b19f0 9 API calls 31388 40249c 20 API calls 31391 32bb3f4 173 API calls 31514 10001adf 8 API calls 2 library calls 31392 401ca5 19 API calls 31516 4022a7 29 API calls 31393 100018ec 23 API calls 31518 32c01d8 37 API calls _unexpected 31396 4014b7 MulDiv SendMessageA 31520 32bedd3 50 API calls 2 library calls 31522 32ae5bb 8 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 31118 31c19e7 31119 31c1a6b CallWindowProcA 31118->31119 31123 31c19fd 31118->31123 31120 31c1abe 31119->31120 31126 31c1a8a 31119->31126 31121 31c1a5f 31122 31c10dc 20 API calls 31121->31122 31124 31c1a64 31122->31124 31123->31119 31123->31121 31127 31c1a26 SendMessageA 31123->31127 31124->31119 31125 31c1aa6 PostMessageA 31125->31120 31126->31120 31126->31125 31128 31c1a3b 31127->31128 31128->31123 31129 31c1ac7 31128->31129 31130 31c1afd 31129->31130 31131 31c1acd GetWindowTextA MessageBoxA 31129->31131 31134 31c1071 SendMessageA 31130->31134 31131->31130 31133 31c1b05 31133->31120 31134->31133 31397 32b4fd0 GlobalFree GlobalAlloc lstrcpynA 31523 32b25d0 43 API calls 3 library calls 31399 4024be 20 API calls 29628 32bdc2f 29629 32bdc3b CallCatchBlock 29628->29629 29630 32bdc64 dllmain_raw 29629->29630 29631 32bdc4a 29629->29631 29635 32bdc5f 29629->29635 29630->29631 29632 32bdc7e dllmain_crt_dispatch 29630->29632 29632->29631 29632->29635 29633 32bdccb 29633->29631 29634 32bdcd4 dllmain_crt_dispatch 29633->29634 29634->29631 29636 32bdce7 dllmain_raw 29634->29636 29635->29633 29637 32bdcb7 dllmain_crt_dispatch dllmain_raw 29635->29637 29636->29631 29637->29633 31401 32af220 293 API calls 31527 32ab420 124 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 31402 32d4e3d 43 API calls 3 library calls 30226 401f51 30227 401f63 30226->30227 30228 402012 30226->30228 30229 4029f6 18 API calls 30227->30229 30231 401423 25 API calls 30228->30231 30230 401f6a 30229->30230 30232 4029f6 18 API calls 30230->30232 30236 402169 30231->30236 30233 401f73 30232->30233 30234 401f88 LoadLibraryExA 30233->30234 30235 401f7b GetModuleHandleA 30233->30235 30234->30228 30237 401f98 GetProcAddress 30234->30237 30235->30234 30235->30237 30238 401fe5 30237->30238 30239 401fa8 30237->30239 30240 404f04 25 API calls 30238->30240 30241 401fb0 30239->30241 30242 401fc7 30239->30242 30244 401fb8 30240->30244 30300 401423 30241->30300 30249 32b4540 30242->30249 30252 31c2931 30242->30252 30260 1000198f 30242->30260 30244->30236 30245 402006 FreeLibrary 30244->30245 30245->30236 30303 32ad0d0 30249->30303 30253 31c2965 30252->30253 30254 31c296e 30253->30254 30255 31c297a 30253->30255 30307 31c2afb 30254->30307 30310 31c1e2f 30255->30310 30261 100019bf 30260->30261 30466 10001d3b 30261->30466 30263 100019c6 30264 100019d1 30263->30264 30265 10001adc 30263->30265 30266 100019dd 30264->30266 30487 100023f6 GlobalAlloc 30264->30487 30265->30244 30488 10002440 11 API calls 30266->30488 30269 100019e4 30272 100019f4 30269->30272 30273 10001a0d 30269->30273 30287 10001a03 30269->30287 30270 10001a42 30274 10001a84 30270->30274 30275 10001a48 30270->30275 30271 10001a24 30492 100025fe 14 API calls 30271->30492 30277 100019fa 30272->30277 30282 10001a05 30272->30282 30273->30287 30491 100014c7 GlobalFree 30273->30491 30497 100025fe 14 API calls 30274->30497 30495 100018a1 GlobalAlloc lstrcpyA wsprintfA 30275->30495 30277->30287 30489 1000120c GetLastError 30277->30489 30281 10001a2a 30493 100018a1 GlobalAlloc lstrcpyA wsprintfA 30281->30493 30490 100027cc GlobalAlloc GlobalSize 30282->30490 30285 10001a5e 30496 100025fe 14 API calls 30285->30496 30287->30270 30287->30271 30289 10001a76 30291 10001acb 30289->30291 30498 100025c4 GlobalFree 30289->30498 30290 10001a30 30494 1000159e GlobalAlloc lstrcpynA 30290->30494 30291->30265 30293 10001ad5 GlobalFree 30291->30293 30293->30265 30295 10001a36 GlobalFree 30295->30289 30296 10001a97 30297 10001ab7 30296->30297 30299 10001ab0 FreeLibrary 30296->30299 30297->30291 30499 10001825 GlobalAlloc lstrcpynA wsprintfA 30297->30499 30299->30297 30301 404f04 25 API calls 30300->30301 30302 401431 30301->30302 30302->30244 30304 32ad0f6 30303->30304 30305 32ad16c 30304->30305 30306 32ad141 GlobalAlloc lstrcpynA 30304->30306 30305->30244 30306->30305 30308 31c2978 30307->30308 30309 31c2b04 GlobalAlloc lstrcpynA 30307->30309 30308->30244 30309->30308 30311 31c1e56 30310->30311 30317 31c1e66 30310->30317 30423 31c2abb lstrcpyA GlobalFree 30311->30423 30313 31c271a 30439 31c2abb lstrcpyA GlobalFree 30313->30439 30315 31c1e5c 30316 31c2afb 2 API calls 30315->30316 30349 31c2702 30316->30349 30317->30313 30380 31c1410 30317->30380 30320 31c1ea3 GetDlgItem 30321 31c1ec9 GetDlgItem GetDlgItem GetDlgItem 30320->30321 30322 31c1eb9 30320->30322 30420 31c1087 30321->30420 30424 31c2abb lstrcpyA GlobalFree 30322->30424 30326 31c1087 SetWindowTextA 30327 31c1f09 30326->30327 30328 31c1087 SetWindowTextA 30327->30328 30329 31c1f1a 30328->30329 30330 31c1f2a KiUserCallbackDispatcher 30329->30330 30331 31c1f33 30329->30331 30330->30331 30332 31c1f3d EnableWindow 30331->30332 30333 31c1f67 30331->30333 30336 31c1f4e GetSystemMenu EnableMenuItem 30332->30336 30334 31c1f8a SendMessageA CreateDialogParamA 30333->30334 30335 31c1f71 ShowWindow 30333->30335 30337 31c2706 30334->30337 30338 31c1fc2 GetWindowRect MapWindowPoints SetWindowPos SendMessageA 30334->30338 30335->30334 30336->30333 30438 31c2abb lstrcpyA GlobalFree 30337->30438 30340 31c26b0 30338->30340 30374 31c202c 30338->30374 30345 31c26c1 30340->30345 30437 31c1071 SendMessageA 30340->30437 30343 31c270c 30344 31c2afb 2 API calls 30343->30344 30344->30349 30346 31c1087 SetWindowTextA 30345->30346 30347 31c26cf wsprintfA 30346->30347 30348 31c2afb 2 API calls 30347->30348 30348->30349 30349->30244 30350 31c219e CreateWindowExA wsprintfA wsprintfA WritePrivateProfileStringA 30351 31c2233 SendMessageA 30350->30351 30350->30374 30351->30374 30352 31c2617 SendMessageA 30355 31c262d GetWindowLongA SetWindowLongA 30352->30355 30352->30374 30353 31c260f SendMessageA 30353->30374 30355->30374 30356 31c1087 SetWindowTextA 30356->30374 30357 31c226c SetWindowLongA 30357->30374 30358 31c22ce GetModuleHandleA LoadIconA 30358->30374 30359 31c2293 LoadImageA 30359->30374 30360 31c245f SendMessageA 30360->30374 30363 31c22f6 GetObjectA 30363->30360 30363->30374 30364 31c2485 SetWindowPos 30364->30374 30366 31c100f GlobalFree 30366->30374 30367 31c2564 CharNextA 30367->30374 30368 31c2552 SendMessageA 30368->30374 30369 31c2328 CreateCompatibleDC SelectObject GetDIBits CreateRectRgn 30370 31c2436 SetWindowRgn DeleteObject DeleteObject 30369->30370 30369->30374 30430 31c100f 30370->30430 30371 31c25f8 SendMessageA 30371->30374 30376 31c24ca 30371->30376 30373 31c2596 SendMessageA 30373->30376 30374->30340 30374->30350 30374->30352 30374->30356 30374->30357 30374->30358 30374->30359 30374->30360 30374->30363 30374->30364 30374->30366 30374->30367 30374->30368 30374->30369 30374->30370 30374->30371 30375 31c23f8 CreateRectRgn CombineRgn DeleteObject 30374->30375 30374->30376 30425 31c2a54 30374->30425 30429 31c1000 GlobalAlloc 30374->30429 30433 31c101f lstrlenA 30374->30433 30436 31c1071 SendMessageA 30374->30436 30375->30374 30376->30353 30376->30371 30376->30373 30376->30374 30377 31c25b8 CharNextA 30376->30377 30378 31c25ce SendMessageA 30376->30378 30377->30376 30378->30376 30379 31c25e1 SendMessageA 30378->30379 30379->30376 30440 31c13d5 30380->30440 30383 31c13d5 4 API calls 30384 31c1437 30383->30384 30385 31c13d5 4 API calls 30384->30385 30386 31c1446 30385->30386 30387 31c13d5 4 API calls 30386->30387 30388 31c1455 30387->30388 30445 31c13f3 GetPrivateProfileIntA 30388->30445 30390 31c1467 30446 31c13f3 GetPrivateProfileIntA 30390->30446 30392 31c147b 30447 31c13f3 GetPrivateProfileIntA 30392->30447 30394 31c148c 30448 31c13f3 GetPrivateProfileIntA 30394->30448 30396 31c149d 30449 31c13f3 GetPrivateProfileIntA 30396->30449 30398 31c14ae 30450 31c13f3 GetPrivateProfileIntA 30398->30450 30400 31c14be 30418 31c14d8 30400->30418 30457 31c1000 GlobalAlloc 30400->30457 30402 31c1509 wsprintfA 30451 31c13a6 GetPrivateProfileStringA 30402->30451 30404 31c29d7 lstrcmpiA 30404->30418 30405 31c1763 30405->30313 30405->30320 30406 31c13a6 GetPrivateProfileStringA 30406->30418 30408 31c13d5 GlobalAlloc lstrlenA lstrcpyA GetPrivateProfileStringA 30408->30418 30410 31c15aa lstrcpyA 30410->30418 30411 31c2a54 CharNextA 30411->30418 30412 31c2a54 CharNextA 30413 31c1603 GetPrivateProfileStringA 30412->30413 30413->30418 30414 31c13f3 GetPrivateProfileIntA 30414->30418 30416 31c1633 lstrcpyA 30416->30418 30417 31c164e CharNextA 30417->30418 30418->30402 30418->30404 30418->30405 30418->30406 30418->30408 30418->30411 30418->30412 30418->30414 30418->30417 30419 31c101f GlobalAlloc lstrlenA lstrcpyA 30418->30419 30452 31c2a11 30418->30452 30458 31c1000 GlobalAlloc 30418->30458 30459 31c1000 GlobalAlloc 30418->30459 30419->30418 30421 31c108e SetWindowTextA 30420->30421 30422 31c1094 30420->30422 30421->30422 30422->30326 30423->30315 30424->30315 30426 31c2ab3 30425->30426 30427 31c2a5d 30425->30427 30426->30374 30427->30426 30428 31c2a84 CharNextA 30427->30428 30428->30427 30429->30374 30431 31c101c 30430->30431 30432 31c1016 GlobalFree 30430->30432 30431->30374 30432->30431 30465 31c1000 GlobalAlloc 30433->30465 30435 31c1030 lstrcpyA 30435->30374 30436->30374 30437->30345 30438->30343 30439->30315 30460 31c13a6 GetPrivateProfileStringA 30440->30460 30442 31c13de 30443 31c13ec 30442->30443 30444 31c101f 3 API calls 30442->30444 30443->30383 30444->30443 30445->30390 30446->30392 30447->30394 30448->30396 30449->30398 30450->30400 30451->30418 30453 31c2a1b 30452->30453 30454 31c2a28 CharNextA 30453->30454 30456 31c2a4b 30453->30456 30461 31c29d7 30453->30461 30454->30453 30456->30418 30457->30418 30458->30410 30459->30416 30460->30442 30462 31c29e4 30461->30462 30463 31c2a03 30461->30463 30462->30463 30464 31c29e8 lstrcmpiA 30462->30464 30463->30453 30464->30462 30464->30463 30465->30435 30500 10001541 GlobalAlloc 30466->30500 30468 10001d5c 30501 10001541 GlobalAlloc 30468->30501 30470 10001d67 30502 10001561 30470->30502 30472 10001f77 GlobalFree GlobalFree GlobalFree 30473 10001fde 30472->30473 30479 10001f94 30472->30479 30473->30263 30474 10001e21 GlobalAlloc 30478 10001d6f 30474->30478 30475 10001e70 lstrcpyA 30477 10001e7a lstrcpyA 30475->30477 30476 10001e95 GlobalFree 30476->30478 30477->30478 30478->30472 30478->30474 30478->30475 30478->30476 30478->30477 30482 10002267 lstrcpyA 30478->30482 30483 10001ed7 30478->30483 30484 1000212b GlobalFree 30478->30484 30509 10001541 GlobalAlloc 30478->30509 30510 10001550 GlobalAlloc lstrcpyA 30478->30510 30479->30473 30508 10001550 GlobalAlloc lstrcpyA 30479->30508 30482->30478 30483->30478 30507 1000187c GlobalSize GlobalAlloc 30483->30507 30484->30478 30487->30266 30488->30269 30489->30287 30490->30287 30492->30281 30493->30290 30494->30295 30495->30285 30496->30289 30497->30289 30498->30296 30499->30291 30500->30468 30501->30470 30503 1000159a 30502->30503 30504 1000156b 30502->30504 30503->30478 30504->30503 30511 10001541 GlobalAlloc 30504->30511 30506 10001577 lstrcpyA GlobalFree 30506->30478 30507->30483 30508->30473 30509->30478 30510->30478 30511->30506 30523 404356 30524 404394 30523->30524 30525 404387 30523->30525 30527 40439d GetDlgItem 30524->30527 30533 40440f 30524->30533 30605 40540b GetDlgItemTextA 30525->30605 30530 4043b1 30527->30530 30528 4044e4 30534 404670 30528->30534 30595 40540b GetDlgItemTextA 30528->30595 30529 40438e 30531 405dc8 5 API calls 30529->30531 30532 4043c5 SetWindowTextA 30530->30532 30536 4056ed 4 API calls 30530->30536 30531->30524 30539 403f18 19 API calls 30532->30539 30533->30528 30533->30534 30537 405b88 18 API calls 30533->30537 30609 403f7f 8 API calls 30534->30609 30541 4043bb 30536->30541 30542 404476 SHBrowseForFolderA 30537->30542 30538 404510 30543 40573a 18 API calls 30538->30543 30544 4043e3 30539->30544 30541->30532 30549 405659 3 API calls 30541->30549 30542->30528 30546 40448e CoTaskMemFree 30542->30546 30547 404516 30543->30547 30548 403f18 19 API calls 30544->30548 30545 404684 30550 405659 3 API calls 30546->30550 30596 405b66 lstrcpynA 30547->30596 30551 4043f1 30548->30551 30549->30532 30552 40449b 30550->30552 30590 403f4d SendMessageA 30551->30590 30555 4044d2 SetDlgItemTextA 30552->30555 30560 405b88 18 API calls 30552->30560 30555->30528 30556 40452d 30558 405e88 3 API calls 30556->30558 30557 4043f9 30591 405e88 GetModuleHandleA 30557->30591 30568 404535 30558->30568 30562 4044ba lstrcmpiA 30560->30562 30562->30555 30566 4044cb lstrcatA 30562->30566 30563 40456f 30606 405b66 lstrcpynA 30563->30606 30564 404408 SHAutoComplete 30564->30533 30566->30555 30567 404542 GetDiskFreeSpaceExA 30567->30568 30577 4045c2 30567->30577 30568->30563 30568->30567 30571 4056a0 2 API calls 30568->30571 30569 404578 30570 4056ed 4 API calls 30569->30570 30572 40457e 30570->30572 30571->30568 30573 404582 30572->30573 30574 404585 GetDiskFreeSpaceA 30572->30574 30573->30574 30575 4045a0 MulDiv 30574->30575 30576 4045da 30574->30576 30575->30577 30576->30577 30578 40461f 30577->30578 30597 4046f1 30577->30597 30580 404642 30578->30580 30581 40140b 2 API calls 30578->30581 30607 403f3a KiUserCallbackDispatcher 30580->30607 30581->30580 30582 404611 30584 404621 SetDlgItemTextA 30582->30584 30585 404616 30582->30585 30584->30578 30587 4046f1 21 API calls 30585->30587 30586 40465e 30586->30534 30588 40466b 30586->30588 30587->30578 30608 4042eb SendMessageA 30588->30608 30590->30557 30592 405ea4 LoadLibraryA 30591->30592 30593 405eaf GetProcAddress 30591->30593 30592->30593 30594 404400 30592->30594 30593->30594 30594->30534 30594->30564 30595->30538 30596->30556 30598 40470b 30597->30598 30599 405b88 18 API calls 30598->30599 30600 404740 30599->30600 30601 405b88 18 API calls 30600->30601 30602 40474b 30601->30602 30603 405b88 18 API calls 30602->30603 30604 40477c lstrlenA wsprintfA SetDlgItemTextA 30603->30604 30604->30582 30605->30529 30606->30569 30607->30586 30608->30534 30609->30545 30611 32a7430 SetEvent 30614 32a7300 30611->30614 30628 32a3810 30614->30628 30619 32a740a 30620 32a7426 Sleep 30625 32a7326 30620->30625 30621 32a1cb0 WaitForSingleObject 30621->30625 30624 32a3810 WaitForSingleObject 30624->30625 30625->30619 30625->30620 30625->30621 30625->30624 30632 32a1ca0 OpenMutexA 30625->30632 30634 32a1ce0 ReleaseMutex 30625->30634 30635 32a1d00 CloseHandle 30625->30635 30636 32a3820 ReleaseMutex 30625->30636 30637 32a3c40 53 API calls 30625->30637 30629 32a37f0 30628->30629 30630 32a1cb0 WaitForSingleObject 30629->30630 30631 32a37fb 30630->30631 30631->30625 30633 32a3820 ReleaseMutex 30631->30633 30632->30625 30633->30625 30634->30625 30635->30625 30636->30625 30637->30625 31404 32bae30 CloseHandle 31529 32a1808 53 API calls 2 library calls 31406 32bfa00 6 API calls 3 library calls 31407 32d1201 65 API calls 2 library calls 30947 10002930 30948 10002940 VirtualProtect 30947->30948 30949 1000297b 30947->30949 30948->30949 31409 402172 30 API calls 31534 32adc10 158 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 31535 32aec10 320 API calls 31536 32b2010 6 API calls 31537 32b4410 22 API calls 29627 402303 52 API calls 29726 401b06 29727 401b13 29726->29727 29728 401b57 29726->29728 29729 401b9b 29727->29729 29735 401b2a 29727->29735 29730 401b80 GlobalAlloc 29728->29730 29731 401b5b 29728->29731 29733 405b88 18 API calls 29729->29733 29739 40220e 29729->29739 29732 405b88 18 API calls 29730->29732 29731->29739 29747 405b66 lstrcpynA 29731->29747 29732->29729 29734 402208 29733->29734 29748 405427 MessageBoxIndirectA 29734->29748 29745 405b66 lstrcpynA 29735->29745 29738 401b6d GlobalFree 29738->29739 29741 401b39 29746 405b66 lstrcpynA 29741->29746 29743 401b48 29749 405b66 lstrcpynA 29743->29749 29745->29741 29746->29743 29747->29738 29748->29739 29749->29739 31411 402506 20 API calls 31412 32c7665 23 API calls __purecall 31413 32ad260 GlobalAlloc wsprintfA 30110 40190d 30111 40190f 30110->30111 30112 4029f6 18 API calls 30111->30112 30113 401914 30112->30113 30116 40548b 30113->30116 30157 40573a 30116->30157 30119 4054a8 DeleteFileA 30121 40191d 30119->30121 30120 4054bf 30122 4055fe 30120->30122 30171 405b66 lstrcpynA 30120->30171 30122->30121 30181 405e61 FindFirstFileA 30122->30181 30124 4054e9 30125 4054fa 30124->30125 30126 4054ed lstrcatA 30124->30126 30172 4056a0 lstrlenA 30125->30172 30128 405500 30126->30128 30131 40550e lstrcatA 30128->30131 30132 405519 lstrlenA FindFirstFileA 30128->30132 30131->30132 30134 4055f4 30132->30134 30155 40553d 30132->30155 30134->30122 30136 405684 CharNextA 30136->30155 30137 40581e 2 API calls 30138 405629 RemoveDirectoryA 30137->30138 30139 405634 30138->30139 30140 40564b 30138->30140 30139->30121 30143 40563a 30139->30143 30144 404f04 25 API calls 30140->30144 30141 4055d3 FindNextFileA 30145 4055eb FindClose 30141->30145 30141->30155 30146 404f04 25 API calls 30143->30146 30144->30121 30145->30134 30147 405642 30146->30147 30187 4058b4 38 API calls 30147->30187 30150 40548b 59 API calls 30150->30155 30151 405649 30151->30121 30153 404f04 25 API calls 30153->30141 30154 404f04 25 API calls 30154->30155 30155->30136 30155->30141 30155->30150 30155->30153 30155->30154 30176 405b66 lstrcpynA 30155->30176 30177 40581e GetFileAttributesA 30155->30177 30180 4058b4 38 API calls 30155->30180 30188 405b66 lstrcpynA 30157->30188 30159 40574b 30189 4056ed CharNextA CharNextA 30159->30189 30161 40549f 30161->30119 30161->30120 30163 405dc8 5 API calls 30169 405761 30163->30169 30164 40578c lstrlenA 30165 405797 30164->30165 30164->30169 30167 405659 3 API calls 30165->30167 30166 405e61 2 API calls 30166->30169 30168 40579c GetFileAttributesA 30167->30168 30168->30161 30169->30161 30169->30164 30169->30166 30170 4056a0 2 API calls 30169->30170 30170->30164 30171->30124 30173 4056ad 30172->30173 30174 4056b2 CharPrevA 30173->30174 30175 4056be 30173->30175 30174->30173 30174->30175 30175->30128 30176->30155 30178 4055a0 DeleteFileA 30177->30178 30179 40582d SetFileAttributesA 30177->30179 30178->30155 30179->30178 30180->30155 30182 405619 30181->30182 30183 405e77 FindClose 30181->30183 30182->30121 30184 405659 lstrlenA CharPrevA 30182->30184 30183->30182 30185 405673 lstrcatA 30184->30185 30186 405623 30184->30186 30185->30186 30186->30137 30187->30151 30188->30159 30190 405707 30189->30190 30193 405713 30189->30193 30191 40570e CharNextA 30190->30191 30190->30193 30192 405730 30191->30192 30192->30161 30192->30163 30193->30192 30194 405684 CharNextA 30193->30194 30194->30193 31541 40430f 28 API calls 31542 31c1c53 6 API calls 31543 32cf87e IsProcessorFeaturePresent 31544 32bb470 148 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 31415 32d1675 44 API calls 4 library calls 31416 401d1b 22 API calls 31417 32c8672 49 API calls 30774 401721 30775 4029f6 18 API calls 30774->30775 30776 401728 30775->30776 30780 40586c 30776->30780 30778 40172f 30779 40586c 2 API calls 30778->30779 30779->30778 30781 405877 GetTickCount GetTempFileNameA 30780->30781 30782 4058a7 30781->30782 30783 4058a3 30781->30783 30782->30778 30783->30781 30783->30782 31418 401922 19 API calls 30850 32bda40 30851 32bda4b 30850->30851 30852 32bda7e dllmain_crt_process_detach 30850->30852 30853 32bda70 dllmain_crt_process_attach 30851->30853 30854 32bda50 30851->30854 30859 32bda5a 30852->30859 30853->30859 30855 32bda66 30854->30855 30856 32bda55 30854->30856 30861 32bdf81 23 API calls 30855->30861 30856->30859 30860 32bdfa0 21 API calls 30856->30860 30860->30859 30861->30859 31547 32b2040 55 API calls 2 library calls 31548 32b0060 98 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 31550 32d2443 GetCommandLineA GetCommandLineW 31421 405fb5 GlobalFree GlobalAlloc GlobalFree GlobalAlloc 31422 32a6658 ReleaseMutex GetCurrentThreadId GetCurrentProcessId 30969 401734 30970 4029f6 18 API calls 30969->30970 30971 40173b 30970->30971 30972 401761 30971->30972 30973 401759 30971->30973 31024 405b66 lstrcpynA 30972->31024 31023 405b66 lstrcpynA 30973->31023 30976 40176c 30978 405659 3 API calls 30976->30978 30977 40175f 30980 405dc8 5 API calls 30977->30980 30979 401772 lstrcatA 30978->30979 30979->30977 30986 40177e 30980->30986 30981 405e61 2 API calls 30981->30986 30983 40581e 2 API calls 30983->30986 30984 401795 CompareFileTime 30984->30986 30985 401859 30987 404f04 25 API calls 30985->30987 30986->30981 30986->30983 30986->30984 30986->30985 30989 405b66 lstrcpynA 30986->30989 30995 405b88 18 API calls 30986->30995 31006 401830 30986->31006 31007 40583d GetFileAttributesA CreateFileA 30986->31007 31025 405427 MessageBoxIndirectA 30986->31025 30990 401863 30987->30990 30988 404f04 25 API calls 30994 401845 30988->30994 30989->30986 31008 402f18 30990->31008 30993 40188a SetFileTime 30996 40189c FindCloseChangeNotification 30993->30996 30995->30986 30996->30994 30997 4018ad 30996->30997 30998 4018b2 30997->30998 30999 4018c5 30997->30999 31000 405b88 18 API calls 30998->31000 31001 405b88 18 API calls 30999->31001 31002 4018ba lstrcatA 31000->31002 31003 4018cd 31001->31003 31002->31003 31026 405427 MessageBoxIndirectA 31003->31026 31006->30988 31006->30994 31007->30986 31009 402f45 31008->31009 31010 402f29 SetFilePointer 31008->31010 31027 403043 GetTickCount 31009->31027 31010->31009 31013 402f56 ReadFile 31014 402f76 31013->31014 31019 401876 31013->31019 31015 403043 43 API calls 31014->31015 31014->31019 31016 402f8d 31015->31016 31017 403008 ReadFile 31016->31017 31016->31019 31020 402f9d 31016->31020 31017->31019 31019->30993 31019->30996 31020->31019 31021 402fb8 ReadFile 31020->31021 31022 402fd1 WriteFile 31020->31022 31021->31019 31021->31020 31022->31019 31022->31020 31023->30977 31024->30976 31025->30986 31026->30994 31028 403072 31027->31028 31029 4031ad 31027->31029 31040 4031f1 SetFilePointer 31028->31040 31030 402bd3 33 API calls 31029->31030 31037 402f4e 31030->31037 31032 40307d SetFilePointer 31035 4030a2 31032->31035 31035->31037 31038 403137 WriteFile 31035->31038 31039 40318e SetFilePointer 31035->31039 31041 4031bf ReadFile 31035->31041 31043 402bd3 31035->31043 31057 405f82 31035->31057 31037->31013 31037->31019 31038->31035 31038->31037 31039->31029 31040->31032 31042 4031e0 31041->31042 31042->31035 31044 402be1 31043->31044 31045 402bf9 31043->31045 31046 402bf1 31044->31046 31047 402bea DestroyWindow 31044->31047 31048 402c01 31045->31048 31049 402c09 GetTickCount 31045->31049 31046->31035 31047->31046 31067 405ec1 DispatchMessageA PeekMessageA 31048->31067 31049->31046 31051 402c17 31049->31051 31052 402c4c CreateDialogParamA ShowWindow 31051->31052 31053 402c1f 31051->31053 31052->31046 31053->31046 31064 402bb7 31053->31064 31055 402c2d wsprintfA 31056 404f04 25 API calls 31055->31056 31056->31046 31058 405fa7 31057->31058 31059 405faf 31057->31059 31058->31035 31059->31058 31060 406036 GlobalFree 31059->31060 31061 40603f GlobalAlloc 31059->31061 31062 4060b6 GlobalAlloc 31059->31062 31063 4060ad GlobalFree 31059->31063 31060->31061 31061->31058 31061->31059 31062->31058 31062->31059 31063->31062 31065 402bc6 31064->31065 31066 402bc8 MulDiv 31064->31066 31065->31066 31066->31055 31067->31046 31423 401934 20 API calls 31551 32b5050 44 API calls __vsnwprintf_l 31552 402b3b SetTimer wsprintfA SetWindowTextA SetDlgItemTextA MulDiv 31425 401dc1 26 API calls 31426 32a56a0 57 API calls 31427 32b42a0 22 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 31428 32b2ea0 33 API calls 2 library calls 31554 31c1097 GetWindowTextA SendMessageA 31429 4025cc 19 API calls 30195 32baca5 InitializeSecurityDescriptor SetSecurityDescriptorDacl 30196 32bacf0 CreateEventA GetLastError 30195->30196 30197 32bad19 30196->30197 30198 32bad14 30196->30198 30199 32bad20 CloseHandle 30197->30199 30200 32bad27 Sleep 30197->30200 30198->30197 30202 32bad33 30198->30202 30199->30200 30200->30196 30201 32bad31 30200->30201 30201->30202 30203 32bad4b 30202->30203 30204 32bad7d 30202->30204 30221 32bd99e 16 API calls 3 library calls 30203->30221 30212 32bada7 30204->30212 30218 32bd8a0 LoadLibraryA 30204->30218 30207 32bad52 30209 32bad6a 30207->30209 30222 32bb260 175 API calls 30207->30222 30208 32bad92 30208->30209 30211 32bad9b 30208->30211 30223 32bd7a0 13 API calls 30211->30223 30212->30209 30224 32bd99e 16 API calls 3 library calls 30212->30224 30215 32badc6 30215->30209 30225 32bbf20 5 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 30215->30225 30216 32bada0 30216->30212 30219 32bd8af 30218->30219 30220 32bd8b2 FreeLibrary 30218->30220 30219->30208 30220->30208 30221->30207 30222->30209 30223->30216 30224->30215 30225->30209 31430 32ceabc 30 API calls 2 library calls 31558 32c78bc 71 API calls 2 library calls 31432 32c72b1 20 API calls __vsnwprintf_l 31434 4019e6 20 API calls 31565 32d2885 GetProcessHeap 31435 32afe80 7 API calls 31436 32bd680 72 API calls 2 library calls 31437 32b4e80 20 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 31566 32b4480 GlobalAlloc wsprintfA 31068 32bda93 31069 32bda9f CallCatchBlock 31068->31069 31082 32be011 31069->31082 31071 32bdaa6 31072 32bdad0 31071->31072 31073 32bdb95 31071->31073 31079 32bdaab ___scrt_is_nonwritable_in_current_image __purecall 31071->31079 31090 32bdf73 31072->31090 31095 32be719 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 31073->31095 31076 32bdb9c 31077 32bdadf __RTC_Initialize 31077->31079 31093 32be6de InitializeSListHead 31077->31093 31080 32bdaed ___scrt_initialize_default_local_stdio_options 31080->31079 31094 32bdf48 IsProcessorFeaturePresent ___isa_available_init ___scrt_release_startup_lock 31080->31094 31083 32be01a 31082->31083 31096 32be8fb IsProcessorFeaturePresent 31083->31096 31085 32be026 31097 32c03f8 10 API calls 3 library calls 31085->31097 31087 32be02b 31088 32be02f 31087->31088 31098 32c0437 8 API calls 3 library calls 31087->31098 31088->31071 31091 32be04a 4 API calls 31090->31091 31092 32bdf7a 31091->31092 31092->31077 31093->31080 31094->31079 31095->31076 31096->31085 31097->31087 31098->31088 31439 4025fb FindClose 31440 32b4a90 60 API calls 31571 32b1c90 wsprintfA GlobalAlloc GlobalAlloc lstrcpynA 31572 32cf890 15 API calls 31441 32cda93 FreeLibrary 31573 32d5092 41 API calls 3 library calls 31442 32bb6e8 125 API calls 31574 32ba0ee 8 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 29753 32ac6e0 29762 32ac580 LoadLibraryA 29753->29762 29755 32ac6e7 InterlockedCompareExchange 29756 32ac723 29755->29756 29757 32ac706 Sleep 29755->29757 29758 32aa2a0 56 API calls 29756->29758 29771 32aa2a0 InterlockedDecrement 29757->29771 29760 32ac72a 29758->29760 29761 32ac718 FreeLibraryAndExitThread 29761->29756 29763 32ac5b2 GetProcAddress 29762->29763 29764 32ac5d1 29762->29764 29765 32ac5e1 InitializeSecurityDescriptor SetSecurityDescriptorDacl CreateEventA 29763->29765 29766 32ac5c7 29763->29766 29764->29755 29790 32c7751 29765->29790 29766->29755 29769 32c7751 49 API calls 29770 32ac6b2 WaitForSingleObject CloseHandle 29769->29770 29770->29755 29772 32aa2c1 29771->29772 29773 32aa2b5 29771->29773 29775 32aa34a 29772->29775 29950 32a3b10 29772->29950 29773->29761 29774 32aa359 29774->29761 29775->29774 29966 32a1d00 CloseHandle 29775->29966 29780 32aa2f0 29780->29775 29781 32aa2f7 29780->29781 29962 32a3900 WaitForSingleObject ReleaseMutex CloseHandle ___scrt_fastfail 29781->29962 29783 32aa303 29963 32a1dd0 UnmapViewOfFile 29783->29963 29785 32aa30d 29964 32a1d00 CloseHandle 29785->29964 29787 32aa335 29965 32a3840 48 API calls 29787->29965 29789 32aa348 29789->29775 29791 32c775e 29790->29791 29792 32c7772 29790->29792 29813 32c94c6 14 API calls _free 29791->29813 29804 32c76ff 29792->29804 29795 32c7763 29814 32c9409 25 API calls __strnicoll 29795->29814 29798 32c7787 CreateThread 29799 32c77b2 29798->29799 29800 32c77a6 GetLastError 29798->29800 29842 32c75f3 29798->29842 29816 32c7671 29799->29816 29815 32c9490 14 API calls 2 library calls 29800->29815 29801 32ac644 WaitForSingleObject CloseHandle InitializeSecurityDescriptor SetSecurityDescriptorDacl CreateEventA 29801->29769 29824 32cca94 29804->29824 29808 32c771d 29809 32c7724 GetModuleHandleExW 29808->29809 29810 32c7741 29808->29810 29809->29810 29811 32c7671 16 API calls 29810->29811 29812 32c7749 29811->29812 29812->29798 29812->29799 29813->29795 29814->29801 29815->29799 29817 32c767d 29816->29817 29818 32c76a1 29816->29818 29819 32c768c 29817->29819 29820 32c7683 CloseHandle 29817->29820 29818->29801 29821 32c769b 29819->29821 29822 32c7692 FreeLibrary 29819->29822 29820->29819 29823 32c9efa _free 14 API calls 29821->29823 29822->29821 29823->29818 29825 32ccaa1 29824->29825 29826 32ccae1 29825->29826 29827 32ccacc HeapAlloc 29825->29827 29830 32ccab5 _strftime 29825->29830 29840 32c94c6 14 API calls _free 29826->29840 29828 32ccadf 29827->29828 29827->29830 29831 32c7710 29828->29831 29830->29826 29830->29827 29839 32c7e58 EnterCriticalSection LeaveCriticalSection _strftime 29830->29839 29833 32c9efa 29831->29833 29834 32c9f05 HeapFree 29833->29834 29838 32c9f2e _free 29833->29838 29835 32c9f1a 29834->29835 29834->29838 29841 32c94c6 14 API calls _free 29835->29841 29837 32c9f20 GetLastError 29837->29838 29838->29808 29839->29830 29840->29831 29841->29837 29843 32c75ff CallCatchBlock 29842->29843 29844 32c7606 GetLastError ExitThread 29843->29844 29845 32c7613 29843->29845 29856 32ca3f1 GetLastError 29845->29856 29850 32c762f 29888 32c77d6 29850->29888 29857 32ca408 29856->29857 29858 32ca40e 29856->29858 29903 32cd696 6 API calls _unexpected 29857->29903 29882 32ca414 SetLastError 29858->29882 29904 32cd6d5 6 API calls _unexpected 29858->29904 29861 32ca42c 29862 32cca94 _unexpected 14 API calls 29861->29862 29861->29882 29863 32ca43c 29862->29863 29865 32ca45b 29863->29865 29866 32ca444 29863->29866 29906 32cd6d5 6 API calls _unexpected 29865->29906 29905 32cd6d5 6 API calls _unexpected 29866->29905 29867 32ca4a8 29909 32c9546 37 API calls __purecall 29867->29909 29868 32c7618 29883 32d1474 29868->29883 29872 32ca452 29878 32c9efa _free 14 API calls 29872->29878 29874 32ca467 29875 32ca47c 29874->29875 29876 32ca46b 29874->29876 29908 32ca1ef 14 API calls _unexpected 29875->29908 29907 32cd6d5 6 API calls _unexpected 29876->29907 29878->29882 29880 32ca487 29881 32c9efa _free 14 API calls 29880->29881 29881->29882 29882->29867 29882->29868 29884 32d1486 GetPEB 29883->29884 29885 32c7623 29883->29885 29884->29885 29886 32d1499 29884->29886 29885->29850 29901 32cd9bd 5 API calls _unexpected 29885->29901 29910 32cd506 5 API calls _unexpected 29886->29910 29911 32c76a8 29888->29911 29901->29850 29903->29858 29904->29861 29905->29872 29906->29874 29907->29872 29908->29880 29910->29885 29920 32ca548 GetLastError 29911->29920 29913 32c76f5 ExitThread 29914 32c76cc 29917 32c76d8 CloseHandle 29914->29917 29918 32c76df 29914->29918 29915 32c76b3 29915->29913 29915->29914 29943 32cd9f8 5 API calls _unexpected 29915->29943 29917->29918 29918->29913 29919 32c76eb FreeLibraryAndExitThread 29918->29919 29919->29913 29921 32ca55f 29920->29921 29922 32ca565 29920->29922 29944 32cd696 6 API calls _unexpected 29921->29944 29926 32ca56b SetLastError 29922->29926 29945 32cd6d5 6 API calls _unexpected 29922->29945 29925 32ca583 29925->29926 29927 32cca94 _unexpected 12 API calls 29925->29927 29926->29915 29929 32ca593 29927->29929 29930 32ca59b 29929->29930 29931 32ca5b2 29929->29931 29946 32cd6d5 6 API calls _unexpected 29930->29946 29947 32cd6d5 6 API calls _unexpected 29931->29947 29934 32ca5be 29936 32ca5c2 29934->29936 29937 32ca5d3 29934->29937 29935 32ca5a9 29940 32c9efa _free 12 API calls 29935->29940 29948 32cd6d5 6 API calls _unexpected 29936->29948 29949 32ca1ef 14 API calls _unexpected 29937->29949 29940->29926 29941 32ca5de 29942 32c9efa _free 12 API calls 29941->29942 29942->29926 29943->29914 29944->29922 29945->29925 29946->29935 29947->29934 29948->29935 29949->29941 29951 32a3b1f 29950->29951 29952 32a3b3e 29951->29952 29953 32a3b4c 29951->29953 29967 32a3aa0 WaitForSingleObject InterlockedCompareExchange TerminateThread CloseHandle 29952->29967 29955 32a3b64 29953->29955 29958 32a3b49 29953->29958 29956 32a3b7f FreeLibrary 29955->29956 29957 32a3b92 29955->29957 29956->29957 29961 32a6c10 49 API calls 29957->29961 29958->29953 29968 32a3aa0 WaitForSingleObject InterlockedCompareExchange TerminateThread CloseHandle 29958->29968 29960 32a3b61 29960->29955 29961->29780 29962->29783 29963->29785 29964->29787 29965->29789 29966->29774 29967->29958 29968->29960 31576 32d2ce7 45 API calls 5 library calls 31443 32b3ae0 104 API calls 2 library calls 31577 32b30e0 25 API calls 3 library calls 31579 32b88e0 WideCharToMultiByte 31580 32b18e0 69 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 31582 32bbce0 169 API calls 3 library calls 31583 32c8ce0 8 API calls ___vcrt_uninitialize 30512 401d95 30520 4029d9 30512->30520 30514 401d9b 30515 4029d9 18 API calls 30514->30515 30516 401da4 30515->30516 30517 401db6 EnableWindow 30516->30517 30518 401dab ShowWindow 30516->30518 30519 40288b 30517->30519 30518->30519 30521 405b88 18 API calls 30520->30521 30522 4029ed 30521->30522 30522->30514 31445 401595 19 API calls 30638 32ac8f0 30641 32ac890 30638->30641 30640 32ac8f9 30642 32ac8a0 30641->30642 30643 32ac8aa 30641->30643 30673 32a39d0 51 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 30642->30673 30646 32ac8af 30643->30646 30650 32ac740 InterlockedCompareExchange 30643->30650 30646->30640 30647 32ac8c2 30648 32ac8e4 30647->30648 30674 32a3a60 ReleaseMutex 30647->30674 30648->30640 30651 32ac78e 30650->30651 30652 32ac773 30650->30652 30653 32ac7b2 30651->30653 30654 32ac792 GetModuleFileNameA LoadLibraryA 30651->30654 30655 32bd98d __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 30652->30655 30656 32ac7b4 InitializeSecurityDescriptor 30653->30656 30654->30656 30657 32ac787 30655->30657 30658 32ac7e0 SetSecurityDescriptorDacl 30656->30658 30659 32ac7c5 30656->30659 30657->30647 30658->30659 30661 32ac7f5 30658->30661 30660 32bd98d __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 30659->30660 30662 32ac7d9 30660->30662 30675 32abd80 30661->30675 30662->30647 30665 32ac874 30666 32bd98d __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 30665->30666 30668 32ac888 30666->30668 30667 32c7751 49 API calls 30669 32ac83c 30667->30669 30668->30647 30669->30659 30670 32ac845 30669->30670 30671 32ac858 WaitForSingleObject CloseHandle 30670->30671 30672 32ac84f CloseHandle 30670->30672 30671->30665 30672->30665 30673->30643 30674->30648 30676 32abfb1 30675->30676 30677 32abdad ___scrt_fastfail 30675->30677 30678 32bd98d __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 30676->30678 30680 32a1c40 3 API calls 30677->30680 30679 32abfc7 30678->30679 30679->30665 30679->30667 30681 32abdd4 30680->30681 30682 32a3810 WaitForSingleObject 30681->30682 30696 32abde0 30681->30696 30684 32abdf2 30682->30684 30683 32aa2a0 56 API calls 30683->30676 30684->30696 30708 32a1da0 OpenFileMappingA 30684->30708 30686 32abe50 30687 32abea4 30686->30687 30710 32a1da0 OpenFileMappingA 30686->30710 30715 32a3820 ReleaseMutex 30687->30715 30690 32abe63 30690->30687 30692 32abe6c 30690->30692 30691 32abe96 30706 32abeb6 30691->30706 30709 32a1db0 MapViewOfFile 30691->30709 30711 32a1d30 InitializeSecurityDescriptor 30692->30711 30695 32abe7b 30695->30691 30698 32a1d30 3 API calls 30695->30698 30696->30676 30696->30683 30697 32abec8 30700 32abed1 30697->30700 30707 32abeee ___scrt_fastfail 30697->30707 30698->30691 30716 32a1d00 CloseHandle 30700->30716 30702 32abf90 30718 32ab300 90 API calls ___scrt_fastfail 30702->30718 30703 32abf84 30717 32a3860 50 API calls 2 library calls 30703->30717 30706->30696 30719 32a3820 ReleaseMutex 30706->30719 30707->30702 30707->30703 30708->30686 30709->30697 30710->30690 30712 32a1d8d 30711->30712 30713 32a1d47 SetSecurityDescriptorDacl 30711->30713 30712->30695 30713->30712 30714 32a1d5a CreateFileMappingA 30713->30714 30714->30695 30715->30691 30716->30706 30717->30706 30718->30706 30719->30696 31447 32b1af0 24 API calls 31585 32b24f0 81 API calls 31587 32bdcf5 ___scrt_dllmain_exception_filter 31588 32d44cd 40 API calls 4 library calls 31589 32b9cca SysFreeString SysFreeString SysFreeString 31590 32ae0c8 115 API calls 2 library calls 31591 100013e7 GlobalSize GlobalAlloc 31448 32aeac0 10 API calls 31592 32af8c0 SetCursor CallWindowProcA 31593 32b24c0 20 API calls 31594 32b28c0 80 API calls 2 library calls 30862 401bad 30863 4029d9 18 API calls 30862->30863 30864 401bb4 30863->30864 30865 4029d9 18 API calls 30864->30865 30866 401bbe 30865->30866 30867 401bce 30866->30867 30868 4029f6 18 API calls 30866->30868 30869 401bde 30867->30869 30872 4029f6 18 API calls 30867->30872 30868->30867 30870 401be9 30869->30870 30871 401c2d 30869->30871 30873 4029d9 18 API calls 30870->30873 30874 4029f6 18 API calls 30871->30874 30872->30869 30875 401bee 30873->30875 30876 401c32 30874->30876 30877 4029d9 18 API calls 30875->30877 30878 4029f6 18 API calls 30876->30878 30879 401bf7 30877->30879 30880 401c3b FindWindowExA 30878->30880 30881 401c1d SendMessageA 30879->30881 30882 401bff SendMessageTimeoutA 30879->30882 30883 401c59 30880->30883 30881->30883 30882->30883 30935 4023af 30936 402b00 19 API calls 30935->30936 30937 4023b9 30936->30937 30938 4029f6 18 API calls 30937->30938 30939 4023c2 30938->30939 30940 4023cc RegQueryValueExA 30939->30940 30943 40265c 30939->30943 30941 4023f2 RegCloseKey 30940->30941 30942 4023ec 30940->30942 30941->30943 30942->30941 30946 405ac4 wsprintfA 30942->30946 30946->30941 30950 4015b3 30951 4029f6 18 API calls 30950->30951 30952 4015ba 30951->30952 30953 4056ed 4 API calls 30952->30953 30964 4015c2 30953->30964 30954 40160a 30956 40162d 30954->30956 30957 40160f 30954->30957 30955 405684 CharNextA 30958 4015d0 CreateDirectoryA 30955->30958 30962 401423 25 API calls 30956->30962 30959 401423 25 API calls 30957->30959 30960 4015e5 GetLastError 30958->30960 30958->30964 30961 401616 30959->30961 30963 4015f2 GetFileAttributesA 30960->30963 30960->30964 30968 405b66 lstrcpynA 30961->30968 30967 402169 30962->30967 30963->30964 30964->30954 30964->30955 30966 401621 SetCurrentDirectoryA 30966->30967 30968->30966 31450 4019b5 20 API calls 31099 31c28e5 31100 31c291d 31099->31100 31101 31c2912 31099->31101 31103 31c1e2f 69 API calls 31100->31103 31102 31c2afb 2 API calls 31101->31102 31104 31c291c 31102->31104 31105 31c2922 31103->31105 31105->31104 31108 31c2abb lstrcpyA GlobalFree 31105->31108 31107 31c292c 31107->31107 31108->31107 31452 32b16d0 7 API calls 31597 32b90d0 CharLowerA FreeLibrary 31598 32b60d0 111 API calls __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 31599 32b4cd0 25 API calls

                                                                                                                                  Executed Functions

                                                                                                                                  Function 0040323C Relevance: 72.0, APIs: 23, Strings: 18, Instructions: 270filestringcomCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 180 40323c-4032d1 #17 SetErrorMode OleInitialize call 405e88 SHGetFileInfoA call 405b66 GetCommandLineA call 405b66 GetModuleHandleA 187 4032d3-4032d8 180->187 188 4032dd-4032f2 call 405684 CharNextA 180->188 187->188 191 403357-40335b 188->191 192 4032f4-4032f7 191->192 193 40335d 191->193 194 4032f9-4032fd 192->194 195 4032ff-403307 192->195 196 403370-403388 GetTempPathA call 403208 193->196 194->194 194->195 197 403309-40330a 195->197 198 40330f-403312 195->198 206 4033aa-4033c1 DeleteFileA call 402c72 196->206 207 40338a-4033a8 GetWindowsDirectoryA lstrcatA call 403208 196->207 197->198 200 403314-403318 198->200 201 403347-403354 call 405684 198->201 204 403328-40332e 200->204 205 40331a-403323 200->205 201->191 218 403356 201->218 209 403330-403339 204->209 210 40333e-403345 204->210 205->204 213 403325 205->213 219 403428-403437 call 4035bd OleUninitialize 206->219 220 4033c3-4033c9 206->220 207->206 207->219 209->210 215 40333b 209->215 210->201 216 40335f-40336b call 405b66 210->216 213->204 215->210 216->196 218->191 230 403522-403528 219->230 231 40343d-40344d call 405427 ExitProcess 219->231 222 403418-40341f call 4036af 220->222 223 4033cb-4033d4 call 405684 220->223 228 403424 222->228 234 4033df-4033e1 223->234 228->219 232 4035a5-4035ad 230->232 233 40352a-403547 call 405e88 * 3 230->233 237 4035b3-4035b7 ExitProcess 232->237 238 4035af 232->238 262 403591-40359c ExitWindowsEx 233->262 263 403549-40354b 233->263 239 4033e3-4033ed 234->239 240 4033d6-4033dc 234->240 238->237 244 403453-40346d lstrcatA lstrcmpiA 239->244 245 4033ef-4033fc call 40573a 239->245 240->239 243 4033de 240->243 243->234 244->219 248 40346f-403484 CreateDirectoryA SetCurrentDirectoryA 244->248 245->219 253 4033fe-403414 call 405b66 * 2 245->253 249 403491-4034ab call 405b66 248->249 250 403486-40348c call 405b66 248->250 261 4034b0-4034cc call 405b88 DeleteFileA 249->261 250->249 253->222 272 40350d-403514 261->272 273 4034ce-4034de CopyFileA 261->273 262->232 266 40359e-4035a0 call 40140b 262->266 263->262 267 40354d-40354f 263->267 266->232 267->262 271 403551-403563 GetCurrentProcess 267->271 271->262 277 403565-403587 271->277 272->261 275 403516-40351d call 4058b4 272->275 273->272 276 4034e0-403500 call 4058b4 call 405b88 call 4053c6 273->276 275->219 276->272 287 403502-403509 CloseHandle 276->287 277->262 287->272
                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                  			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v396;
				int _v400;
				int _v404;
				CHAR* _v408;
				intOrPtr _v412;
				int _v416;
				intOrPtr _v420;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				int _t56;
				signed int _t60;
				intOrPtr _t71;
				intOrPtr _t77;
				void* _t79;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				intOrPtr _t113;
				char _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f58 = _t34;
				 *0x423ea4 = E00405E88(8);
				SHGetFileInfoA(0x41f458, 0,  &_v360, 0x160, 0); // executed
				E00405B66("ibaAnalyzer v7.3.6 (x64) Setup", "NSIS Error");
				_t39 = GetCommandLineA();
				_t96 = "\"C:\\Users\\alfons\\Desktop\\ibaAnalyzerSetup_x64_v7.3.6.exe\" ";
				E00405B66(_t96, _t39);
				 *0x423ea0 = GetModuleHandleA(0);
				_t42 = _t96;
				if("\"C:\\Users\\alfons\\Desktop\\ibaAnalyzerSetup_x64_v7.3.6.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E00405684(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t91 =  *_t44;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E00405684(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								_t45 = _t44 + 2;
								__eflags = _t44 + 2;
								E00405B66("C:\\Program Files\\iba\\ibaAnalyzer", _t45);
								L20:
								_t105 = "C:\\Users\\alfons\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105);
								_t48 = E00403208(_t109);
								_t110 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C72(_t111, _t99); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										E004035BD();
										__imp__OleUninitialize();
										if(_v408 == 0) {
											__eflags =  *0x423f34; // 0x0
											if(__eflags != 0) {
												_t106 = E00405E88(3);
												_t100 = E00405E88(4);
												_t55 = E00405E88(5);
												__eflags = _t106;
												_t97 = _t55;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t60 =  *_t106(GetCurrentProcess(), 0x28,  &_v396);
															__eflags = _t60;
															if(_t60 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v400);
																_v416 = 1;
																_v404 = 2;
																 *_t97(_v420, 0,  &_v416, 0, 0, 0);
															}
														}
													}
												}
												_t56 = ExitWindowsEx(2, 0);
												__eflags = _t56;
												if(_t56 == 0) {
													E0040140B(9);
												}
											}
											_t52 =  *0x423f4c; // 0xffffffff
											__eflags = _t52 - 0xffffffff;
											if(_t52 != 0xffffffff) {
												_v400 = _t52;
											}
											ExitProcess(_v400);
										}
										E00405427(_v408, 0x200010);
										ExitProcess(2);
									}
									_t113 =  *0x423ebc; // 0x0
									if(_t113 == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v400 = E004036AF();
										goto L32;
									}
									_t103 = E00405684(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v408 = "Error launching installer";
									if(_t103 < _t96) {
										lstrcatA(_t105, "~nsu.tmp");
										_t101 = "C:\\Users\\alfons\\Desktop";
										if(lstrcmpiA(_t105, "C:\\Users\\alfons\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 = "C:\\Program Files\\iba\\ibaAnalyzer"; // 0x43
										if(_t120 == 0) {
											E00405B66("C:\\Program Files\\iba\\ibaAnalyzer", _t101);
										}
										E00405B66(0x424000, _v396);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											_t71 =  *0x423eb0; // 0x69fab8
											E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)(_t71 + 0x120)));
											DeleteFileA(0x41f058);
											if(_v416 != 0 && CopyFileA("C:\\Users\\alfons\\Desktop\\ibaAnalyzerSetup_x64_v7.3.6.exe", 0x41f058, 1) != 0) {
												_push(0);
												_push(0x41f058);
												E004058B4();
												_t77 =  *0x423eb0; // 0x69fab8
												E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)(_t77 + 0x124)));
												_t79 = E004053C6(0x41f058);
												if(_t79 != 0) {
													CloseHandle(_t79);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E004058B4();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E0040573A(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E00405B66("C:\\Program Files\\iba\\ibaAnalyzer", _t104);
									E00405B66("C:\\Program Files\\iba\\ibaAnalyzer\\Plugins", _t104);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								lstrcatA(_t105, "\\Temp");
								_t89 = E00403208(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}









































                                                                                                                                  0x00403248
                                                                                                                                  0x0040324c
                                                                                                                                  0x00403254
                                                                                                                                  0x00403256
                                                                                                                                  0x0040325b
                                                                                                                                  0x00403266
                                                                                                                                  0x0040326d
                                                                                                                                  0x00403275
                                                                                                                                  0x0040327f
                                                                                                                                  0x00403295
                                                                                                                                  0x004032a5
                                                                                                                                  0x004032aa
                                                                                                                                  0x004032b0
                                                                                                                                  0x004032b7
                                                                                                                                  0x004032ca
                                                                                                                                  0x004032cf
                                                                                                                                  0x004032d1
                                                                                                                                  0x004032d3
                                                                                                                                  0x004032d8
                                                                                                                                  0x004032d8
                                                                                                                                  0x004032e8
                                                                                                                                  0x004032ee
                                                                                                                                  0x00403357
                                                                                                                                  0x00403357
                                                                                                                                  0x00403359
                                                                                                                                  0x0040335b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004032f4
                                                                                                                                  0x004032f7
                                                                                                                                  0x004032ff
                                                                                                                                  0x004032ff
                                                                                                                                  0x00403302
                                                                                                                                  0x00403307
                                                                                                                                  0x00403309
                                                                                                                                  0x00403309
                                                                                                                                  0x0040330a
                                                                                                                                  0x0040330a
                                                                                                                                  0x0040330f
                                                                                                                                  0x00403312
                                                                                                                                  0x00403347
                                                                                                                                  0x0040334c
                                                                                                                                  0x00403351
                                                                                                                                  0x00403354
                                                                                                                                  0x00403356
                                                                                                                                  0x00403356
                                                                                                                                  0x00403356
                                                                                                                                  0x00000000
                                                                                                                                  0x00403314
                                                                                                                                  0x00403314
                                                                                                                                  0x00403315
                                                                                                                                  0x00403318
                                                                                                                                  0x00403320
                                                                                                                                  0x00403323
                                                                                                                                  0x00403325
                                                                                                                                  0x00403325
                                                                                                                                  0x00403325
                                                                                                                                  0x00403323
                                                                                                                                  0x00403328
                                                                                                                                  0x0040332e
                                                                                                                                  0x00403336
                                                                                                                                  0x00403339
                                                                                                                                  0x0040333b
                                                                                                                                  0x0040333b
                                                                                                                                  0x0040333b
                                                                                                                                  0x00403339
                                                                                                                                  0x0040333e
                                                                                                                                  0x00403345
                                                                                                                                  0x0040335f
                                                                                                                                  0x00403362
                                                                                                                                  0x00403362
                                                                                                                                  0x0040336b
                                                                                                                                  0x00403370
                                                                                                                                  0x00403370
                                                                                                                                  0x0040337b
                                                                                                                                  0x00403381
                                                                                                                                  0x00403386
                                                                                                                                  0x00403388
                                                                                                                                  0x004033aa
                                                                                                                                  0x004033af
                                                                                                                                  0x004033b6
                                                                                                                                  0x004033bd
                                                                                                                                  0x004033c1
                                                                                                                                  0x00403428
                                                                                                                                  0x00403428
                                                                                                                                  0x0040342d
                                                                                                                                  0x00403437
                                                                                                                                  0x00403522
                                                                                                                                  0x00403528
                                                                                                                                  0x00403533
                                                                                                                                  0x0040353c
                                                                                                                                  0x0040353e
                                                                                                                                  0x00403543
                                                                                                                                  0x00403545
                                                                                                                                  0x00403547
                                                                                                                                  0x00403549
                                                                                                                                  0x0040354b
                                                                                                                                  0x0040354d
                                                                                                                                  0x0040354f
                                                                                                                                  0x0040355f
                                                                                                                                  0x00403561
                                                                                                                                  0x00403563
                                                                                                                                  0x00403570
                                                                                                                                  0x0040357f
                                                                                                                                  0x00403587
                                                                                                                                  0x0040358f
                                                                                                                                  0x0040358f
                                                                                                                                  0x00403563
                                                                                                                                  0x0040354f
                                                                                                                                  0x0040354b
                                                                                                                                  0x00403594
                                                                                                                                  0x0040359a
                                                                                                                                  0x0040359c
                                                                                                                                  0x004035a0
                                                                                                                                  0x004035a0
                                                                                                                                  0x0040359c
                                                                                                                                  0x004035a5
                                                                                                                                  0x004035aa
                                                                                                                                  0x004035ad
                                                                                                                                  0x004035af
                                                                                                                                  0x004035af
                                                                                                                                  0x004035b7
                                                                                                                                  0x004035b7
                                                                                                                                  0x00403446
                                                                                                                                  0x0040344d
                                                                                                                                  0x0040344d
                                                                                                                                  0x004033c3
                                                                                                                                  0x004033c9
                                                                                                                                  0x00403418
                                                                                                                                  0x00403418
                                                                                                                                  0x00403424
                                                                                                                                  0x00000000
                                                                                                                                  0x00403424
                                                                                                                                  0x004033d2
                                                                                                                                  0x004033df
                                                                                                                                  0x004033d6
                                                                                                                                  0x004033dc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004033de
                                                                                                                                  0x004033de
                                                                                                                                  0x004033de
                                                                                                                                  0x004033e3
                                                                                                                                  0x004033e5
                                                                                                                                  0x004033ed
                                                                                                                                  0x00403459
                                                                                                                                  0x0040345e
                                                                                                                                  0x0040346d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403471
                                                                                                                                  0x00403478
                                                                                                                                  0x0040347e
                                                                                                                                  0x00403484
                                                                                                                                  0x0040348c
                                                                                                                                  0x0040348c
                                                                                                                                  0x0040349a
                                                                                                                                  0x004034a1
                                                                                                                                  0x004034aa
                                                                                                                                  0x004034b0
                                                                                                                                  0x004034b0
                                                                                                                                  0x004034bc
                                                                                                                                  0x004034c2
                                                                                                                                  0x004034cc
                                                                                                                                  0x004034e0
                                                                                                                                  0x004034e1
                                                                                                                                  0x004034e2
                                                                                                                                  0x004034e7
                                                                                                                                  0x004034f3
                                                                                                                                  0x004034f9
                                                                                                                                  0x00403500
                                                                                                                                  0x00403503
                                                                                                                                  0x00403509
                                                                                                                                  0x00403509
                                                                                                                                  0x00403500
                                                                                                                                  0x0040350d
                                                                                                                                  0x00403513
                                                                                                                                  0x00403513
                                                                                                                                  0x00403516
                                                                                                                                  0x00403517
                                                                                                                                  0x00403518
                                                                                                                                  0x00000000
                                                                                                                                  0x00403518
                                                                                                                                  0x004033ef
                                                                                                                                  0x004033f1
                                                                                                                                  0x004033fc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403404
                                                                                                                                  0x0040340f
                                                                                                                                  0x00403414
                                                                                                                                  0x00000000
                                                                                                                                  0x00403414
                                                                                                                                  0x00403390
                                                                                                                                  0x0040339c
                                                                                                                                  0x004033a1
                                                                                                                                  0x004033a6
                                                                                                                                  0x004033a8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004033a8
                                                                                                                                  0x00000000
                                                                                                                                  0x00403345
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004032f9
                                                                                                                                  0x004032f9
                                                                                                                                  0x004032f9
                                                                                                                                  0x004032fa
                                                                                                                                  0x004032fa
                                                                                                                                  0x00000000
                                                                                                                                  0x004032f9
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • #17.COMCTL32 ref: 0040325B
                                                                                                                                  • SetErrorMode.KERNELBASE(00008001), ref: 00403266
                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 0040326D
                                                                                                                                    • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                    • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                    • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                                  • SHGetFileInfoA.SHELL32(0041F458,00000000,?,00000160,00000000,00000008), ref: 00403295
                                                                                                                                    • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,ibaAnalyzer v7.3.6 (x64) Setup,NSIS Error), ref: 00405B73
                                                                                                                                  • GetCommandLineA.KERNEL32(ibaAnalyzer v7.3.6 (x64) Setup,NSIS Error), ref: 004032AA
                                                                                                                                  • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,00000000), ref: 004032BD
                                                                                                                                  • CharNextA.USER32(00000000,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,00000020), ref: 004032E8
                                                                                                                                  • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040337B
                                                                                                                                  • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403390
                                                                                                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339C
                                                                                                                                  • DeleteFileA.KERNELBASE(1033), ref: 004033AF
                                                                                                                                  • OleUninitialize.OLE32(00000000), ref: 0040342D
                                                                                                                                  • ExitProcess.KERNEL32 ref: 0040344D
                                                                                                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,00000000,00000000), ref: 00403459
                                                                                                                                  • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,00000000,00000000), ref: 00403465
                                                                                                                                  • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403471
                                                                                                                                  • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403478
                                                                                                                                  • DeleteFileA.KERNEL32(0041F058,0041F058,?,00424000,?), ref: 004034C2
                                                                                                                                  • CopyFileA.KERNEL32 ref: 004034D6
                                                                                                                                  • CloseHandle.KERNEL32(00000000,0041F058,0041F058,?,0041F058,00000000), ref: 00403503
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403558
                                                                                                                                  • ExitWindowsEx.USER32(00000002,00000000), ref: 00403594
                                                                                                                                  • ExitProcess.KERNEL32 ref: 004035B7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                  • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" $1033$C:\Program Files\iba\ibaAnalyzer$C:\Program Files\iba\ibaAnalyzer\Plugins$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$ibaAnalyzer v7.3.6 (x64) Setup$~nsu.tmp
                                                                                                                                  • API String ID: 2278157092-4102093388
                                                                                                                                  • Opcode ID: 12a15860763ed27b157ca737a9af8f9ad945b33dd426c8faa94cb20c8ad7d4db
                                                                                                                                  • Instruction ID: d9df3101e86bd055252ea398e1a167ecdf9755d8b7b18b8fa076e16bcd865dbe
                                                                                                                                  • Opcode Fuzzy Hash: 12a15860763ed27b157ca737a9af8f9ad945b33dd426c8faa94cb20c8ad7d4db
                                                                                                                                  • Instruction Fuzzy Hash: E191D231A087417EE7216F609D49B2B7EACEB01306F44457BF941B61E2C77CAE058B6E
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C1410 Relevance: 68.5, APIs: 5, Strings: 34, Instructions: 236stringCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031C1410(void* __eflags, intOrPtr _a4) {
				intOrPtr _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v56;
				signed int _t79;
				signed int _t80;
				intOrPtr _t84;
				intOrPtr _t91;
				long _t96;
				intOrPtr _t105;
				intOrPtr _t106;
				intOrPtr _t111;
				CHAR* _t118;
				CHAR* _t120;
				CHAR* _t122;
				CHAR* _t125;
				intOrPtr _t130;
				intOrPtr _t132;
				intOrPtr _t134;
				char _t136;
				void* _t141;
				intOrPtr* _t143;
				intOrPtr* _t147;
				CHAR* _t149;
				void* _t151;
				signed char _t159;

				_t152 = __eflags;
				_t151 =  &_v12;
				 *0x31c67b4 = "Settings";
				 *0x31c67e4 = E031C13D5(__eflags, "Title");
				 *0x31c67e8 = E031C13D5(_t152, "CancelButtonText");
				 *0x31c67ec = E031C13D5(_t152, "NextButtonText");
				 *0x31c67f0 = E031C13D5(_t152, "BackButtonText");
				 *0x31c680c = E031C13F3("NumFields", 0);
				 *0x31c6808 = E031C13F3("Rect", 0x3fa);
				 *0x31c67f4 = E031C13F3("BackEnabled", 0xffffffff);
				 *0x31c67f8 = E031C13F3("CancelEnabled", 0xffffffff);
				 *0x31c67fc = E031C13F3("CancelShow", 0xffffffff);
				 *0x31c6800 = E031C13F3("RTL", 0);
				_t79 =  *0x31c680c; // 0x5
				if(_t79 > 0) {
					 *0x31c6804 = E031C1000(_t79 * 0xa8);
				}
				_t80 =  *0x31c680c; // 0x5
				if(_t80 <= 0) {
					L21:
					return _t80;
				}
				_t130 = 1;
				_v4 = 0x4b1;
				_v8 = 0x4b0;
				_v12 = 0;
				_t149 = "All Files|*.*";
				do {
					_t132 =  *0x31c6804; // 0x71c3d0
					_t147 = _v12 + _t132;
					 *((intOrPtr*)(_t147 + 0x48)) = _t130;
					 *((intOrPtr*)(_t147 + 0x4c)) = "HWND";
					wsprintfA(0x31c6664, "Field %d", _t130);
					_t151 = _t151 + 0xc;
					 *0x31c67b4 = 0x31c6664;
					E031C13A6("TYPE");
					_t84 = E031C29D7(0x31c4008, _t149);
					 *((intOrPtr*)(_t147 + 0x20)) = _t84;
					if(_t84 == 0) {
						goto L19;
					}
					 *(_t147 + 0x34) = E031C29D7(0x31c4098, _t149);
					E031C13A6("Flags");
					 *(_t147 + 0x34) =  *(_t147 + 0x34) | E031C2A11(0x31c4098, _t149);
					E031C13A6("State");
					 *((intOrPtr*)(_t147 + 4)) = E031C101F(_t149);
					_t141 = E031C13A6("ListItems");
					if(_t141 != 0) {
						_t13 = _t141 + 2; // 0x2
						_t122 = E031C1000(_t13);
						 *(_t147 + 0xc) = _t122;
						lstrcpyA(_t122, _t149);
						 *((char*)(_t141 +  *(_t147 + 0xc))) = 0x7c;
						_t125 =  *(_t147 + 0xc);
						_t18 =  &(_t125[_t141 + 1]);
						 *_t18 = _t125[_t141 + 1] & 0x00000000;
						_t159 =  *_t18;
					}
					_t91 = E031C13D5(_t159, "TEXT");
					_t134 =  *((intOrPtr*)(_t147 + 0x20));
					 *_t147 = _t91;
					if(_t134 == 3) {
						L9:
						E031C2A54(_t91);
						goto L10;
					} else {
						_t161 = _t134 - 7;
						if(_t134 != 7) {
							L10:
							 *((intOrPtr*)(_t147 + 8)) = E031C13D5(_t161, "ROOT");
							 *((intOrPtr*)(_t147 + 0x14)) = E031C13D5(_t161, "ValidateText");
							E031C2A54(_t94);
							_t96 = GetPrivateProfileStringA("Field 5", "Filter", "All Files|*.*", _t149, 0x2000,  *0x31c67e0); // executed
							if(_t96 == 0) {
								L16:
								 *((intOrPtr*)(_t147 + 0x24)) = E031C13F3("LEFT", 0);
								 *((intOrPtr*)(_t147 + 0x28)) = E031C13F3("TOP", 0);
								 *((intOrPtr*)(_t147 + 0x2c)) = E031C13F3("RIGHT", 0);
								 *((intOrPtr*)(_t147 + 0x30)) = E031C13F3("BOTTOM", 0);
								 *((intOrPtr*)(_t147 + 0x18)) = E031C13F3("MinLen", 0);
								 *((intOrPtr*)(_t147 + 0x1c)) = E031C13F3("MaxLen", 0);
								 *((intOrPtr*)(_t147 + 0x44)) = E031C13F3("TxtColor", 0xff0000);
								 *((intOrPtr*)(_t147 + 0x3c)) = _v56;
								_t105 =  *((intOrPtr*)(_t147 + 0x20));
								if(_t105 == 0xd || _t105 == 0xe) {
									_t106 =  *0x31c6804; // 0x71c3d0
									_t143 = _v4 + _t106 + 0x54;
									 *((intOrPtr*)(_t143 + 0x3c)) = _a4;
									 *((intOrPtr*)(_t143 + 0x20)) = 6;
									 *(_t143 + 0x34) =  *(_t147 + 0x34) & 0x08010000;
									 *_t143 = E031C101F("...");
									_t111 =  *((intOrPtr*)(_t147 + 0x2c));
									 *((intOrPtr*)(_t143 + 0x2c)) = _t111;
									 *((intOrPtr*)(_t143 + 0x24)) = _t111 + 0xfffffff1;
									 *((intOrPtr*)(_t143 + 0x30)) =  *((intOrPtr*)(_t147 + 0x30));
									_v8 = _v8 + 0x54;
									 *((intOrPtr*)(_t143 + 0x28)) =  *((intOrPtr*)(_t147 + 0x28));
									 *((intOrPtr*)(_t147 + 0x2c)) =  *((intOrPtr*)(_t143 + 0x24)) - 3;
									 *((intOrPtr*)(_t143 + 0x48)) = _t130;
									 *((intOrPtr*)(_t143 + 0x4c)) = "HWND2";
									 *0x31c680c =  *0x31c680c + 1;
									_v4 = _v4 + 1;
									_v0 = _v0 + 1;
								}
								goto L19;
							}
							_t118 = E031C1000(_t96 + 2);
							 *(_t147 + 0x10) = _t118;
							lstrcpyA(_t118, _t149);
							_t120 =  *(_t147 + 0x10);
							while(1) {
								_t136 =  *_t120;
								if(_t136 == 0) {
									goto L16;
								}
								__eflags = _t136 - 0x7c;
								if(_t136 != 0x7c) {
									_t120 = CharNextA(_t120);
								} else {
									 *_t120 =  *_t120 & 0x00000000;
									_t120 =  &(_t120[1]);
								}
							}
							goto L16;
						}
						goto L9;
					}
					L19:
					_v4 = _v4 + 0x54;
					_t80 =  *0x31c680c; // 0x5
					_t130 = _t130 + 1;
					_v0 = _v0 + 1;
					_a4 = _a4 + 1;
					_t68 = _t130 - 1; // 0x1
				} while (_t68 < _t80);
				goto L21;
			}






























                                                                                                                                  0x031c1410
                                                                                                                                  0x031c1410
                                                                                                                                  0x031c1413
                                                                                                                                  0x031c142d
                                                                                                                                  0x031c143c
                                                                                                                                  0x031c144b
                                                                                                                                  0x031c1457
                                                                                                                                  0x031c1471
                                                                                                                                  0x031c1482
                                                                                                                                  0x031c1493
                                                                                                                                  0x031c14a4
                                                                                                                                  0x031c14b4
                                                                                                                                  0x031c14be
                                                                                                                                  0x031c14c3
                                                                                                                                  0x031c14ca
                                                                                                                                  0x031c14d8
                                                                                                                                  0x031c14d8
                                                                                                                                  0x031c14dd
                                                                                                                                  0x031c14e4
                                                                                                                                  0x031c1766
                                                                                                                                  0x031c176a
                                                                                                                                  0x031c176a
                                                                                                                                  0x031c14ef
                                                                                                                                  0x031c14f0
                                                                                                                                  0x031c14f8
                                                                                                                                  0x031c1500
                                                                                                                                  0x031c1504
                                                                                                                                  0x031c1509
                                                                                                                                  0x031c150d
                                                                                                                                  0x031c1519
                                                                                                                                  0x031c1522
                                                                                                                                  0x031c1525
                                                                                                                                  0x031c152c
                                                                                                                                  0x031c1532
                                                                                                                                  0x031c1535
                                                                                                                                  0x031c1540
                                                                                                                                  0x031c154b
                                                                                                                                  0x031c1552
                                                                                                                                  0x031c1555
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c156c
                                                                                                                                  0x031c156f
                                                                                                                                  0x031c157b
                                                                                                                                  0x031c1583
                                                                                                                                  0x031c1593
                                                                                                                                  0x031c159b
                                                                                                                                  0x031c159f
                                                                                                                                  0x031c15a1
                                                                                                                                  0x031c15a5
                                                                                                                                  0x031c15ac
                                                                                                                                  0x031c15af
                                                                                                                                  0x031c15b8
                                                                                                                                  0x031c15bc
                                                                                                                                  0x031c15bf
                                                                                                                                  0x031c15bf
                                                                                                                                  0x031c15bf
                                                                                                                                  0x031c15bf
                                                                                                                                  0x031c15c9
                                                                                                                                  0x031c15ce
                                                                                                                                  0x031c15d1
                                                                                                                                  0x031c15d6
                                                                                                                                  0x031c15dd
                                                                                                                                  0x031c15de
                                                                                                                                  0x00000000
                                                                                                                                  0x031c15d8
                                                                                                                                  0x031c15d8
                                                                                                                                  0x031c15db
                                                                                                                                  0x031c15e3
                                                                                                                                  0x031c15f2
                                                                                                                                  0x031c15fb
                                                                                                                                  0x031c15fe
                                                                                                                                  0x031c161e
                                                                                                                                  0x031c1628
                                                                                                                                  0x031c165b
                                                                                                                                  0x031c166c
                                                                                                                                  0x031c167a
                                                                                                                                  0x031c1688
                                                                                                                                  0x031c1696
                                                                                                                                  0x031c16a4
                                                                                                                                  0x031c16b6
                                                                                                                                  0x031c16be
                                                                                                                                  0x031c16c5
                                                                                                                                  0x031c16c8
                                                                                                                                  0x031c16ce
                                                                                                                                  0x031c16d5
                                                                                                                                  0x031c16e3
                                                                                                                                  0x031c16eb
                                                                                                                                  0x031c16ee
                                                                                                                                  0x031c16fd
                                                                                                                                  0x031c1705
                                                                                                                                  0x031c1707
                                                                                                                                  0x031c170a
                                                                                                                                  0x031c1710
                                                                                                                                  0x031c1716
                                                                                                                                  0x031c171c
                                                                                                                                  0x031c1721
                                                                                                                                  0x031c172a
                                                                                                                                  0x031c172d
                                                                                                                                  0x031c1730
                                                                                                                                  0x031c1737
                                                                                                                                  0x031c173d
                                                                                                                                  0x031c1741
                                                                                                                                  0x031c1741
                                                                                                                                  0x00000000
                                                                                                                                  0x031c16ce
                                                                                                                                  0x031c162e
                                                                                                                                  0x031c1635
                                                                                                                                  0x031c1638
                                                                                                                                  0x031c163e
                                                                                                                                  0x031c1655
                                                                                                                                  0x031c1655
                                                                                                                                  0x031c1659
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1643
                                                                                                                                  0x031c1646
                                                                                                                                  0x031c164f
                                                                                                                                  0x031c1648
                                                                                                                                  0x031c1648
                                                                                                                                  0x031c164b
                                                                                                                                  0x031c164b
                                                                                                                                  0x031c1646
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1655
                                                                                                                                  0x00000000
                                                                                                                                  0x031c15db
                                                                                                                                  0x031c1745
                                                                                                                                  0x031c1745
                                                                                                                                  0x031c174a
                                                                                                                                  0x031c174f
                                                                                                                                  0x031c1750
                                                                                                                                  0x031c1754
                                                                                                                                  0x031c1758
                                                                                                                                  0x031c175b
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 031C13F3: GetPrivateProfileIntA.KERNEL32 ref: 031C1407
                                                                                                                                  • wsprintfA.USER32 ref: 031C152C
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,All Files|*.*,00000002,ListItems,All Files|*.*,State,031C4098,All Files|*.*,Flags,031C4098,All Files|*.*,031C4008,All Files|*.*,TYPE,CancelButtonText,Title), ref: 031C15AF
                                                                                                                                  • GetPrivateProfileStringA.KERNEL32(Field 5,Filter,All Files|*.*,All Files|*.*,00002000,00000000), ref: 031C161E
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,All Files|*.*,-00000002), ref: 031C1638
                                                                                                                                    • Part of subcall function 031C1000: GlobalAlloc.KERNEL32(00000040,?,031C1030,00000001), ref: 031C1006
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748522491.00000000031C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 031C0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748395968.00000000031C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748634965.00000000031C3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748656419.00000000031C4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748694802.00000000031C6000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748715226.00000000031C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_31c0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: PrivateProfilelstrcpy$AllocGlobalStringwsprintf
                                                                                                                                  • String ID: ...$All Files|*.*$All Files|*.*$BOTTOM$BackButtonText$BackEnabled$CancelButtonText$CancelEnabled$CancelShow$Field %d$Field 5$Filter$Flags$HWND$HWND2$LEFT$ListItems$MaxLen$MinLen$NextButtonText$NumFields$RIGHT$ROOT$RTL$Rect$Settings$State$T$TEXT$TOP$TYPE$Title$TxtColor$ValidateText
                                                                                                                                  • API String ID: 3510956051-1210926361
                                                                                                                                  • Opcode ID: bd974ebf56f87bb7943a8f0bfcbd815f5c0dd6fd44c57f2873e77ca03bda1e43
                                                                                                                                  • Instruction ID: f5b10202186e88d0c62fa98568de79e9b341680f7b29678d3bef99e58a2d7ceb
                                                                                                                                  • Opcode Fuzzy Hash: bd974ebf56f87bb7943a8f0bfcbd815f5c0dd6fd44c57f2873e77ca03bda1e43
                                                                                                                                  • Instruction Fuzzy Hash: 0C91DBB49B8381AFC721EF66D84490EBBF4FB6D615B14492DE0A59BA06DF74E004CB21
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00405042 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 377 405042-40505d 378 405063-40512c GetDlgItem * 3 call 403f4d call 4047a6 GetClientRect GetSystemMetrics SendMessageA * 2 377->378 379 4051ee-4051f5 377->379 397 40514a-40514d 378->397 398 40512e-405148 SendMessageA * 2 378->398 380 4051f7-405219 GetDlgItem CreateThread FindCloseChangeNotification 379->380 381 40521f-40522c 379->381 380->381 383 40524a-405251 381->383 384 40522e-405234 381->384 389 405253-405259 383->389 390 4052a8-4052ac 383->390 387 405236-405245 ShowWindow * 2 call 403f4d 384->387 388 40526c-405275 call 403f7f 384->388 387->383 401 40527a-40527e 388->401 394 405281-405291 ShowWindow 389->394 395 40525b-405267 call 403ef1 389->395 390->388 392 4052ae-4052b1 390->392 392->388 399 4052b3-4052c6 SendMessageA 392->399 402 4052a1-4052a3 call 403ef1 394->402 403 405293-40529c call 404f04 394->403 395->388 405 40515d-405174 call 403f18 397->405 406 40514f-40515b SendMessageA 397->406 398->397 407 4052cc-4052ed CreatePopupMenu call 405b88 AppendMenuA 399->407 408 4053bf-4053c1 399->408 402->390 403->402 416 405176-40518a ShowWindow 405->416 417 4051aa-4051cb GetDlgItem SendMessageA 405->417 406->405 414 405302-405308 407->414 415 4052ef-405300 GetWindowRect 407->415 408->401 418 40530b-405323 TrackPopupMenu 414->418 415->418 419 405199 416->419 420 40518c-405197 ShowWindow 416->420 417->408 421 4051d1-4051e9 SendMessageA * 2 417->421 418->408 422 405329-405340 418->422 423 40519f-4051a5 call 403f4d 419->423 420->423 421->408 424 405345-405360 SendMessageA 422->424 423->417 424->424 426 405362-405382 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 424->426 427 405384-4053a3 SendMessageA 426->427 427->427 428 4053a5-4053b9 GlobalUnlock SetClipboardData CloseClipboard 427->428 428->408
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E00405042(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t112;
				void* _t120;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423684; // 0x2103b0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						_t120 = CreateThread(0, 0, E00404FD6, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						FindCloseChangeNotification(_t120); // executed
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405B88(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x4204a0;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42366c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423ea8, 8);
							__eflags =  *0x423f2c - _t149; // 0x0
							if(__eflags == 0) {
								_t112 =  *0x41fc70; // 0x69fd64
								E00404F04( *((intOrPtr*)(_t112 + 0x34)), _t149);
							}
							E00403EF1(1);
							goto L25;
						}
						 *0x41f868 = 2;
						E00403EF1(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403F7F(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t149);
						ShowWindow(_t154, 8);
						E00403F4D(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423eb0; // 0x69fab8
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t127;
				_v8 = _t127;
				E00403F4D( *0x423670);
				 *0x423674 = E004047A6(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403F18(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t149);
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403F4D( *0x423668);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}




































                                                                                                                                  0x0040504b
                                                                                                                                  0x00405051
                                                                                                                                  0x0040505a
                                                                                                                                  0x0040505d
                                                                                                                                  0x004051ee
                                                                                                                                  0x004051f5
                                                                                                                                  0x00405212
                                                                                                                                  0x00405219
                                                                                                                                  0x00405219
                                                                                                                                  0x0040521f
                                                                                                                                  0x0040522c
                                                                                                                                  0x0040524a
                                                                                                                                  0x0040524a
                                                                                                                                  0x00405251
                                                                                                                                  0x004052a8
                                                                                                                                  0x004052a8
                                                                                                                                  0x004052ac
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004052ae
                                                                                                                                  0x004052b1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004052bb
                                                                                                                                  0x004052c1
                                                                                                                                  0x004052c3
                                                                                                                                  0x004052c6
                                                                                                                                  0x004053bf
                                                                                                                                  0x00000000
                                                                                                                                  0x004053bf
                                                                                                                                  0x004052d5
                                                                                                                                  0x004052e1
                                                                                                                                  0x004052e7
                                                                                                                                  0x004052ea
                                                                                                                                  0x004052ed
                                                                                                                                  0x00405302
                                                                                                                                  0x00405305
                                                                                                                                  0x00405305
                                                                                                                                  0x00405308
                                                                                                                                  0x004052ef
                                                                                                                                  0x004052f4
                                                                                                                                  0x004052fa
                                                                                                                                  0x004052fd
                                                                                                                                  0x004052fd
                                                                                                                                  0x00405318
                                                                                                                                  0x00405320
                                                                                                                                  0x00405321
                                                                                                                                  0x00405323
                                                                                                                                  0x0040532c
                                                                                                                                  0x0040532f
                                                                                                                                  0x00405336
                                                                                                                                  0x0040533d
                                                                                                                                  0x00405345
                                                                                                                                  0x00405345
                                                                                                                                  0x00405353
                                                                                                                                  0x00405359
                                                                                                                                  0x0040535c
                                                                                                                                  0x0040535c
                                                                                                                                  0x00405363
                                                                                                                                  0x00405369
                                                                                                                                  0x00405372
                                                                                                                                  0x00405379
                                                                                                                                  0x00405382
                                                                                                                                  0x00405384
                                                                                                                                  0x00405387
                                                                                                                                  0x00405396
                                                                                                                                  0x00405398
                                                                                                                                  0x0040539e
                                                                                                                                  0x0040539f
                                                                                                                                  0x004053a0
                                                                                                                                  0x004053a0
                                                                                                                                  0x004053a8
                                                                                                                                  0x004053b3
                                                                                                                                  0x004053b9
                                                                                                                                  0x004053b9
                                                                                                                                  0x00000000
                                                                                                                                  0x00405323
                                                                                                                                  0x00405253
                                                                                                                                  0x00405259
                                                                                                                                  0x00405289
                                                                                                                                  0x0040528b
                                                                                                                                  0x00405291
                                                                                                                                  0x00405293
                                                                                                                                  0x0040529c
                                                                                                                                  0x0040529c
                                                                                                                                  0x004052a3
                                                                                                                                  0x00000000
                                                                                                                                  0x004052a3
                                                                                                                                  0x0040525d
                                                                                                                                  0x00405267
                                                                                                                                  0x00000000
                                                                                                                                  0x0040522e
                                                                                                                                  0x0040522e
                                                                                                                                  0x00405234
                                                                                                                                  0x0040526c
                                                                                                                                  0x00000000
                                                                                                                                  0x00405275
                                                                                                                                  0x0040523d
                                                                                                                                  0x00405242
                                                                                                                                  0x00405245
                                                                                                                                  0x00000000
                                                                                                                                  0x00405245
                                                                                                                                  0x0040522c
                                                                                                                                  0x00405063
                                                                                                                                  0x00405067
                                                                                                                                  0x00405070
                                                                                                                                  0x00405077
                                                                                                                                  0x0040507a
                                                                                                                                  0x0040507d
                                                                                                                                  0x00405080
                                                                                                                                  0x00405081
                                                                                                                                  0x00405082
                                                                                                                                  0x0040509b
                                                                                                                                  0x0040509e
                                                                                                                                  0x004050a8
                                                                                                                                  0x004050b7
                                                                                                                                  0x004050bf
                                                                                                                                  0x004050c7
                                                                                                                                  0x004050cc
                                                                                                                                  0x004050cf
                                                                                                                                  0x004050db
                                                                                                                                  0x004050e4
                                                                                                                                  0x004050ed
                                                                                                                                  0x00405110
                                                                                                                                  0x00405116
                                                                                                                                  0x00405127
                                                                                                                                  0x0040512c
                                                                                                                                  0x0040513a
                                                                                                                                  0x00405148
                                                                                                                                  0x00405148
                                                                                                                                  0x0040514d
                                                                                                                                  0x0040515b
                                                                                                                                  0x0040515b
                                                                                                                                  0x00405160
                                                                                                                                  0x00405163
                                                                                                                                  0x00405168
                                                                                                                                  0x00405174
                                                                                                                                  0x0040517d
                                                                                                                                  0x0040518a
                                                                                                                                  0x00405199
                                                                                                                                  0x0040518c
                                                                                                                                  0x00405191
                                                                                                                                  0x00405191
                                                                                                                                  0x004051a5
                                                                                                                                  0x004051a5
                                                                                                                                  0x004051b9
                                                                                                                                  0x004051c2
                                                                                                                                  0x004051cb
                                                                                                                                  0x004051db
                                                                                                                                  0x004051e7
                                                                                                                                  0x004051e7
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32 ref: 004050A1
                                                                                                                                  • GetDlgItem.USER32 ref: 004050B0
                                                                                                                                  • GetClientRect.USER32 ref: 004050ED
                                                                                                                                  • GetSystemMetrics.USER32 ref: 004050F5
                                                                                                                                  • SendMessageA.USER32 ref: 00405116
                                                                                                                                  • SendMessageA.USER32 ref: 00405127
                                                                                                                                  • SendMessageA.USER32 ref: 0040513A
                                                                                                                                  • SendMessageA.USER32 ref: 00405148
                                                                                                                                  • SendMessageA.USER32 ref: 0040515B
                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040517D
                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405191
                                                                                                                                  • GetDlgItem.USER32 ref: 004051B2
                                                                                                                                  • SendMessageA.USER32 ref: 004051C2
                                                                                                                                  • SendMessageA.USER32 ref: 004051DB
                                                                                                                                  • SendMessageA.USER32 ref: 004051E7
                                                                                                                                  • GetDlgItem.USER32 ref: 004050BF
                                                                                                                                    • Part of subcall function 00403F4D: SendMessageA.USER32 ref: 00403F5B
                                                                                                                                  • GetDlgItem.USER32 ref: 00405204
                                                                                                                                  • CreateThread.KERNELBASE ref: 00405212
                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00405219
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 0040523D
                                                                                                                                  • ShowWindow.USER32(002103B0,00000008), ref: 00405242
                                                                                                                                  • ShowWindow.USER32(00000008), ref: 00405289
                                                                                                                                  • SendMessageA.USER32 ref: 004052BB
                                                                                                                                  • CreatePopupMenu.USER32 ref: 004052CC
                                                                                                                                  • AppendMenuA.USER32 ref: 004052E1
                                                                                                                                  • GetWindowRect.USER32 ref: 004052F4
                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405318
                                                                                                                                  • SendMessageA.USER32 ref: 00405353
                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 00405363
                                                                                                                                  • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405369
                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405372
                                                                                                                                  • GlobalLock.KERNEL32 ref: 0040537C
                                                                                                                                  • SendMessageA.USER32 ref: 00405390
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004053A8
                                                                                                                                  • SetClipboardData.USER32(00000001,00000000), ref: 004053B3
                                                                                                                                  • CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 004053B9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                                  • String ID: {
                                                                                                                                  • API String ID: 4154960007-366298937
                                                                                                                                  • Opcode ID: 15bcaaf7b9c2500fdfc7a15f58e923324fe2155ddd01929f033f26ccd8a03658
                                                                                                                                  • Instruction ID: b28aa7ce0402c6385ba5b6cd868a6258f1d07b471923b7bae974b2a68da01879
                                                                                                                                  • Opcode Fuzzy Hash: 15bcaaf7b9c2500fdfc7a15f58e923324fe2155ddd01929f033f26ccd8a03658
                                                                                                                                  • Instruction Fuzzy Hash: 34A14870904208FFDB219F60DD89AAE7F79FB08355F00417AFA05BA2A0C7795A41DF69
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032ABFD0 Relevance: 52.9, APIs: 19, Strings: 11, Instructions: 382windowregistrylibraryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 532 32abfd0-32abffc 533 32ac000-32ac007 532->533 534 32ac009-32ac011 533->534 535 32ac024-32ac02c 533->535 534->535 536 32ac013-32ac022 GetCurrentProcess WaitForInputIdle 534->536 537 32ac02e-32ac038 535->537 538 32ac03d-32ac06f call 32b6cf0 call 32a1c40 535->538 536->533 536->535 539 32ac4b9-32ac4d1 call 32bd98d 537->539 538->537 546 32ac071-32ac07c 538->546 547 32ac080-32ac094 call 32a1cb0 546->547 550 32ac09b-32ac0a3 547->550 551 32ac096-32ac099 547->551 552 32ac0bc-32ac0be 550->552 553 32ac0a5-32ac0a7 550->553 551->547 551->550 555 32ac0c0-32ac0d2 call 32a1d00 552->555 556 32ac0e0-32ac0ee call 32a1ca0 552->556 554 32ac0a9-32ac0b7 call 32a1ce0 call 32a1d00 553->554 553->555 571 32ac4b7 554->571 555->539 563 32ac171-32ac184 call 32a1c40 556->563 564 32ac0f4-32ac10d FindWindowA 556->564 563->537 573 32ac18a-32ac18f 563->573 566 32ac10f-32ac12a GetWindowThreadProcessId PostThreadMessageA 564->566 567 32ac130-32ac144 call 32a1cb0 564->567 566->567 576 32ac14a-32ac152 567->576 577 32ac146-32ac148 567->577 571->539 575 32ac190-32ac1bb call 32b6cf0 call 32a1ca0 573->575 594 32ac1d8-32ac1de 575->594 595 32ac1bd-32ac1ca call 32a1cb0 575->595 579 32ac158-32ac15a 576->579 580 32ac4d2-32ac4d4 576->580 577->567 577->576 582 32ac4d6-32ac4ec call 32a1d00 579->582 584 32ac160-32ac164 579->584 581 32ac526-32ac542 call 32a1ce0 call 32a1d00 call 32a1ce0 call 32a1d00 580->581 580->582 581->571 582->539 584->573 588 32ac166-32ac16f call 32ab300 584->588 588->573 594->575 599 32ac1e0-32ac1ee call 32a1ca0 594->599 605 32ac1cc-32ac1d3 call 32a1ce0 call 32a1d00 595->605 606 32ac246-32ac259 call 32a1d00 call 32a1ce0 call 32a1d00 595->606 607 32ac25e-32ac271 call 32a1c40 599->607 608 32ac1f0-32ac204 call 32a1cb0 599->608 605->594 634 32ac0d7-32ac0db 606->634 624 32ac547 607->624 625 32ac277-32ac320 call 32bef40 RegisterClassExA call 32c8fec GetModuleHandleA GetProcAddress 607->625 622 32ac20b-32ac213 608->622 623 32ac206-32ac209 608->623 627 32ac219-32ac21b 622->627 628 32ac4ee-32ac4f0 622->628 623->608 623->622 648 32ac3ee-32ac423 GetLastError call 32c8fec FormatMessageA 625->648 649 32ac326-32ac397 ShowWindow RegisterDeviceNotificationA 625->649 627->625 631 32ac21d-32ac241 call 32a1d00 call 32a1ce0 call 32a1d00 627->631 628->631 632 32ac4f6-32ac524 call 32a1ce0 call 32a1d00 call 32a1ce0 call 32a1d00 call 32a1ce0 call 32a1d00 628->632 631->539 632->571 634->556 661 32ac429-32ac44e call 32a1ce0 call 32a1d00 call 32a1ce0 call 32a1d00 648->661 650 32ac3a1-32ac3b6 PeekMessageA 649->650 654 32ac3da-32ac3ea Sleep 650->654 655 32ac3b8-32ac3c3 650->655 654->650 660 32ac3ec 654->660 658 32ac3cf-32ac3d4 DispatchMessageA 655->658 659 32ac3c5-32ac3cd 655->659 658->654 659->658 659->661 660->661 675 32ac48d-32ac495 661->675 676 32ac450-32ac487 UnregisterDeviceNotification GetModuleHandleA GetProcAddress UnregisterClassA 661->676 675->634 677 32ac49b-32ac4ad call 32a1ce0 call 32a1d00 675->677 676->675 677->571
                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                  			E032ABFD0(void* __ebx, void* __edi, void* __esi) {
				signed int _v4;
				char _v1028;
				char _v1076;
				char _v1092;
				intOrPtr _v1148;
				intOrPtr _v1152;
				intOrPtr _v1156;
				intOrPtr _v1160;
				intOrPtr _v1168;
				char _v1172;
				struct _WNDCLASSEXA _v1248;
				struct HWND__* _v1256;
				void* _v1260;
				intOrPtr _v1300;
				intOrPtr _v1308;
				intOrPtr _v1312;
				void* __ebp;
				signed int _t45;
				void* _t54;
				void* _t56;
				void* _t57;
				void* _t62;
				void* _t63;
				_Unknown_base(*)()* _t75;
				_Unknown_base(*)()* _t96;
				intOrPtr _t100;
				char* _t101;
				void* _t106;
				void* _t122;
				void* _t123;
				struct HWND__* _t132;
				void* _t134;
				long _t147;
				long _t157;
				void* _t161;
				intOrPtr _t178;
				void* _t181;
				intOrPtr _t190;
				intOrPtr _t191;
				void* _t197;
				intOrPtr _t198;
				void* _t199;
				signed int _t200;
				long _t201;
				signed int _t206;

				_t206 =  &_v1260;
				_t45 =  *0x32ed474; // 0x444d31ba
				_v4 = _t45 ^ _t206;
				_v1256 = 0;
				_t197 = 0;
				while( *0x32f0be4 == 0) {
					_t181 = _t197;
					_t197 = _t197 + 1;
					if(_t181 >= 7) {
						break;
					}
					_t157 = WaitForInputIdle(GetCurrentProcess(), 0xc8); // executed
					if(_t157 == 0x102) {
						continue;
					}
					break;
				}
				if( *0x32f0be4 == 0) {
					_push(3);
					E032B6CF0( &_v1092, "%s%i", "Global\\CBIOS_VERSION_MUTEX");
					_t198 = E032A1C40( &_v1092, 0);
					_t206 = _t206 + 0x18;
					_v1260 = _t198;
					if(_t198 == 0) {
						goto L5;
					} else {
						 *0x32f0bdc = 2;
						do {
							_t54 = E032A1CB0(0x14, _t198);
						} while ( *0x32f0be4 == 0 && _t54 == 1);
						if( *0x32f0be4 == 0) {
							if(_t54 == 0) {
								while(1) {
									L16:
									_t56 = E032A1CA0("Global\\CBIOS_LISTEN_THREAD_MUTEX");
									_t205 = _t56;
									if(_t56 == 0) {
										goto L25;
									}
									 *0x32f0bdc = 1;
									_t132 = FindWindowA("CBIOS_DEVCHANGE_WINDOW_CLASS", 0);
									if(_t132 != 0) {
										_t147 = GetWindowThreadProcessId(_t132, 0);
										_v1256 = 1;
										PostThreadMessageA(_t147, 0x43a, 3, 0);
									}
									do {
										_t134 = E032A1CB0(0x32, _t205);
									} while ( *0x32f0be4 == 0 && _t134 == 1);
									if( *0x32f0be4 != 0) {
										if(_t134 == 0) {
											E032A1CE0(_t205);
											E032A1D00(_t205);
											E032A1CE0(_t198);
											E032A1D00(_t198);
											L53:
											L54:
											return E032BD98D(_v4 ^ _t206);
										}
										L56:
										 *0x32f0bdc = 2;
										E032A1D00(_t205);
										goto L54;
									}
									if(_t134 != 0) {
										goto L56;
									}
									if(_v1256 != 0) {
										E032AB300(0);
										_v1256 = 0;
									}
									L26:
									_t161 = 4;
									do {
										_push(_t161);
										E032B6CF0( &_v1092, "%s%i", "Global\\CBIOS_VERSION_MUTEX");
										_t206 = _t206 + 0x10;
										_t199 = E032A1CA0( &_v1092);
										if(_t199 == 0) {
											goto L30;
										}
										_t122 = E032A1CB0(0, _t199);
										_t123 = _t199;
										if(_t122 != 0) {
											E032A1D00(_t123);
											E032A1CE0(_t205);
											E032A1D00(_t205);
											L15:
											_t198 = _v1308;
											goto L16;
										}
										E032A1CE0(_t123);
										E032A1D00(_t199);
										L30:
										_t161 = _t161 + 1;
									} while (_t161 <= 9);
									_t62 = E032A1CA0("Global\\CBIOS_NOTIFY_THREAD_MUTEX");
									_t162 = _t62;
									if(_t62 == 0) {
										_t63 = E032A1C40("Global\\CBIOS_NOTIFY_THREAD_MUTEX", 1);
										_t162 = _t63;
										_t206 = _t206 + 8;
										if(_t63 == 0) {
											 *0x32f0bdc = 2;
											L37:
											E032A1CE0(_t205);
											E032A1D00(_t205);
											goto L54;
										}
										L40:
										E032BEF40(0,  &_v1248, 0, 0x30);
										_v1248.cbSize = 0x30;
										_v1248.style = 0x4000;
										_v1248.lpfnWndProc = E032ABBA0;
										_v1248.cbClsExtra = 0;
										_v1248.cbWndExtra = 0;
										_v1248.hInstance = 0;
										_v1248.hIcon = 0;
										_v1248.hCursor = 0;
										_v1248.hbrBackground = 0;
										_v1248.lpszMenuName.hwnd = 0;
										_v1248.lpszClassName = "CBIOS_DEVCHANGE_WINDOW_CLASS";
										_v1248.hIconSm = 0;
										_t200 = RegisterClassExA( &_v1248) & 0xffff;
										E032C8FEC( &_v1248, _t200,  &_v1028, 0xa);
										_t206 = _t206 + 0x18;
										_t75 = GetProcAddress(GetModuleHandleA("user32.dll"), "CreateWindowExA");
										 *0x32f0bcc =  *_t75(0, _t200, "cbios devchange wnd", 0, 0, 0, 0, 0, 0, 0, 0, 0);
										if( *0x32f0bcc == 0) {
											_t201 = GetLastError();
											E032C8FEC( &_v1248, _t201,  &_v1076, 0xa);
											_t206 = _t206 + 0xc;
											FormatMessageA(0x1000, 0, _t201, 0x409,  &_v1076, 0x400, 0);
											L49:
											E032A1CE0(_t205);
											E032A1D00(_t205);
											E032A1CE0(_t162);
											E032A1D00(_t162);
											if( *0x32f0be4 != 2) {
												__imp__UnregisterDeviceNotification(_v1300);
												_t96 = GetProcAddress(GetModuleHandleA("user32.dll"), "DestroyWindow");
												 *_t96( *0x32f0bcc);
												 *0x32f0bcc = 0;
												UnregisterClassA("CBIOS_DEVCHANGE_WINDOW_CLASS", 0);
											}
											if( *0x32f0be4 == 0) {
												goto L15;
											} else {
												E032A1CE0(_v1308);
												E032A1D00(_v1308);
												 *0x32f0bdc = 0xffffffff;
												goto L53;
											}
										}
										ShowWindow( *0x32f0bcc, 0);
										_t100 =  *0x32dd128; // 0x11d26530
										_t178 =  *0x32dd12c; // 0xc0001f90
										_t190 =  *0x32dd124; // 0xa5dcbf10
										_v1156 = _t100;
										_t101 =  &_v1172;
										_v1152 = _t178;
										_v1160 = _t190;
										_t191 =  *0x32dd130; // 0xed51b94f
										_v1172 = 0x20;
										_v1168 = 5;
										_v1148 = _t191;
										__imp__RegisterDeviceNotificationA( *0x32f0bcc, _t101, 0);
										_v1312 = _t101;
										 *0x32f0bdc = 1;
										do {
											if(PeekMessageA( &(_v1248.lpszMenuName), 0, 0, 0, 1) == 0) {
												goto L46;
											}
											if(_v1248.lpszClassName != 0x43a || _v1248.hIconSm <= 3) {
												DispatchMessageA( &(_v1248.lpszMenuName));
											} else {
												goto L49;
											}
											L46:
											Sleep(0xa);
										} while ( *0x32f0be4 == 0);
										goto L49;
									} else {
										goto L32;
									}
									do {
										L32:
										_t106 = E032A1CB0(0x32, _t162);
									} while ( *0x32f0be4 == 0 && _t106 == 1);
									if( *0x32f0be4 != 0) {
										if(_t106 != 0) {
											L36:
											 *0x32f0bdc = 2;
											E032A1D00(_t162);
											goto L37;
										}
										E032A1CE0(_t162);
										E032A1D00(_t162);
										E032A1CE0(_t205);
										E032A1D00(_t205);
										E032A1CE0(_v1260);
										E032A1D00(_v1260);
										goto L53;
									}
									if(_t106 == 0) {
										goto L40;
									}
									goto L36;
									L25:
									_t57 = E032A1C40("Global\\CBIOS_LISTEN_THREAD_MUTEX", 1);
									_t205 = _t57;
									_t206 = _t206 + 8;
									if(_t57 == 0) {
										goto L5;
									}
									goto L26;
								}
							}
							L14:
							 *0x32f0bdc = 2;
							E032A1D00(_t198);
							goto L54;
						}
						if(_t54 != 0) {
							goto L14;
						}
						E032A1CE0(_t198);
						E032A1D00(_t198);
						goto L53;
					}
				}
				L5:
				 *0x32f0bdc = 2;
				goto L54;
			}
















































                                                                                                                                  0x032abfd0
                                                                                                                                  0x032abfd6
                                                                                                                                  0x032abfdd
                                                                                                                                  0x032abff6
                                                                                                                                  0x032abffa
                                                                                                                                  0x032ac000
                                                                                                                                  0x032ac009
                                                                                                                                  0x032ac00b
                                                                                                                                  0x032ac011
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac01b
                                                                                                                                  0x032ac022
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac022
                                                                                                                                  0x032ac02c
                                                                                                                                  0x032ac03d
                                                                                                                                  0x032ac051
                                                                                                                                  0x032ac064
                                                                                                                                  0x032ac066
                                                                                                                                  0x032ac06b
                                                                                                                                  0x032ac06f
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac071
                                                                                                                                  0x032ac076
                                                                                                                                  0x032ac080
                                                                                                                                  0x032ac087
                                                                                                                                  0x032ac092
                                                                                                                                  0x032ac0a3
                                                                                                                                  0x032ac0be
                                                                                                                                  0x032ac0e0
                                                                                                                                  0x032ac0e0
                                                                                                                                  0x032ac0e5
                                                                                                                                  0x032ac0ea
                                                                                                                                  0x032ac0ee
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac0ff
                                                                                                                                  0x032ac105
                                                                                                                                  0x032ac10d
                                                                                                                                  0x032ac111
                                                                                                                                  0x032ac120
                                                                                                                                  0x032ac124
                                                                                                                                  0x032ac124
                                                                                                                                  0x032ac130
                                                                                                                                  0x032ac137
                                                                                                                                  0x032ac142
                                                                                                                                  0x032ac152
                                                                                                                                  0x032ac4d4
                                                                                                                                  0x032ac528
                                                                                                                                  0x032ac52f
                                                                                                                                  0x032ac536
                                                                                                                                  0x032ac53d
                                                                                                                                  0x032ac4b7
                                                                                                                                  0x032ac4b9
                                                                                                                                  0x032ac4d1
                                                                                                                                  0x032ac4d1
                                                                                                                                  0x032ac4d6
                                                                                                                                  0x032ac4d8
                                                                                                                                  0x032ac4e2
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac4e7
                                                                                                                                  0x032ac15a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac164
                                                                                                                                  0x032ac166
                                                                                                                                  0x032ac16b
                                                                                                                                  0x032ac16b
                                                                                                                                  0x032ac18a
                                                                                                                                  0x032ac18a
                                                                                                                                  0x032ac190
                                                                                                                                  0x032ac190
                                                                                                                                  0x032ac1a3
                                                                                                                                  0x032ac1a8
                                                                                                                                  0x032ac1b7
                                                                                                                                  0x032ac1bb
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac1c1
                                                                                                                                  0x032ac1c8
                                                                                                                                  0x032ac1ca
                                                                                                                                  0x032ac246
                                                                                                                                  0x032ac24d
                                                                                                                                  0x032ac254
                                                                                                                                  0x032ac0d7
                                                                                                                                  0x032ac0d7
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac0d7
                                                                                                                                  0x032ac1cc
                                                                                                                                  0x032ac1d3
                                                                                                                                  0x032ac1d8
                                                                                                                                  0x032ac1d8
                                                                                                                                  0x032ac1db
                                                                                                                                  0x032ac1e5
                                                                                                                                  0x032ac1ea
                                                                                                                                  0x032ac1ee
                                                                                                                                  0x032ac265
                                                                                                                                  0x032ac26a
                                                                                                                                  0x032ac26c
                                                                                                                                  0x032ac271
                                                                                                                                  0x032ac547
                                                                                                                                  0x032ac22e
                                                                                                                                  0x032ac230
                                                                                                                                  0x032ac237
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac23c
                                                                                                                                  0x032ac277
                                                                                                                                  0x032ac27f
                                                                                                                                  0x032ac28c
                                                                                                                                  0x032ac294
                                                                                                                                  0x032ac29c
                                                                                                                                  0x032ac2a4
                                                                                                                                  0x032ac2a8
                                                                                                                                  0x032ac2ac
                                                                                                                                  0x032ac2b0
                                                                                                                                  0x032ac2b4
                                                                                                                                  0x032ac2b8
                                                                                                                                  0x032ac2bc
                                                                                                                                  0x032ac2c0
                                                                                                                                  0x032ac2c8
                                                                                                                                  0x032ac2d5
                                                                                                                                  0x032ac2e3
                                                                                                                                  0x032ac2e8
                                                                                                                                  0x032ac2fc
                                                                                                                                  0x032ac314
                                                                                                                                  0x032ac320
                                                                                                                                  0x032ac3fd
                                                                                                                                  0x032ac401
                                                                                                                                  0x032ac406
                                                                                                                                  0x032ac423
                                                                                                                                  0x032ac429
                                                                                                                                  0x032ac42b
                                                                                                                                  0x032ac432
                                                                                                                                  0x032ac439
                                                                                                                                  0x032ac440
                                                                                                                                  0x032ac44e
                                                                                                                                  0x032ac455
                                                                                                                                  0x032ac46c
                                                                                                                                  0x032ac479
                                                                                                                                  0x032ac481
                                                                                                                                  0x032ac487
                                                                                                                                  0x032ac487
                                                                                                                                  0x032ac495
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac49b
                                                                                                                                  0x032ac4a1
                                                                                                                                  0x032ac4a8
                                                                                                                                  0x032ac4ad
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac4ad
                                                                                                                                  0x032ac495
                                                                                                                                  0x032ac32e
                                                                                                                                  0x032ac334
                                                                                                                                  0x032ac339
                                                                                                                                  0x032ac33f
                                                                                                                                  0x032ac345
                                                                                                                                  0x032ac34d
                                                                                                                                  0x032ac354
                                                                                                                                  0x032ac361
                                                                                                                                  0x032ac368
                                                                                                                                  0x032ac370
                                                                                                                                  0x032ac37b
                                                                                                                                  0x032ac386
                                                                                                                                  0x032ac38d
                                                                                                                                  0x032ac393
                                                                                                                                  0x032ac397
                                                                                                                                  0x032ac3a1
                                                                                                                                  0x032ac3b6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac3c3
                                                                                                                                  0x032ac3d4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac3da
                                                                                                                                  0x032ac3dc
                                                                                                                                  0x032ac3e8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac1f0
                                                                                                                                  0x032ac1f0
                                                                                                                                  0x032ac1f7
                                                                                                                                  0x032ac202
                                                                                                                                  0x032ac213
                                                                                                                                  0x032ac4f0
                                                                                                                                  0x032ac21d
                                                                                                                                  0x032ac21f
                                                                                                                                  0x032ac229
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac229
                                                                                                                                  0x032ac4f8
                                                                                                                                  0x032ac4ff
                                                                                                                                  0x032ac506
                                                                                                                                  0x032ac50d
                                                                                                                                  0x032ac518
                                                                                                                                  0x032ac51f
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac51f
                                                                                                                                  0x032ac21b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac171
                                                                                                                                  0x032ac178
                                                                                                                                  0x032ac17d
                                                                                                                                  0x032ac17f
                                                                                                                                  0x032ac184
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac184
                                                                                                                                  0x032ac0e0
                                                                                                                                  0x032ac0c0
                                                                                                                                  0x032ac0c2
                                                                                                                                  0x032ac0c8
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac0cd
                                                                                                                                  0x032ac0a7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac0ab
                                                                                                                                  0x032ac0b2
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac0b2
                                                                                                                                  0x032ac06f
                                                                                                                                  0x032ac02e
                                                                                                                                  0x032ac033
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(000000C8), ref: 032AC018
                                                                                                                                  • WaitForInputIdle.USER32 ref: 032AC01B
                                                                                                                                    • Part of subcall function 032A1CA0: OpenMutexA.KERNEL32 ref: 032A1CA8
                                                                                                                                  • FindWindowA.USER32 ref: 032AC105
                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 032AC111
                                                                                                                                  • PostThreadMessageA.USER32 ref: 032AC124
                                                                                                                                    • Part of subcall function 032A1C40: InitializeSecurityDescriptor.ADVAPI32(?,00000001,00000000,?,032ABDD4,Global\CBIOS_MUTEX_SHARED_MEM,00000000,032F0808,00000000,00000080,76D86490), ref: 032A1C4D
                                                                                                                                    • Part of subcall function 032A1C40: SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000,?,032ABDD4,Global\CBIOS_MUTEX_SHARED_MEM,00000000,032F0808,00000000,00000080,76D86490), ref: 032A1C60
                                                                                                                                    • Part of subcall function 032A1C40: CreateMutexA.KERNELBASE ref: 032A1C8D
                                                                                                                                  • RegisterClassExA.USER32 ref: 032AC2CC
                                                                                                                                  • GetModuleHandleA.KERNEL32(user32.dll,?,?,?), ref: 032AC2F0
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CreateWindowExA), ref: 032AC2FC
                                                                                                                                  • ShowWindow.USER32(?,00000000,?,?,?), ref: 032AC32E
                                                                                                                                  • RegisterDeviceNotificationA.USER32 ref: 032AC38D
                                                                                                                                  • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 032AC3AE
                                                                                                                                  • DispatchMessageA.USER32 ref: 032AC3D4
                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 032AC3DC
                                                                                                                                  • GetLastError.KERNEL32(?,?,?), ref: 032AC3EE
                                                                                                                                  • FormatMessageA.KERNEL32(00001000,00000000,00000000,00000409,?,00000400,00000000,?,?,?,?,?,?), ref: 032AC423
                                                                                                                                  • UnregisterDeviceNotification.USER32 ref: 032AC455
                                                                                                                                  • GetModuleHandleA.KERNEL32(user32.dll,?,?,?,?,?,?), ref: 032AC460
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DestroyWindow), ref: 032AC46C
                                                                                                                                  • UnregisterClassA.USER32 ref: 032AC487
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$Window$AddressClassDescriptorDeviceHandleModuleMutexNotificationProcProcessRegisterSecurityThreadUnregister$CreateCurrentDaclDispatchErrorFindFormatIdleInitializeInputLastOpenPeekPostShowSleepWait
                                                                                                                                  • String ID: $%s%i$0$CBIOS_DEVCHANGE_WINDOW_CLASS$CreateWindowExA$DestroyWindow$Global\CBIOS_LISTEN_THREAD_MUTEX$Global\CBIOS_NOTIFY_THREAD_MUTEX$Global\CBIOS_VERSION_MUTEX$cbios devchange wnd$user32.dll
                                                                                                                                  • API String ID: 3599045640-498745873
                                                                                                                                  • Opcode ID: 0162b8ecf75aa508cb41081076073cade35a96012992637cfa2b09a3575ab2fa
                                                                                                                                  • Instruction ID: 125ef6cdef88f341d0b7aca12cdfaf2c58d43dfa906db21468f53aff52286539
                                                                                                                                  • Opcode Fuzzy Hash: 0162b8ecf75aa508cb41081076073cade35a96012992637cfa2b09a3575ab2fa
                                                                                                                                  • Instruction Fuzzy Hash: A9D10278724B51AFC320FF6CE888B6FB2A9EB84754F04842DF506CB245D7B49490CB92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00404356 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 266stringCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 858 404356-404385 859 404394-40439b 858->859 860 404387-40438f call 40540b call 405dc8 858->860 862 40439d-4043b3 GetDlgItem call 4056c6 859->862 863 40440f-404416 859->863 860->859 874 4043c5-404402 SetWindowTextA call 403f18 * 2 call 403f4d call 405e88 862->874 875 4043b5-4043bd call 4056ed 862->875 864 4044eb-4044f2 863->864 865 40441c-404422 863->865 870 404501-404518 call 40540b call 40573a 864->870 871 4044f4-4044fb 864->871 868 404424-40442f 865->868 869 40443c-404441 865->869 876 404435 868->876 877 404676-404688 call 403f7f 868->877 869->864 878 404447-40448c call 405b88 SHBrowseForFolderA 869->878 897 404521-40453a call 405b66 call 405e88 870->897 898 40451a 870->898 871->870 871->877 874->877 916 404408-40440d SHAutoComplete 874->916 875->874 890 4043bf-4043c0 call 405659 875->890 876->869 891 4044e4 878->891 892 40448e-4044a8 CoTaskMemFree call 405659 878->892 890->874 891->864 903 4044d2-4044e2 SetDlgItemTextA 892->903 904 4044aa-4044b0 892->904 914 404571-404580 call 405b66 call 4056ed 897->914 915 40453c-404540 897->915 898->897 903->864 904->903 907 4044b2-4044c9 call 405b88 lstrcmpiA 904->907 907->903 918 4044cb-4044cd lstrcatA 907->918 933 404582 914->933 934 404585-40459e GetDiskFreeSpaceA 914->934 919 404542-404554 GetDiskFreeSpaceExA 915->919 920 40456f 915->920 916->863 918->903 921 4045c2-4045d8 919->921 922 404556-404558 919->922 920->914 927 4045dd 921->927 924 40455a 922->924 925 40455d-40456d call 4056a0 922->925 924->925 925->919 925->920 928 4045e2-4045ec call 4047a6 927->928 938 4045f9-404602 928->938 939 4045ee-4045f0 928->939 933->934 936 4045a0-4045c0 MulDiv 934->936 937 4045da 934->937 936->928 937->927 941 404604-404614 call 4046f1 938->941 942 40462f-404639 938->942 939->938 940 4045f2 939->940 940->938 952 404621-40462a SetDlgItemTextA 941->952 953 404616-40461a call 4046f1 941->953 944 404645-40464b 942->944 945 40463b-404642 call 40140b 942->945 947 404650-404661 call 403f3a 944->947 948 40464d 944->948 945->944 956 404670 947->956 957 404663-404669 947->957 948->947 952->942 958 40461f 953->958 956->877 957->956 959 40466b call 4042eb 957->959 958->942 959->956
                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                  			E00404356(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				union _ULARGE_INTEGER _v24;
				long _v28;
				union _ULARGE_INTEGER _v32;
				intOrPtr _v36;
				long _v40;
				union _ULARGE_INTEGER _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr _t124;
				signed int* _t145;
				intOrPtr _t147;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc70; // 0x69fd64
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040540B(0x3fb, _t162);
					E00405DC8(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040540B(0x3fb, _t162);
							if(E0040573A(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E00405B66(0x41f468, _t162);
							_t145 = 0;
							_t86 = E00405E88(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405B66(0x41f468, _t162);
								_t88 = E004056ED(0x41f468);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f468,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f468) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = GetDiskFreeSpaceExA(0x41f468,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E004056A0(0x41f468) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f468) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44.LowPart) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E004047A6(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								_t147 =  *0x42367c; // 0x6b2723
								if( *((intOrPtr*)(_t147 + 0x10)) != _t145) {
									E004046F1(0x3ff, 0xfffffffb, _t94); // executed
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f458);
									} else {
										E004046F1(_t163, 0xfffffffc, _t153); // executed
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403F3A(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x42048c == _t145) {
									E004042EB();
								}
								 *0x42048c = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x4204a0;
							_v56 = E0040468B;
							_v52 = _t162;
							_v64 = E00405B88(0x3fb, 0x4204a0, _t162, 0x41f870, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405659(_t162);
								_t124 =  *0x423eb0; // 0x69fab8
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t162 == "C:\\Program Files\\iba\\ibaAnalyzer") {
									E00405B88(0x3fb, 0x4204a0, _t162, 0, _t125);
									if(lstrcmpiA(0x422e40, 0x4204a0) != 0) {
										lstrcatA(_t162, 0x422e40);
									}
								}
								 *0x42048c =  &(( *0x42048c)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E004056C6(_t162) != 0 && E004056ED(_t162) == 0) {
						E00405659(_t162);
					}
					 *0x423678 = _t159;
					SetWindowTextA(_v12, _t162); // executed
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403F18(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403F18(_t159);
					E00403F4D(_v12);
					if(E00405E88(7) == 0) {
						L53:
						return E00403F7F(_a8, _a12, _a16);
					}
					SHAutoComplete(_v12, 1); // executed
					goto L8;
				}
			}







































                                                                                                                                  0x0040435c
                                                                                                                                  0x00404363
                                                                                                                                  0x0040436f
                                                                                                                                  0x0040437d
                                                                                                                                  0x00404385
                                                                                                                                  0x00404389
                                                                                                                                  0x0040438f
                                                                                                                                  0x0040438f
                                                                                                                                  0x0040439b
                                                                                                                                  0x0040440f
                                                                                                                                  0x00404416
                                                                                                                                  0x004044eb
                                                                                                                                  0x004044f2
                                                                                                                                  0x00404501
                                                                                                                                  0x00404501
                                                                                                                                  0x00404505
                                                                                                                                  0x0040450b
                                                                                                                                  0x00404518
                                                                                                                                  0x0040451a
                                                                                                                                  0x0040451a
                                                                                                                                  0x00404528
                                                                                                                                  0x0040452d
                                                                                                                                  0x00404530
                                                                                                                                  0x00404537
                                                                                                                                  0x0040453a
                                                                                                                                  0x00404571
                                                                                                                                  0x00404573
                                                                                                                                  0x00404579
                                                                                                                                  0x00404580
                                                                                                                                  0x00404582
                                                                                                                                  0x00404582
                                                                                                                                  0x0040459e
                                                                                                                                  0x004045da
                                                                                                                                  0x00000000
                                                                                                                                  0x004045a0
                                                                                                                                  0x004045a3
                                                                                                                                  0x004045b7
                                                                                                                                  0x004045b9
                                                                                                                                  0x00000000
                                                                                                                                  0x004045b9
                                                                                                                                  0x0040453c
                                                                                                                                  0x00404540
                                                                                                                                  0x0040456f
                                                                                                                                  0x0040456f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00404542
                                                                                                                                  0x00404542
                                                                                                                                  0x0040454f
                                                                                                                                  0x00404554
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00404558
                                                                                                                                  0x0040455a
                                                                                                                                  0x0040455a
                                                                                                                                  0x00404565
                                                                                                                                  0x00404568
                                                                                                                                  0x0040456d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040456d
                                                                                                                                  0x004045c8
                                                                                                                                  0x004045cf
                                                                                                                                  0x004045d6
                                                                                                                                  0x004045dd
                                                                                                                                  0x004045dd
                                                                                                                                  0x004045e2
                                                                                                                                  0x004045e4
                                                                                                                                  0x004045ec
                                                                                                                                  0x004045f2
                                                                                                                                  0x004045f2
                                                                                                                                  0x004045f9
                                                                                                                                  0x00404602
                                                                                                                                  0x0040460c
                                                                                                                                  0x00404614
                                                                                                                                  0x0040462a
                                                                                                                                  0x00404616
                                                                                                                                  0x0040461a
                                                                                                                                  0x0040461a
                                                                                                                                  0x00404614
                                                                                                                                  0x0040462f
                                                                                                                                  0x00404634
                                                                                                                                  0x00404639
                                                                                                                                  0x00404642
                                                                                                                                  0x00404642
                                                                                                                                  0x0040464b
                                                                                                                                  0x0040464d
                                                                                                                                  0x0040464d
                                                                                                                                  0x00404659
                                                                                                                                  0x00404661
                                                                                                                                  0x0040466b
                                                                                                                                  0x0040466b
                                                                                                                                  0x00404670
                                                                                                                                  0x00000000
                                                                                                                                  0x00404670
                                                                                                                                  0x0040453a
                                                                                                                                  0x004044f4
                                                                                                                                  0x004044fb
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004044fb
                                                                                                                                  0x0040441c
                                                                                                                                  0x00404422
                                                                                                                                  0x0040443c
                                                                                                                                  0x00404441
                                                                                                                                  0x0040444b
                                                                                                                                  0x00404452
                                                                                                                                  0x00404461
                                                                                                                                  0x00404464
                                                                                                                                  0x00404467
                                                                                                                                  0x0040446e
                                                                                                                                  0x00404476
                                                                                                                                  0x00404479
                                                                                                                                  0x0040447d
                                                                                                                                  0x00404484
                                                                                                                                  0x0040448c
                                                                                                                                  0x004044e4
                                                                                                                                  0x0040448e
                                                                                                                                  0x0040448f
                                                                                                                                  0x00404496
                                                                                                                                  0x0040449b
                                                                                                                                  0x004044a0
                                                                                                                                  0x004044a8
                                                                                                                                  0x004044b5
                                                                                                                                  0x004044c9
                                                                                                                                  0x004044cd
                                                                                                                                  0x004044cd
                                                                                                                                  0x004044c9
                                                                                                                                  0x004044d2
                                                                                                                                  0x004044dd
                                                                                                                                  0x004044dd
                                                                                                                                  0x0040448c
                                                                                                                                  0x00000000
                                                                                                                                  0x00404441
                                                                                                                                  0x0040442f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00404435
                                                                                                                                  0x00000000
                                                                                                                                  0x0040439d
                                                                                                                                  0x0040439d
                                                                                                                                  0x004043a9
                                                                                                                                  0x004043b3
                                                                                                                                  0x004043c0
                                                                                                                                  0x004043c0
                                                                                                                                  0x004043c6
                                                                                                                                  0x004043cf
                                                                                                                                  0x004043d8
                                                                                                                                  0x004043db
                                                                                                                                  0x004043de
                                                                                                                                  0x004043e6
                                                                                                                                  0x004043e9
                                                                                                                                  0x004043ec
                                                                                                                                  0x004043f4
                                                                                                                                  0x00404402
                                                                                                                                  0x00404676
                                                                                                                                  0x00404688
                                                                                                                                  0x00404688
                                                                                                                                  0x0040440d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040440d

                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32 ref: 004043A2
                                                                                                                                  • SetWindowTextA.USER32(?,?), ref: 004043CF
                                                                                                                                  • SHAutoComplete.SHLWAPI(?,00000001,00000007,?,?,00000014,?,?,00000001,?), ref: 0040440D
                                                                                                                                  • SHBrowseForFolderA.SHELL32(?,0041F870,?), ref: 00404484
                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 0040448F
                                                                                                                                  • lstrcmpiA.KERNEL32(Execute: ,004204A0,00000000,?,?), ref: 004044C1
                                                                                                                                  • lstrcatA.KERNEL32(?,Execute: ), ref: 004044CD
                                                                                                                                  • SetDlgItemTextA.USER32 ref: 004044DD
                                                                                                                                    • Part of subcall function 0040540B: GetDlgItemTextA.USER32 ref: 0040541E
                                                                                                                                    • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                                    • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                                    • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                                    • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                                  • GetDiskFreeSpaceExA.KERNELBASE(C:\Program Files\,?,?,?,00000000,C:\Program Files\,?,?,000003FB,?), ref: 0040454F
                                                                                                                                  • GetDiskFreeSpaceA.KERNEL32(C:\Program Files\,?,?,0000040F,?,C:\Program Files\,C:\Program Files\,?,00000000,C:\Program Files\,?,?,000003FB,?), ref: 00404596
                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B1
                                                                                                                                  • SetDlgItemTextA.USER32 ref: 0040462A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharItemText$FreeNext$DiskSpace$AutoBrowseCompleteFolderPrevTaskWindowlstrcatlstrcmpi
                                                                                                                                  • String ID: #'k$A$C:\Program Files\$C:\Program Files\iba\ibaAnalyzer$Execute:
                                                                                                                                  • API String ID: 936030579-198658149
                                                                                                                                  • Opcode ID: 8d107552149dbfadfe5899670efe1a05029da385b5136226cbd45bdfd8d65bfa
                                                                                                                                  • Instruction ID: fa341535892c43c3a67d7fcafb17cb6574160925603278dae289bcadb551eaae
                                                                                                                                  • Opcode Fuzzy Hash: 8d107552149dbfadfe5899670efe1a05029da385b5136226cbd45bdfd8d65bfa
                                                                                                                                  • Instruction Fuzzy Hash: 2D9170B1900218BBDB11AFA1CD84AAF7BB8EF45314F10847BF704B6291D77C9A41DB59
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00405B88 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 197stringCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1081 405b88-405b93 1082 405b95-405ba4 1081->1082 1083 405ba6-405bc3 1081->1083 1082->1083 1084 405da5-405da9 1083->1084 1085 405bc9-405bd0 1083->1085 1086 405bd5-405bdf 1084->1086 1087 405daf-405db9 1084->1087 1085->1084 1086->1087 1088 405be5-405bec 1086->1088 1089 405dc4-405dc5 1087->1089 1090 405dbb-405dbf call 405b66 1087->1090 1091 405bf2-405c27 1088->1091 1092 405d98 1088->1092 1090->1089 1094 405d42-405d45 1091->1094 1095 405c2d-405c38 GetVersion 1091->1095 1096 405da2-405da4 1092->1096 1097 405d9a-405da0 1092->1097 1100 405d75-405d78 1094->1100 1101 405d47-405d4a 1094->1101 1098 405c52 1095->1098 1099 405c3a-405c3e 1095->1099 1096->1084 1097->1084 1107 405c59-405c60 1098->1107 1099->1098 1104 405c40-405c44 1099->1104 1102 405d86-405d96 lstrlenA 1100->1102 1103 405d7a-405d81 call 405b88 1100->1103 1105 405d5a-405d66 call 405b66 1101->1105 1106 405d4c-405d58 call 405ac4 1101->1106 1102->1084 1103->1102 1104->1098 1109 405c46-405c4a 1104->1109 1118 405d6b-405d71 1105->1118 1106->1118 1111 405c62-405c64 1107->1111 1112 405c65-405c67 1107->1112 1109->1098 1114 405c4c-405c50 1109->1114 1111->1112 1116 405ca0-405ca3 1112->1116 1117 405c69-405c84 call 405a4d 1112->1117 1114->1107 1119 405cb3-405cb6 1116->1119 1120 405ca5-405cb1 GetSystemDirectoryA 1116->1120 1126 405c89-405c8c 1117->1126 1118->1102 1122 405d73 1118->1122 1124 405d20-405d22 1119->1124 1125 405cb8-405cc6 GetWindowsDirectoryA 1119->1125 1123 405d24-405d27 1120->1123 1127 405d3a-405d40 call 405dc8 1122->1127 1123->1127 1130 405d29-405d2d 1123->1130 1124->1123 1128 405cc8-405cd2 1124->1128 1125->1124 1129 405c92-405c9b call 405b88 1126->1129 1126->1130 1127->1102 1135 405cd4-405cd7 1128->1135 1136 405cec-405d02 SHGetSpecialFolderLocation 1128->1136 1129->1123 1130->1127 1133 405d2f-405d35 lstrcatA 1130->1133 1133->1127 1135->1136 1138 405cd9-405cea 1135->1138 1139 405d04-405d1b SHGetPathFromIDListA CoTaskMemFree 1136->1139 1140 405d1d 1136->1140 1138->1123 1138->1136 1139->1123 1139->1140 1140->1124
                                                                                                                                  C-Code - Quality: 74%
                                                                                                                                  			E00405B88(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42367c; // 0x6b2723
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423ed8; // 0x6aaf78
				_t74 = _t73 + _t36;
				_t37 = 0x422e40;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405B88(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x424000;
							E00405B66(_t86, (_t95 << 0xa) + 0x424000);
						} else {
							E00405AC4(_t86,  *0x423ea8);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DC8(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423ea4; // 0x74411340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423ed8;
							E00405A4D(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423ed8, _t86, _t69 & 0x00000040); // executed
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405B88(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B66(_a4, _t37);
			}






























                                                                                                                                  0x00405b88
                                                                                                                                  0x00405b88
                                                                                                                                  0x00405b88
                                                                                                                                  0x00405b8e
                                                                                                                                  0x00405b93
                                                                                                                                  0x00405b95
                                                                                                                                  0x00405ba4
                                                                                                                                  0x00405ba4
                                                                                                                                  0x00405ba6
                                                                                                                                  0x00405baf
                                                                                                                                  0x00405bb1
                                                                                                                                  0x00405bb6
                                                                                                                                  0x00405bb9
                                                                                                                                  0x00405bba
                                                                                                                                  0x00405bc1
                                                                                                                                  0x00405bc3
                                                                                                                                  0x00405bc9
                                                                                                                                  0x00405bcc
                                                                                                                                  0x00405bcc
                                                                                                                                  0x00405da5
                                                                                                                                  0x00405da5
                                                                                                                                  0x00405da9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405bd9
                                                                                                                                  0x00405bdf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405be5
                                                                                                                                  0x00405be6
                                                                                                                                  0x00405be9
                                                                                                                                  0x00405bec
                                                                                                                                  0x00405d98
                                                                                                                                  0x00405da2
                                                                                                                                  0x00405da4
                                                                                                                                  0x00405da4
                                                                                                                                  0x00405d9a
                                                                                                                                  0x00405d9c
                                                                                                                                  0x00405d9e
                                                                                                                                  0x00405d9f
                                                                                                                                  0x00405d9f
                                                                                                                                  0x00000000
                                                                                                                                  0x00405d98
                                                                                                                                  0x00405bf2
                                                                                                                                  0x00405bf6
                                                                                                                                  0x00405c06
                                                                                                                                  0x00405c0a
                                                                                                                                  0x00405c11
                                                                                                                                  0x00405c14
                                                                                                                                  0x00405c18
                                                                                                                                  0x00405c1e
                                                                                                                                  0x00405c21
                                                                                                                                  0x00405c24
                                                                                                                                  0x00405c27
                                                                                                                                  0x00405d42
                                                                                                                                  0x00405d45
                                                                                                                                  0x00405d75
                                                                                                                                  0x00405d78
                                                                                                                                  0x00405d7d
                                                                                                                                  0x00405d81
                                                                                                                                  0x00405d81
                                                                                                                                  0x00405d86
                                                                                                                                  0x00405d87
                                                                                                                                  0x00405d8c
                                                                                                                                  0x00405d8f
                                                                                                                                  0x00405d91
                                                                                                                                  0x00000000
                                                                                                                                  0x00405d91
                                                                                                                                  0x00405d47
                                                                                                                                  0x00405d4a
                                                                                                                                  0x00405d5f
                                                                                                                                  0x00405d66
                                                                                                                                  0x00405d4c
                                                                                                                                  0x00405d53
                                                                                                                                  0x00405d53
                                                                                                                                  0x00405d6e
                                                                                                                                  0x00405d71
                                                                                                                                  0x00405d3a
                                                                                                                                  0x00405d3b
                                                                                                                                  0x00405d3b
                                                                                                                                  0x00000000
                                                                                                                                  0x00405d71
                                                                                                                                  0x00405c2f
                                                                                                                                  0x00405c30
                                                                                                                                  0x00405c36
                                                                                                                                  0x00405c38
                                                                                                                                  0x00405c52
                                                                                                                                  0x00405c52
                                                                                                                                  0x00405c59
                                                                                                                                  0x00405c59
                                                                                                                                  0x00405c60
                                                                                                                                  0x00405c64
                                                                                                                                  0x00405c64
                                                                                                                                  0x00405c65
                                                                                                                                  0x00405c67
                                                                                                                                  0x00405ca0
                                                                                                                                  0x00405ca3
                                                                                                                                  0x00405cb3
                                                                                                                                  0x00405cb6
                                                                                                                                  0x00405cbe
                                                                                                                                  0x00405cc4
                                                                                                                                  0x00405cc4
                                                                                                                                  0x00405d20
                                                                                                                                  0x00405d20
                                                                                                                                  0x00405d22
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405cc8
                                                                                                                                  0x00405ccf
                                                                                                                                  0x00405cd0
                                                                                                                                  0x00405cd2
                                                                                                                                  0x00405cec
                                                                                                                                  0x00405cfa
                                                                                                                                  0x00405d00
                                                                                                                                  0x00405d02
                                                                                                                                  0x00405d1d
                                                                                                                                  0x00405d1d
                                                                                                                                  0x00405d1d
                                                                                                                                  0x00000000
                                                                                                                                  0x00405d1d
                                                                                                                                  0x00405d08
                                                                                                                                  0x00405d13
                                                                                                                                  0x00405d19
                                                                                                                                  0x00405d1b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405d1b
                                                                                                                                  0x00405cd4
                                                                                                                                  0x00405cd7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405ce6
                                                                                                                                  0x00405ce8
                                                                                                                                  0x00405cea
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405cea
                                                                                                                                  0x00000000
                                                                                                                                  0x00405d20
                                                                                                                                  0x00405cab
                                                                                                                                  0x00000000
                                                                                                                                  0x00405c69
                                                                                                                                  0x00405c6e
                                                                                                                                  0x00405c84
                                                                                                                                  0x00405c89
                                                                                                                                  0x00405c8c
                                                                                                                                  0x00405d29
                                                                                                                                  0x00405d29
                                                                                                                                  0x00405d2d
                                                                                                                                  0x00405d35
                                                                                                                                  0x00405d35
                                                                                                                                  0x00000000
                                                                                                                                  0x00405d2d
                                                                                                                                  0x00405c96
                                                                                                                                  0x00405d24
                                                                                                                                  0x00405d24
                                                                                                                                  0x00405d27
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405d27
                                                                                                                                  0x00405c67
                                                                                                                                  0x00405c3a
                                                                                                                                  0x00405c3e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405c40
                                                                                                                                  0x00405c44
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405c46
                                                                                                                                  0x00405c4a
                                                                                                                                  0x00000000
                                                                                                                                  0x00405c4c
                                                                                                                                  0x00405c4c
                                                                                                                                  0x00000000
                                                                                                                                  0x00405c4c
                                                                                                                                  0x00405c4a
                                                                                                                                  0x00405daf
                                                                                                                                  0x00405db9
                                                                                                                                  0x00405dc5
                                                                                                                                  0x00405dc5
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GetVersion.KERNEL32(00000000,Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00404F3C,Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000), ref: 00405C30
                                                                                                                                  • GetSystemDirectoryA.KERNEL32 ref: 00405CAB
                                                                                                                                  • GetWindowsDirectoryA.KERNEL32(Execute: ,00000400), ref: 00405CBE
                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405CFA
                                                                                                                                  • SHGetPathFromIDListA.SHELL32(00000000,Execute: ), ref: 00405D08
                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00405D13
                                                                                                                                  • lstrcatA.KERNEL32(Execute: ,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D35
                                                                                                                                  • lstrlenA.KERNEL32(Execute: ,00000000,Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00404F3C,Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000), ref: 00405D87
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                  • String ID: #'k$Execute: $Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx"$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                  • API String ID: 900638850-3299763532
                                                                                                                                  • Opcode ID: ca0249d5f4d71674562d458b63bf6447001add47325df02e3d4ad3532f05c4cf
                                                                                                                                  • Instruction ID: 2bb53c71d9fe9ef1e56bc14ab20fd8486271744d1d3ead2cb2ad614034e11287
                                                                                                                                  • Opcode Fuzzy Hash: ca0249d5f4d71674562d458b63bf6447001add47325df02e3d4ad3532f05c4cf
                                                                                                                                  • Instruction Fuzzy Hash: D7510131A04A04AAEF205F64DC88B7B3BA4DF55324F14823BE911B62D0D33C59829E4E
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0040548B Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1142 40548b-4054a6 call 40573a 1145 4054a8-4054ba DeleteFileA 1142->1145 1146 4054bf-4054c9 1142->1146 1149 405653-405656 1145->1149 1147 4054cb-4054cd 1146->1147 1148 4054dd-4054eb call 405b66 1146->1148 1150 4054d3-4054d7 1147->1150 1151 4055fe-405604 1147->1151 1155 4054fa-4054fb call 4056a0 1148->1155 1156 4054ed-4054f8 lstrcatA 1148->1156 1150->1148 1150->1151 1151->1149 1154 405606-405609 1151->1154 1157 405613-40561b call 405e61 1154->1157 1158 40560b-405611 1154->1158 1160 405500-405503 1155->1160 1156->1160 1157->1149 1165 40561d-405632 call 405659 call 40581e RemoveDirectoryA 1157->1165 1158->1149 1163 405505-40550c 1160->1163 1164 40550e-405514 lstrcatA 1160->1164 1163->1164 1166 405519-405537 lstrlenA FindFirstFileA 1163->1166 1164->1166 1181 405634-405638 1165->1181 1182 40564b-40564e call 404f04 1165->1182 1168 4055f4-4055f8 1166->1168 1169 40553d-405554 call 405684 1166->1169 1168->1151 1171 4055fa 1168->1171 1176 405556-40555a 1169->1176 1177 40555f-405562 1169->1177 1171->1151 1176->1177 1178 40555c 1176->1178 1179 405564-405569 1177->1179 1180 405575-405583 call 405b66 1177->1180 1178->1177 1183 4055d3-4055e5 FindNextFileA 1179->1183 1184 40556b-40556d 1179->1184 1192 405585-40558d 1180->1192 1193 40559a-4055a9 call 40581e DeleteFileA 1180->1193 1181->1158 1186 40563a-405649 call 404f04 call 4058b4 1181->1186 1182->1149 1183->1169 1190 4055eb-4055ee FindClose 1183->1190 1184->1180 1188 40556f-405573 1184->1188 1186->1149 1188->1180 1188->1183 1190->1168 1192->1183 1195 40558f-405598 call 40548b 1192->1195 1202 4055cb-4055ce call 404f04 1193->1202 1203 4055ab-4055af 1193->1203 1195->1183 1202->1183 1204 4055b1-4055c1 call 404f04 call 4058b4 1203->1204 1205 4055c3-4055c9 1203->1205 1204->1183 1205->1183
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E0040548B(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040573A(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f28 =  *0x423f28 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B66(0x4214a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056A0(_t72);
					} else {
						lstrcatA(0x4214a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x4214a8,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405684( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B66(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040581E(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404F04(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404F04(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E004058B4();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040548B(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a8 - 0x5c;
					if( *0x4214a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E61(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405659(_t72);
							E0040581E(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404F04(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404F04(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E004058B4();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                                                                  0x00405496
                                                                                                                                  0x0040549a
                                                                                                                                  0x004054a3
                                                                                                                                  0x004054a6
                                                                                                                                  0x004054a9
                                                                                                                                  0x004054b1
                                                                                                                                  0x004054b3
                                                                                                                                  0x004054b4
                                                                                                                                  0x00000000
                                                                                                                                  0x004054b4
                                                                                                                                  0x004054c3
                                                                                                                                  0x004054c3
                                                                                                                                  0x004054c6
                                                                                                                                  0x004054c9
                                                                                                                                  0x004054dd
                                                                                                                                  0x004054e4
                                                                                                                                  0x004054e9
                                                                                                                                  0x004054eb
                                                                                                                                  0x004054fb
                                                                                                                                  0x004054ed
                                                                                                                                  0x004054f3
                                                                                                                                  0x004054f3
                                                                                                                                  0x00405500
                                                                                                                                  0x00405503
                                                                                                                                  0x0040550e
                                                                                                                                  0x00405514
                                                                                                                                  0x00405519
                                                                                                                                  0x00405529
                                                                                                                                  0x0040552b
                                                                                                                                  0x00405531
                                                                                                                                  0x00405534
                                                                                                                                  0x00405537
                                                                                                                                  0x004055f4
                                                                                                                                  0x004055f4
                                                                                                                                  0x004055f8
                                                                                                                                  0x004055fa
                                                                                                                                  0x004055fa
                                                                                                                                  0x004055fa
                                                                                                                                  0x004055fa
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040553d
                                                                                                                                  0x0040553d
                                                                                                                                  0x00405546
                                                                                                                                  0x0040554c
                                                                                                                                  0x00405551
                                                                                                                                  0x00405554
                                                                                                                                  0x00405556
                                                                                                                                  0x0040555a
                                                                                                                                  0x0040555c
                                                                                                                                  0x0040555c
                                                                                                                                  0x0040555a
                                                                                                                                  0x0040555f
                                                                                                                                  0x00405562
                                                                                                                                  0x00405575
                                                                                                                                  0x00405577
                                                                                                                                  0x0040557c
                                                                                                                                  0x00405583
                                                                                                                                  0x0040559b
                                                                                                                                  0x004055a1
                                                                                                                                  0x004055a7
                                                                                                                                  0x004055a9
                                                                                                                                  0x004055ce
                                                                                                                                  0x004055ab
                                                                                                                                  0x004055ab
                                                                                                                                  0x004055af
                                                                                                                                  0x004055c3
                                                                                                                                  0x004055b1
                                                                                                                                  0x004055b4
                                                                                                                                  0x004055b9
                                                                                                                                  0x004055bb
                                                                                                                                  0x004055bc
                                                                                                                                  0x004055bc
                                                                                                                                  0x004055af
                                                                                                                                  0x00405585
                                                                                                                                  0x0040558b
                                                                                                                                  0x0040558d
                                                                                                                                  0x00405593
                                                                                                                                  0x00405593
                                                                                                                                  0x0040558d
                                                                                                                                  0x00000000
                                                                                                                                  0x00405583
                                                                                                                                  0x00405564
                                                                                                                                  0x00405567
                                                                                                                                  0x00405569
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040556b
                                                                                                                                  0x0040556d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040556f
                                                                                                                                  0x00405573
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004055d3
                                                                                                                                  0x004055dd
                                                                                                                                  0x004055e3
                                                                                                                                  0x004055e3
                                                                                                                                  0x004055ee
                                                                                                                                  0x00000000
                                                                                                                                  0x004055ee
                                                                                                                                  0x00405505
                                                                                                                                  0x0040550c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004054cb
                                                                                                                                  0x004054cb
                                                                                                                                  0x004054cd
                                                                                                                                  0x004055fe
                                                                                                                                  0x00405601
                                                                                                                                  0x00405604
                                                                                                                                  0x00405656
                                                                                                                                  0x00405656
                                                                                                                                  0x00405656
                                                                                                                                  0x00405606
                                                                                                                                  0x00405609
                                                                                                                                  0x00405614
                                                                                                                                  0x00405619
                                                                                                                                  0x0040561b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040561e
                                                                                                                                  0x00405624
                                                                                                                                  0x0040562a
                                                                                                                                  0x00405630
                                                                                                                                  0x00405632
                                                                                                                                  0x00000000
                                                                                                                                  0x0040564e
                                                                                                                                  0x00405634
                                                                                                                                  0x00405638
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040563d
                                                                                                                                  0x00405642
                                                                                                                                  0x00405643
                                                                                                                                  0x00000000
                                                                                                                                  0x00405644
                                                                                                                                  0x0040560b
                                                                                                                                  0x0040560b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040560b
                                                                                                                                  0x004054d3
                                                                                                                                  0x004054d7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004054d7

                                                                                                                                  APIs
                                                                                                                                  • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,76DDF560), ref: 004054A9
                                                                                                                                  • lstrcatA.KERNEL32(004214A8,\*.*,004214A8,?,00000000,?,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,76DDF560), ref: 004054F3
                                                                                                                                  • lstrcatA.KERNEL32(?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,76DDF560), ref: 00405514
                                                                                                                                  • lstrlenA.KERNEL32(?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,76DDF560), ref: 0040551A
                                                                                                                                  • FindFirstFileA.KERNEL32(004214A8,?,?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,76DDF560), ref: 0040552B
                                                                                                                                  • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 004055DD
                                                                                                                                  • FindClose.KERNEL32(?), ref: 004055EE
                                                                                                                                  Strings
                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 0040548B
                                                                                                                                  • \*.*, xrefs: 004054ED
                                                                                                                                  • "C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" , xrefs: 00405495
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                  • String ID: "C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                  • API String ID: 2035342205-1997848309
                                                                                                                                  • Opcode ID: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                                                                  • Instruction ID: bc429f5d1e1b14784ce7e3564347ec6ed469848bfd5577fff983359c073685a4
                                                                                                                                  • Opcode Fuzzy Hash: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                                                                  • Instruction Fuzzy Hash: 0351F331904A447ADB216B218C45BBF3B79CF42728F54847BF905711E2CB3C5A82DE6E
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AC740 Relevance: 12.1, APIs: 8, Instructions: 96libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                  			E032AC740(void* __ebx, struct HINSTANCE__* __ecx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4) {
				signed int _v4;
				char _v264;
				struct _SECURITY_DESCRIPTOR _v284;
				struct _ACL* _v288;
				struct _SECURITY_DESCRIPTOR* _v292;
				char _v296;
				void* _v300;
				signed int _t17;
				intOrPtr _t25;
				void* _t28;
				long _t31;
				void* _t39;
				void* _t51;
				struct HINSTANCE__* _t53;
				struct HINSTANCE__* _t54;
				void* _t55;
				signed int _t57;

				_t51 = __edi;
				_t39 = __ebx;
				_t57 =  &_v300;
				_t17 =  *0x32ed474; // 0x444d31ba
				_v4 = _t17 ^ _t57;
				_t53 = __ecx;
				_v300 = 0;
				if(InterlockedCompareExchange(0x32ed0f4, 0x66, 0xffffffff) == 0xffffffff) {
					if(_t53 == 0) {
						_t54 = 0;
					} else {
						GetModuleFileNameA(_t53,  &_v264, 0x104);
						_t54 = LoadLibraryA( &_v264);
					}
					if(InitializeSecurityDescriptor( &_v284, 1) != 0) {
						if(SetSecurityDescriptorDacl( &_v284, 1, 0, 0) == 0) {
							goto L6;
						} else {
							_v296 = 0xc;
							_v292 =  &_v284;
							_v288 = 0;
							_t25 = E032ABD80(_t39, _t51, _t54);
							if(_t25 != 0) {
								L14:
								return E032BD98D(_v4 ^ _t57);
							} else {
								 *0x32f0bc0 = _t25;
								 *0x32f0bc4 = 2; // executed
								_t28 = E032C7751( &_v284,  &_v296, _t25, E032AC6E0, _t54, _t25,  &_v300); // executed
								_t55 = _t28;
								_t57 = _t57 + 0x18;
								if(_t55 == 0) {
									goto L6;
								} else {
									if(_a4 == 0) {
										WaitForSingleObject(_t55, 0xffffffff);
										CloseHandle(_t55);
										_t31 =  *0x32ed0f4; // 0xffffffff
										if(_t31 == 0x103) {
											goto L13;
										}
									} else {
										CloseHandle(_t55);
										L13:
									}
									goto L14;
								}
							}
						}
					} else {
						L6:
						return E032BD98D(_v4 ^ _t57);
					}
				} else {
					return E032BD98D(_v4 ^ _t57);
				}
			}




















                                                                                                                                  0x032ac740
                                                                                                                                  0x032ac740
                                                                                                                                  0x032ac740
                                                                                                                                  0x032ac746
                                                                                                                                  0x032ac74d
                                                                                                                                  0x032ac75e
                                                                                                                                  0x032ac760
                                                                                                                                  0x032ac771
                                                                                                                                  0x032ac790
                                                                                                                                  0x032ac7b2
                                                                                                                                  0x032ac792
                                                                                                                                  0x032ac79d
                                                                                                                                  0x032ac7ae
                                                                                                                                  0x032ac7ae
                                                                                                                                  0x032ac7c3
                                                                                                                                  0x032ac7f3
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac7f5
                                                                                                                                  0x032ac7f9
                                                                                                                                  0x032ac801
                                                                                                                                  0x032ac805
                                                                                                                                  0x032ac80d
                                                                                                                                  0x032ac814
                                                                                                                                  0x032ac879
                                                                                                                                  0x032ac88e
                                                                                                                                  0x032ac816
                                                                                                                                  0x032ac823
                                                                                                                                  0x032ac82d
                                                                                                                                  0x032ac837
                                                                                                                                  0x032ac83c
                                                                                                                                  0x032ac83e
                                                                                                                                  0x032ac843
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac845
                                                                                                                                  0x032ac84d
                                                                                                                                  0x032ac85b
                                                                                                                                  0x032ac862
                                                                                                                                  0x032ac868
                                                                                                                                  0x032ac872
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac84f
                                                                                                                                  0x032ac850
                                                                                                                                  0x032ac874
                                                                                                                                  0x032ac874
                                                                                                                                  0x00000000
                                                                                                                                  0x032ac84d
                                                                                                                                  0x032ac843
                                                                                                                                  0x032ac814
                                                                                                                                  0x032ac7c5
                                                                                                                                  0x032ac7c5
                                                                                                                                  0x032ac7df
                                                                                                                                  0x032ac7df
                                                                                                                                  0x032ac773
                                                                                                                                  0x032ac78d
                                                                                                                                  0x032ac78d

                                                                                                                                  APIs
                                                                                                                                  • InterlockedCompareExchange.KERNEL32 ref: 032AC768
                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 032AC79D
                                                                                                                                  • LoadLibraryA.KERNEL32(?), ref: 032AC7A8
                                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 032AC7BB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CompareDescriptorExchangeFileInitializeInterlockedLibraryLoadModuleNameSecurity
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3248392668-0
                                                                                                                                  • Opcode ID: eb84bcf6397c0efdf760f131067a67afe21ff217ea3e506d57c2cfd7164495e4
                                                                                                                                  • Instruction ID: 972b3f904983c390f98e1508cd68fbe01c0f379f427bbe23c970fc0d7d213d73
                                                                                                                                  • Opcode Fuzzy Hash: eb84bcf6397c0efdf760f131067a67afe21ff217ea3e506d57c2cfd7164495e4
                                                                                                                                  • Instruction Fuzzy Hash: 053124715157219FD320EF28EC09BEA77E8EB48B61F448618F559C61C0E7B4C594CB92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00406131 Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                  			E00406131() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                                  0x00000000
                                                                                                                                  0x00406131
                                                                                                                                  0x00406131
                                                                                                                                  0x00406136
                                                                                                                                  0x004061ad
                                                                                                                                  0x004061b4
                                                                                                                                  0x004061be
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a6
                                                                                                                                  0x004067ac
                                                                                                                                  0x004067b2
                                                                                                                                  0x004067cc
                                                                                                                                  0x004067cf
                                                                                                                                  0x004067d5
                                                                                                                                  0x004067e0
                                                                                                                                  0x004067e2
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067c3
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067ec
                                                                                                                                  0x00406813
                                                                                                                                  0x00406813
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00000000
                                                                                                                                  0x004067ee
                                                                                                                                  0x004067ee
                                                                                                                                  0x004067f2
                                                                                                                                  0x004069a1
                                                                                                                                  0x00000000
                                                                                                                                  0x004069a1
                                                                                                                                  0x004067fe
                                                                                                                                  0x00406805
                                                                                                                                  0x0040680d
                                                                                                                                  0x00406810
                                                                                                                                  0x00000000
                                                                                                                                  0x00406810
                                                                                                                                  0x00406138
                                                                                                                                  0x00406138
                                                                                                                                  0x0040613c
                                                                                                                                  0x00406144
                                                                                                                                  0x00406147
                                                                                                                                  0x00406149
                                                                                                                                  0x0040614c
                                                                                                                                  0x0040614e
                                                                                                                                  0x00406153
                                                                                                                                  0x00406156
                                                                                                                                  0x0040615d
                                                                                                                                  0x00406164
                                                                                                                                  0x00406167
                                                                                                                                  0x00406172
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x00406181
                                                                                                                                  0x0040619f
                                                                                                                                  0x004061a1
                                                                                                                                  0x00406374
                                                                                                                                  0x00406374
                                                                                                                                  0x00406377
                                                                                                                                  0x0040637a
                                                                                                                                  0x0040637d
                                                                                                                                  0x00406380
                                                                                                                                  0x00406383
                                                                                                                                  0x00406386
                                                                                                                                  0x00406389
                                                                                                                                  0x0040638c
                                                                                                                                  0x00406392
                                                                                                                                  0x004063aa
                                                                                                                                  0x004063ad
                                                                                                                                  0x004063b0
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b6
                                                                                                                                  0x004063bc
                                                                                                                                  0x00406394
                                                                                                                                  0x00406394
                                                                                                                                  0x0040639c
                                                                                                                                  0x004063a1
                                                                                                                                  0x004063a3
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063c6
                                                                                                                                  0x004063c9
                                                                                                                                  0x0040636c
                                                                                                                                  0x00406372
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x00406347
                                                                                                                                  0x0040634b
                                                                                                                                  0x00406953
                                                                                                                                  0x00000000
                                                                                                                                  0x00406953
                                                                                                                                  0x00406351
                                                                                                                                  0x00406354
                                                                                                                                  0x00406357
                                                                                                                                  0x0040635b
                                                                                                                                  0x0040635e
                                                                                                                                  0x00406364
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406369
                                                                                                                                  0x00000000
                                                                                                                                  0x00406369
                                                                                                                                  0x00406183
                                                                                                                                  0x00406183
                                                                                                                                  0x00406186
                                                                                                                                  0x0040618c
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x00406191
                                                                                                                                  0x00406194
                                                                                                                                  0x00406196
                                                                                                                                  0x00406197
                                                                                                                                  0x0040619a
                                                                                                                                  0x00406207
                                                                                                                                  0x00406207
                                                                                                                                  0x0040620b
                                                                                                                                  0x0040620e
                                                                                                                                  0x00406211
                                                                                                                                  0x00406214
                                                                                                                                  0x00406217
                                                                                                                                  0x00406218
                                                                                                                                  0x0040621b
                                                                                                                                  0x0040621d
                                                                                                                                  0x00406223
                                                                                                                                  0x00406226
                                                                                                                                  0x00406229
                                                                                                                                  0x0040622c
                                                                                                                                  0x0040622f
                                                                                                                                  0x00406235
                                                                                                                                  0x00406251
                                                                                                                                  0x00406254
                                                                                                                                  0x00406257
                                                                                                                                  0x0040625a
                                                                                                                                  0x00406261
                                                                                                                                  0x00406267
                                                                                                                                  0x0040626b
                                                                                                                                  0x00406237
                                                                                                                                  0x00406237
                                                                                                                                  0x0040623b
                                                                                                                                  0x00406243
                                                                                                                                  0x00406248
                                                                                                                                  0x0040624a
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040624c
                                                                                                                                  0x00406275
                                                                                                                                  0x00406278
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061f5
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062ae
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004062b0
                                                                                                                                  0x004062b3
                                                                                                                                  0x004062b6
                                                                                                                                  0x004062b9
                                                                                                                                  0x004062bc
                                                                                                                                  0x004062bf
                                                                                                                                  0x004062c2
                                                                                                                                  0x004062c5
                                                                                                                                  0x004062c8
                                                                                                                                  0x004062ce
                                                                                                                                  0x004062e6
                                                                                                                                  0x004062e9
                                                                                                                                  0x004062ec
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062f2
                                                                                                                                  0x004062f8
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d8
                                                                                                                                  0x004062dd
                                                                                                                                  0x004062df
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062e1
                                                                                                                                  0x00406302
                                                                                                                                  0x00406305
                                                                                                                                  0x00406283
                                                                                                                                  0x00406287
                                                                                                                                  0x00406947
                                                                                                                                  0x00000000
                                                                                                                                  0x00406947
                                                                                                                                  0x0040628d
                                                                                                                                  0x00406290
                                                                                                                                  0x00406293
                                                                                                                                  0x00406297
                                                                                                                                  0x0040629a
                                                                                                                                  0x004062a0
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a5
                                                                                                                                  0x004062a5
                                                                                                                                  0x00406305
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x00406310
                                                                                                                                  0x00406310
                                                                                                                                  0x00406313
                                                                                                                                  0x00406316
                                                                                                                                  0x0040631a
                                                                                                                                  0x0040695f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040695f
                                                                                                                                  0x00406320
                                                                                                                                  0x00406323
                                                                                                                                  0x00406326
                                                                                                                                  0x00406329
                                                                                                                                  0x0040632c
                                                                                                                                  0x0040632f
                                                                                                                                  0x00406332
                                                                                                                                  0x00406334
                                                                                                                                  0x00406337
                                                                                                                                  0x0040633a
                                                                                                                                  0x0040633d
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x004064dc
                                                                                                                                  0x004064dc
                                                                                                                                  0x004064df
                                                                                                                                  0x004064df
                                                                                                                                  0x00000000
                                                                                                                                  0x004064df
                                                                                                                                  0x00406201
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ce
                                                                                                                                  0x0040693b
                                                                                                                                  0x004069b7
                                                                                                                                  0x004069bf
                                                                                                                                  0x004069c6
                                                                                                                                  0x004069c8
                                                                                                                                  0x004069cf
                                                                                                                                  0x004069d3
                                                                                                                                  0x004069d3
                                                                                                                                  0x004061d4
                                                                                                                                  0x004061d7
                                                                                                                                  0x004061da
                                                                                                                                  0x004061de
                                                                                                                                  0x004061e1
                                                                                                                                  0x004061e7
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061ec
                                                                                                                                  0x00000000
                                                                                                                                  0x004061ec
                                                                                                                                  0x00406278
                                                                                                                                  0x00406181
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fbe
                                                                                                                                  0x004069cc
                                                                                                                                  0x004069cc
                                                                                                                                  0x00000000
                                                                                                                                  0x004069cc
                                                                                                                                  0x00405fc4
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fcf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fd8
                                                                                                                                  0x00405fdb
                                                                                                                                  0x00405fde
                                                                                                                                  0x00405fe2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fe8
                                                                                                                                  0x00405feb
                                                                                                                                  0x00405fed
                                                                                                                                  0x00405fee
                                                                                                                                  0x00405ff1
                                                                                                                                  0x00405ff3
                                                                                                                                  0x00405ff4
                                                                                                                                  0x00405ff6
                                                                                                                                  0x00405ff9
                                                                                                                                  0x00405ffe
                                                                                                                                  0x00406003
                                                                                                                                  0x0040600c
                                                                                                                                  0x0040601f
                                                                                                                                  0x00406022
                                                                                                                                  0x0040602e
                                                                                                                                  0x00406056
                                                                                                                                  0x00406058
                                                                                                                                  0x00406066
                                                                                                                                  0x00406066
                                                                                                                                  0x0040606a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605d
                                                                                                                                  0x0040605e
                                                                                                                                  0x0040605e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x00406034
                                                                                                                                  0x00406039
                                                                                                                                  0x00406039
                                                                                                                                  0x00406042
                                                                                                                                  0x0040604a
                                                                                                                                  0x0040604d
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406070
                                                                                                                                  0x00406070
                                                                                                                                  0x00406074
                                                                                                                                  0x00406920
                                                                                                                                  0x00000000
                                                                                                                                  0x00406920
                                                                                                                                  0x0040607d
                                                                                                                                  0x0040608d
                                                                                                                                  0x00406090
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406096
                                                                                                                                  0x0040609a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040609c
                                                                                                                                  0x004060a2
                                                                                                                                  0x004060cc
                                                                                                                                  0x004060d2
                                                                                                                                  0x004060d9
                                                                                                                                  0x00000000
                                                                                                                                  0x004060d9
                                                                                                                                  0x004060a8
                                                                                                                                  0x004060ab
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060bb
                                                                                                                                  0x004060c3
                                                                                                                                  0x004060c6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040610b
                                                                                                                                  0x00406111
                                                                                                                                  0x00406114
                                                                                                                                  0x00406121
                                                                                                                                  0x00406129
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e4
                                                                                                                                  0x0040692f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040692f
                                                                                                                                  0x004060f0
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fe
                                                                                                                                  0x00406101
                                                                                                                                  0x00406104
                                                                                                                                  0x00406109
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004063d0
                                                                                                                                  0x004063d4
                                                                                                                                  0x004063f2
                                                                                                                                  0x004063f5
                                                                                                                                  0x004063fc
                                                                                                                                  0x004063ff
                                                                                                                                  0x00406402
                                                                                                                                  0x00406405
                                                                                                                                  0x00406408
                                                                                                                                  0x0040640b
                                                                                                                                  0x0040640d
                                                                                                                                  0x00406414
                                                                                                                                  0x00406415
                                                                                                                                  0x00406417
                                                                                                                                  0x0040641a
                                                                                                                                  0x0040641d
                                                                                                                                  0x00406420
                                                                                                                                  0x00406420
                                                                                                                                  0x00406425
                                                                                                                                  0x00000000
                                                                                                                                  0x00406425
                                                                                                                                  0x004063d6
                                                                                                                                  0x004063d9
                                                                                                                                  0x004063dc
                                                                                                                                  0x004063e6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040643a
                                                                                                                                  0x0040643e
                                                                                                                                  0x00406461
                                                                                                                                  0x00406464
                                                                                                                                  0x00406467
                                                                                                                                  0x00406471
                                                                                                                                  0x00406440
                                                                                                                                  0x00406440
                                                                                                                                  0x00406443
                                                                                                                                  0x00406446
                                                                                                                                  0x00406449
                                                                                                                                  0x00406456
                                                                                                                                  0x00406459
                                                                                                                                  0x00406459
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040647d
                                                                                                                                  0x00406481
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406487
                                                                                                                                  0x0040648b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406491
                                                                                                                                  0x00406493
                                                                                                                                  0x00406497
                                                                                                                                  0x00406497
                                                                                                                                  0x0040649a
                                                                                                                                  0x0040649e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004064ee
                                                                                                                                  0x004064f2
                                                                                                                                  0x004064f9
                                                                                                                                  0x004064fc
                                                                                                                                  0x004064ff
                                                                                                                                  0x00406509
                                                                                                                                  0x00000000
                                                                                                                                  0x00406509
                                                                                                                                  0x004064f4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406515
                                                                                                                                  0x00406519
                                                                                                                                  0x00406520
                                                                                                                                  0x00406523
                                                                                                                                  0x00406526
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x00406529
                                                                                                                                  0x0040652c
                                                                                                                                  0x0040652f
                                                                                                                                  0x0040652f
                                                                                                                                  0x00406532
                                                                                                                                  0x00406535
                                                                                                                                  0x00406538
                                                                                                                                  0x00406538
                                                                                                                                  0x0040653b
                                                                                                                                  0x00406542
                                                                                                                                  0x00406547
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d9
                                                                                                                                  0x00406977
                                                                                                                                  0x00000000
                                                                                                                                  0x00406977
                                                                                                                                  0x004065df
                                                                                                                                  0x004065e2
                                                                                                                                  0x004065e5
                                                                                                                                  0x004065e9
                                                                                                                                  0x004065ec
                                                                                                                                  0x004065f2
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f7
                                                                                                                                  0x004065fa
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406658
                                                                                                                                  0x00406658
                                                                                                                                  0x0040665c
                                                                                                                                  0x00406983
                                                                                                                                  0x00000000
                                                                                                                                  0x00406983
                                                                                                                                  0x00406662
                                                                                                                                  0x00406665
                                                                                                                                  0x00406668
                                                                                                                                  0x0040666c
                                                                                                                                  0x0040666f
                                                                                                                                  0x00406675
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x0040667a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406428
                                                                                                                                  0x00406428
                                                                                                                                  0x0040642b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406767
                                                                                                                                  0x0040676b
                                                                                                                                  0x0040678d
                                                                                                                                  0x00406790
                                                                                                                                  0x0040679a
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679a
                                                                                                                                  0x0040676d
                                                                                                                                  0x00406770
                                                                                                                                  0x00406774
                                                                                                                                  0x00406777
                                                                                                                                  0x00406777
                                                                                                                                  0x0040677a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406824
                                                                                                                                  0x00406828
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x0040684d
                                                                                                                                  0x00406854
                                                                                                                                  0x0040685b
                                                                                                                                  0x0040685b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040685b
                                                                                                                                  0x0040682a
                                                                                                                                  0x0040682d
                                                                                                                                  0x00406830
                                                                                                                                  0x00406833
                                                                                                                                  0x0040683a
                                                                                                                                  0x0040677e
                                                                                                                                  0x0040677e
                                                                                                                                  0x00406781
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406915
                                                                                                                                  0x00406918
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040654f
                                                                                                                                  0x00406551
                                                                                                                                  0x00406558
                                                                                                                                  0x00406559
                                                                                                                                  0x0040655b
                                                                                                                                  0x0040655e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406566
                                                                                                                                  0x00406569
                                                                                                                                  0x0040656c
                                                                                                                                  0x0040656e
                                                                                                                                  0x00406570
                                                                                                                                  0x00406570
                                                                                                                                  0x00406571
                                                                                                                                  0x00406574
                                                                                                                                  0x0040657b
                                                                                                                                  0x0040657e
                                                                                                                                  0x0040658c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406862
                                                                                                                                  0x00406862
                                                                                                                                  0x00406865
                                                                                                                                  0x0040686c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406871
                                                                                                                                  0x00406871
                                                                                                                                  0x00406875
                                                                                                                                  0x004069ad
                                                                                                                                  0x00000000
                                                                                                                                  0x004069ad
                                                                                                                                  0x0040687b
                                                                                                                                  0x0040687e
                                                                                                                                  0x00406881
                                                                                                                                  0x00406885
                                                                                                                                  0x00406888
                                                                                                                                  0x0040688e
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406893
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406899
                                                                                                                                  0x00406899
                                                                                                                                  0x0040689d
                                                                                                                                  0x004068fd
                                                                                                                                  0x00406900
                                                                                                                                  0x00406905
                                                                                                                                  0x00406906
                                                                                                                                  0x00406908
                                                                                                                                  0x0040690a
                                                                                                                                  0x0040690d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040690d
                                                                                                                                  0x0040689f
                                                                                                                                  0x004068a5
                                                                                                                                  0x004068a8
                                                                                                                                  0x004068ab
                                                                                                                                  0x004068ae
                                                                                                                                  0x004068b1
                                                                                                                                  0x004068b4
                                                                                                                                  0x004068b7
                                                                                                                                  0x004068ba
                                                                                                                                  0x004068bd
                                                                                                                                  0x004068c0
                                                                                                                                  0x004068d9
                                                                                                                                  0x004068dc
                                                                                                                                  0x004068df
                                                                                                                                  0x004068e2
                                                                                                                                  0x004068e6
                                                                                                                                  0x004068e8
                                                                                                                                  0x004068e8
                                                                                                                                  0x004068e9
                                                                                                                                  0x004068ec
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068ca
                                                                                                                                  0x004068cf
                                                                                                                                  0x004068d1
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068ef
                                                                                                                                  0x004068f6
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x00000000
                                                                                                                                  0x00406594
                                                                                                                                  0x00406597
                                                                                                                                  0x004065cd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x00406700
                                                                                                                                  0x00406700
                                                                                                                                  0x00406703
                                                                                                                                  0x00406705
                                                                                                                                  0x0040698f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040698f
                                                                                                                                  0x0040670b
                                                                                                                                  0x0040670e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406714
                                                                                                                                  0x00406718
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671b
                                                                                                                                  0x00406599
                                                                                                                                  0x0040659b
                                                                                                                                  0x0040659d
                                                                                                                                  0x0040659f
                                                                                                                                  0x004065a2
                                                                                                                                  0x004065a3
                                                                                                                                  0x004065a5
                                                                                                                                  0x004065a7
                                                                                                                                  0x004065aa
                                                                                                                                  0x004065ad
                                                                                                                                  0x004065c3
                                                                                                                                  0x004065c8
                                                                                                                                  0x00406600
                                                                                                                                  0x00406600
                                                                                                                                  0x00406604
                                                                                                                                  0x00406630
                                                                                                                                  0x00406632
                                                                                                                                  0x00406639
                                                                                                                                  0x0040663c
                                                                                                                                  0x0040663f
                                                                                                                                  0x0040663f
                                                                                                                                  0x00406644
                                                                                                                                  0x00406644
                                                                                                                                  0x00406646
                                                                                                                                  0x00406649
                                                                                                                                  0x00406650
                                                                                                                                  0x00406653
                                                                                                                                  0x00406680
                                                                                                                                  0x00406680
                                                                                                                                  0x00406683
                                                                                                                                  0x00406686
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x00000000
                                                                                                                                  0x004066fa
                                                                                                                                  0x00406688
                                                                                                                                  0x0040668e
                                                                                                                                  0x00406691
                                                                                                                                  0x00406694
                                                                                                                                  0x00406697
                                                                                                                                  0x0040669a
                                                                                                                                  0x0040669d
                                                                                                                                  0x004066a0
                                                                                                                                  0x004066a3
                                                                                                                                  0x004066a6
                                                                                                                                  0x004066a9
                                                                                                                                  0x004066c2
                                                                                                                                  0x004066c4
                                                                                                                                  0x004066c7
                                                                                                                                  0x004066c8
                                                                                                                                  0x004066cb
                                                                                                                                  0x004066cd
                                                                                                                                  0x004066d0
                                                                                                                                  0x004066d2
                                                                                                                                  0x004066d4
                                                                                                                                  0x004066d7
                                                                                                                                  0x004066d9
                                                                                                                                  0x004066dc
                                                                                                                                  0x004066e0
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e3
                                                                                                                                  0x004066e6
                                                                                                                                  0x004066e9
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066b3
                                                                                                                                  0x004066b8
                                                                                                                                  0x004066ba
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066ec
                                                                                                                                  0x004066f3
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x004066f3
                                                                                                                                  0x00406606
                                                                                                                                  0x00406609
                                                                                                                                  0x0040660b
                                                                                                                                  0x0040660e
                                                                                                                                  0x00406611
                                                                                                                                  0x00406614
                                                                                                                                  0x00406616
                                                                                                                                  0x00406619
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661f
                                                                                                                                  0x0040661f
                                                                                                                                  0x00406622
                                                                                                                                  0x00406629
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00406629
                                                                                                                                  0x004065af
                                                                                                                                  0x004065b2
                                                                                                                                  0x004065b4
                                                                                                                                  0x004065b7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a5
                                                                                                                                  0x0040696b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040696b
                                                                                                                                  0x004064ab
                                                                                                                                  0x004064ae
                                                                                                                                  0x004064b1
                                                                                                                                  0x004064b4
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b9
                                                                                                                                  0x004064bc
                                                                                                                                  0x004064bf
                                                                                                                                  0x004064c2
                                                                                                                                  0x004064c5
                                                                                                                                  0x004064c8
                                                                                                                                  0x004064c9
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064ce
                                                                                                                                  0x004064d1
                                                                                                                                  0x004064d4
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064da
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x00406722
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406728
                                                                                                                                  0x0040672b
                                                                                                                                  0x0040672e
                                                                                                                                  0x00406731
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406736
                                                                                                                                  0x00406739
                                                                                                                                  0x0040673c
                                                                                                                                  0x0040673f
                                                                                                                                  0x00406742
                                                                                                                                  0x00406745
                                                                                                                                  0x00406746
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x0040674b
                                                                                                                                  0x0040674e
                                                                                                                                  0x00406751
                                                                                                                                  0x00406754
                                                                                                                                  0x00406757
                                                                                                                                  0x0040675b
                                                                                                                                  0x0040675d
                                                                                                                                  0x00406760
                                                                                                                                  0x00000000
                                                                                                                                  0x00406762
                                                                                                                                  0x00000000
                                                                                                                                  0x00406762
                                                                                                                                  0x00406760
                                                                                                                                  0x00406995
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                                                  • Instruction ID: 7fe690cacb8e5da35aefc448adc87e2f65dc6f56ff44dc44b78e187fa59068bd
                                                                                                                                  • Opcode Fuzzy Hash: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                                                  • Instruction Fuzzy Hash: 70F16871D00229CBDF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00405E88 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00405E88(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409220);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409224));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                                                                  0x00405e90
                                                                                                                                  0x00405e93
                                                                                                                                  0x00405e9a
                                                                                                                                  0x00405ea2
                                                                                                                                  0x00405eaf
                                                                                                                                  0x00000000
                                                                                                                                  0x00405eb6
                                                                                                                                  0x00405ea5
                                                                                                                                  0x00405ead
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405ebe

                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                  • LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 310444273-0
                                                                                                                                  • Opcode ID: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                                                  • Instruction ID: 91087f9554edebef2dfdad95906e97f440013226b38390424b9c6ad62026e406
                                                                                                                                  • Opcode Fuzzy Hash: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                                                  • Instruction Fuzzy Hash: 0FE08C32A08511BBD3115B30ED0896B77A8EA89B41304083EF959F6290D734EC119BFA
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00405E61 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00405E61(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224f0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2); // executed
				return 0x4224f0;
			}




                                                                                                                                  0x00405e6c
                                                                                                                                  0x00405e75
                                                                                                                                  0x00000000
                                                                                                                                  0x00405e82
                                                                                                                                  0x00405e78
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • FindFirstFileA.KERNELBASE(?,004224F0,004218A8,0040577D,004218A8,004218A8,00000000,004218A8,004218A8,?,?,76DDF560,0040549F,?,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,76DDF560), ref: 00405E6C
                                                                                                                                  • FindClose.KERNELBASE(00000000), ref: 00405E78
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                  • Opcode ID: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                                                  • Instruction ID: f2fe444ddfa45285d6a9eb51d657c4c39712a0d2250b7f8498e11f87d01b5aa3
                                                                                                                                  • Opcode Fuzzy Hash: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                                                  • Instruction Fuzzy Hash: 26D012359495206FC7001738AD0C85B7A58EF553347508B32F969F62E0C7B4AD51DAED
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C1E2F Relevance: 111.0, APIs: 51, Strings: 12, Instructions: 714COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                  			E031C1E2F() {
				signed char _v6;
				signed int _v7;
				signed int _v8;
				signed int* _v12;
				int _v16;
				signed int _v20;
				struct tagRECT _v36;
				struct HWND__* _v40;
				char _v41;
				void* _v48;
				struct HDC__* _v52;
				signed int _v56;
				struct HRGN__* _v60;
				int _v64;
				int _v68;
				int _v72;
				void* _v76;
				int _v80;
				long _v84;
				struct HWND__* _v88;
				signed int _v104;
				signed int _v108;
				void _v112;
				struct tagRECT _v128;
				int _v136;
				int _v140;
				int _v156;
				short _v158;
				short _v160;
				signed int _v164;
				signed int _v168;
				struct tagBITMAPINFO _v172;
				char _v236;
				char _v300;
				signed int _t254;
				signed int _t259;
				CHAR* _t260;
				signed int _t261;
				signed int _t262;
				struct HWND__* _t265;
				void* _t266;
				void* _t267;
				int _t269;
				int _t270;
				signed int _t271;
				struct HWND__* _t273;
				int _t282;
				signed int _t287;
				signed int _t291;
				signed int _t293;
				int _t294;
				CHAR* _t297;
				signed int _t298;
				signed int _t302;
				signed int _t303;
				struct HWND__* _t310;
				CHAR* _t319;
				long _t330;
				long _t331;
				signed int _t334;
				long _t335;
				long _t336;
				void* _t341;
				signed int _t352;
				int _t353;
				signed int _t356;
				signed int _t360;
				struct HDC__* _t363;
				int _t376;
				struct HRGN__* _t377;
				signed int _t387;
				int _t397;
				struct HWND__* _t405;
				CHAR** _t408;
				int _t410;
				signed int _t414;
				signed int _t420;
				CHAR* _t423;
				int _t425;
				int _t426;
				long _t431;
				signed int _t432;
				struct HWND__* _t442;
				void* _t443;
				int _t444;
				CHAR* _t451;
				CHAR* _t453;
				CHAR* _t454;
				signed int _t457;
				void* _t461;

				_t405 =  *0x31c67c8; // 0xa038c
				_v88 = _t405;
				 *0x31c6684 = 0;
				 *0x31c67b8 = 0;
				if(_t405 != 0) {
					_t254 =  *0x31c6818; // 0x40af70
					__eflags = _t254;
					if(_t254 == 0) {
						L138:
						E031C2ABB(0);
						_push("error finding config");
						goto L139;
					}
					_t259 =  *_t254;
					__eflags = _t259;
					if(_t259 == 0) {
						goto L138;
					}
					_t260 = _t259 + 4;
					__eflags = _t260;
					 *0x31c67e0 = _t260;
					if(_t260 == 0) {
						goto L138;
					}
					__eflags =  *_t260;
					if(__eflags == 0) {
						goto L138;
					}
					_t261 = E031C1410(__eflags);
					__eflags = _t261;
					if(_t261 == 0) {
						goto L138;
					}
					_t262 = GetDlgItem(_t405,  *0x31c6808);
					__eflags = _t262;
					_v40 = _t262;
					if(_t262 != 0) {
						 *0x31c67cc = GetDlgItem(_t405, 2);
						 *0x31c67d0 = GetDlgItem(_t405, 1);
						_t265 = GetDlgItem(_t405, 3);
						_push( *0x31c67e8);
						 *0x31c67d4 = _t265;
						_t266 = E031C1087(_t265,  *0x31c67cc);
						_push( *0x31c67ec);
						_t267 = E031C1087(_t266,  *0x31c67d0);
						_push( *0x31c67f0);
						E031C1087(_t267,  *0x31c67d4);
						_t269 =  *0x31c67f4; // 0x0
						__eflags = _t269 - 0xffffffff;
						if(_t269 != 0xffffffff) {
							EnableWindow( *0x31c67d4, _t269);
						}
						_t270 =  *0x31c67f8; // 0xffffffff
						__eflags = _t270 - 0xffffffff;
						if(_t270 != 0xffffffff) {
							EnableWindow( *0x31c67cc, _t270);
							__eflags =  *0x31c67f8; // 0xffffffff
							if(__eflags == 0) {
								_push(1);
							} else {
								_push(0);
							}
							EnableMenuItem(GetSystemMenu(_t405, 0), 0xf060, ??);
						}
						_t271 =  *0x31c67fc; // 0xffffffff
						__eflags = _t271 - 0xffffffff;
						if(_t271 != 0xffffffff) {
							asm("sbb eax, eax");
							_t397 =  ~_t271 & 0x00000008;
							__eflags = _t397;
							 *0x31c66ac = ShowWindow( *0x31c67cc, _t397);
						}
						_v84 = SendMessageA(_t405, 0x31, 0, 0);
						 *0x31c6680 = 1; // executed
						_t273 = CreateDialogParamA( *0x31c67d8, 0x65, _t405, E031C1B09, 0); // executed
						__eflags = _t273;
						 *0x31c67c4 = _t273;
						if(_t273 == 0) {
							E031C2ABB(0);
							E031C2AFB("error creating dialog");
							return 1;
						} else {
							GetWindowRect(_v40,  &_v36);
							MapWindowPoints(0, _t405,  &_v36, 2);
							_t410 = _v36.bottom - _v36.top;
							_t282 = _v36.right - _v36.left;
							_v64 = _t282;
							_v80 = _t410;
							SetWindowPos( *0x31c67c4, 0, _v36.left, _v36.top, _t282, _t410, 0x14);
							SendMessageA( *0x31c67c4, 0x30, _v84, 1);
							__eflags =  *0x31c680c; // 0x5
							_v68 = 0;
							_v72 = 0;
							_v56 = 0;
							if(__eflags <= 0) {
								L135:
								_t285 = E031C1071( *0x31c67d0);
								L136:
								_push( *0x31c67e4);
								E031C1087(_t285, _v88);
								_t287 =  *0x31c6818; // 0x40af70
								 *0x31c67dc =  *_t287;
								 *_t287 =  *((intOrPtr*)( *_t287));
								wsprintfA(0x31c6688, "%d",  *0x31c67c4);
								E031C2AFB(0x31c6688);
								return 0;
							} else {
								goto L20;
							}
							do {
								L20:
								_t408 = _v56 * 0x54 +  *0x31c6804;
								_t291 = _t408[8];
								__eflags = _t291 - 1;
								if(_t291 < 1) {
									goto L133;
								}
								__eflags = _t291 - 0x10;
								if(_t291 > 0x10) {
									goto L133;
								}
								_t293 = _t291 + _t291 * 4 << 2;
								__eflags =  *0x31c6800;
								if( *0x31c6800 == 0) {
									_t414 =  *((intOrPtr*)(_t293 + 0x31c4160));
									_t294 =  *((intOrPtr*)(_t293 + 0x31c4168));
								} else {
									_t414 =  *((intOrPtr*)(_t293 + 0x31c4164));
									_t294 =  *((intOrPtr*)(_t293 + 0x31c416c));
								}
								asm("movsd");
								asm("movsd");
								_v16 = _t294;
								asm("movsd");
								_v8 = _t414;
								asm("movsd");
								MapDialogRect(_v88,  &_v36);
								__eflags = _t408[9];
								if(_t408[9] < 0) {
									_t35 =  &_v36;
									 *_t35 = _v36.left + _v64;
									__eflags =  *_t35;
								}
								__eflags = _t408[0xb];
								if(_t408[0xb] < 0) {
									_t39 =  &(_v36.right);
									 *_t39 = _v36.right + _v64;
									__eflags =  *_t39;
								}
								__eflags = _t408[0xa];
								if(_t408[0xa] < 0) {
									_t43 =  &(_v36.top);
									 *_t43 = _v36.top + _v80;
									__eflags =  *_t43;
								}
								__eflags = _t408[0xc];
								if(_t408[0xc] < 0) {
									_t47 =  &(_v36.bottom);
									 *_t47 = _v36.bottom + _v80;
									__eflags =  *_t47;
								}
								__eflags =  *0x31c6800; // 0x0
								if(__eflags != 0) {
									_v36.right = _v64 - _v36.left;
									_t431 = _v64 - _v36.right;
									__eflags = _t431;
									_v36.left = _t431;
								}
								_t297 = _t408[8];
								_t451 =  *_t408;
								__eflags = _t297 - 0xe;
								if(_t297 > 0xe) {
									_t298 = _t297 - 0xf;
									__eflags = _t298;
									if(_t298 == 0) {
										_t451 = _t408[1];
										_t302 = (_t408[0xd] & 0x00004000 | 0x00000080) >> 0xe;
										__eflags = _t302;
										L59:
										_t89 =  &_v8;
										 *_t89 = _v8 | _t302;
										__eflags =  *_t89;
										goto L60;
									}
									__eflags = _t298 != 1;
									if(_t298 != 1) {
										goto L60;
									}
									_t302 = _t408[0xd] & 0x00000809;
									goto L59;
								} else {
									__eflags = _t297 - 0xc;
									if(_t297 >= 0xc) {
										_t387 = _t408[0xd];
										__eflags = _t387 & 0x00000040;
										if((_t387 & 0x00000040) != 0) {
											_t62 =  &_v8;
											 *_t62 = _v8 | 0x00000020;
											__eflags =  *_t62;
										}
										__eflags = _t387;
										if(_t387 < 0) {
											_t64 =  &_v7;
											 *_t64 = _v7 | 0x00000020;
											__eflags =  *_t64;
										}
										__eflags = _t387 & 0x00000004;
										if((_t387 & 0x00000004) != 0) {
											_t68 =  &_v7;
											 *_t68 = _v7 | 0x00000010;
											__eflags =  *_t68;
										}
										__eflags = _t387 & 0x00000010;
										if((_t387 & 0x00000010) != 0) {
											_t72 =  &_v7;
											 *_t72 = _v7 | 0x00000008;
											__eflags =  *_t72;
										}
										_t451 = _t408[1];
										__eflags = _t387 & 0x00000001;
										if((_t387 & 0x00000001) == 0) {
											L60:
											_t303 = _t408[0xd];
											_v8 = _v8 | _t303 & 0x08320000;
											__eflags = _t303 & 0x00010000;
											if((_t303 & 0x00010000) != 0) {
												_t96 =  &_v6;
												 *_t96 = _v6 & 0x000000fe;
												__eflags =  *_t96;
											}
											_t310 = CreateWindowExA(_v16,  *(0x31c415c + (_t408[8] + _t408[8] * 4) * 4), _t451, _v8, _v36.left, _v36.top, _v36.right - _v36.left, _v36.bottom - _v36.top,  *0x31c67c4, _t408[0xf],  *0x31c67d8, 0); // executed
											_t442 = _t310;
											_v40 = _t442;
											_t408[0xe] = _t442;
											wsprintfA( &_v300, "Field %d", _t408[0x12]);
											wsprintfA( &_v236, "%d", _t442);
											_t461 = _t461 + 0x18;
											WritePrivateProfileStringA( &_v300, _t408[0x13],  &_v236,  *0x31c67e0); // executed
											__eflags = _t442;
											if(_t442 == 0) {
												goto L133;
											} else {
												SendMessageA(_t442, 0x30, _v84, 1);
												_t319 = _t408[8];
												__eflags = _t319 - 0xb;
												if(_t319 > 0xb) {
													__eflags = _t319 - 0xc;
													if(_t319 < 0xc) {
														L123:
														__eflags = _v72;
														if(_v72 != 0) {
															L131:
															__eflags = (_t408[0xd] & 0x00000110) - 0x110;
															if((_t408[0xd] & 0x00000110) == 0x110) {
																_push(_t408[1]);
																E031C1087(0x110, _t442);
															}
															goto L133;
														}
														__eflags = (_v8 & 0x08010000) - 0x10000;
														if((_v8 & 0x08010000) != 0x10000) {
															goto L131;
														}
														__eflags = _t408[8] - 0xa;
														if(_t408[8] < 0xa) {
															goto L131;
														}
														__eflags = _t408[0xd] & 0x00000010;
														if((_t408[0xd] & 0x00000010) != 0) {
															_v72 = 1;
														}
														__eflags = _v68;
														if(_v68 == 0) {
															L130:
															_v68 = 1;
															E031C1071(_t442);
															goto L131;
														} else {
															__eflags = _v72;
															if(_v72 == 0) {
																goto L131;
															}
															goto L130;
														}
													}
													__eflags = _t319 - 0xe;
													if(_t319 <= 0xe) {
														SendMessageA(_t442, 0xc5, _t408[7], 0);
														__eflags = _v7 & 0x00000020;
														if((_v7 & 0x00000020) != 0) {
															_t408[0x14] = GetWindowLongA(_t442, 0xfffffffc);
															SetWindowLongA(_t442, 0xfffffffc, E031C1D4E);
														}
														goto L123;
													}
													__eflags = _t319 - 0x10;
													if(_t319 > 0x10) {
														goto L123;
													}
													_t420 = _t408[3];
													__eflags = _t420;
													if(_t420 == 0) {
														goto L123;
													}
													__eflags = _t319 - 0xf;
													if(_t319 != 0xf) {
														_v40 = 0x180;
														_v16 = 0x1a2;
														_v52 = 0x186;
													} else {
														_v40 = 0x143;
														_v16 = 0x158;
														_v52 = 0x14e;
													}
													_t328 = E031C101F(_t420);
													__eflags =  *_t328;
													_v76 = _t328;
													_t453 = _t328;
													_v12 = _t328;
													if( *_t328 == 0) {
														L105:
														E031C100F(_t328, _v76);
														_t330 = _t408[1];
														__eflags = _t330;
														if(_t330 == 0) {
															goto L123;
														}
														__eflags = _t408[0xd] & 0x00000808;
														if((_t408[0xd] & 0x00000808) == 0) {
															L118:
															_t331 = SendMessageA(_t442, _v16, 0xffffffff, _t330);
															__eflags = _t331 - 0xffffffff;
															if(_t331 == 0xffffffff) {
																goto L123;
															}
															_push(0);
															_push(_t331);
															_push(_v52);
															L120:
															SendMessageA(_t442, ??, ??, ??);
															goto L123;
														}
														__eflags = _v16 - 0x1a2;
														if(_v16 != 0x1a2) {
															goto L118;
														}
														SendMessageA(_t442, 0x185, 0, 0xffffffff);
														_t454 = _t408[1];
														while(1) {
															_v12 = _t454;
															while(1) {
																L110:
																_t334 =  *_t454;
																__eflags = _t334 - 0x7c;
																_v41 = _t334;
																if(_t334 == 0x7c) {
																	break;
																}
																__eflags = _t334;
																if(_t334 == 0) {
																	break;
																}
																_t454 = CharNextA(_t454);
															}
															_t335 = _v12;
															 *_t454 =  *_t454 & 0x00000000;
															__eflags =  *_t335;
															if( *_t335 != 0) {
																_t336 = SendMessageA(_t442, 0x1a2, 0xffffffff, _t335);
																__eflags = _t336 - 0xffffffff;
																if(_t336 != 0xffffffff) {
																	SendMessageA(_t442, 0x185, 1, _t336);
																}
															}
															__eflags = _v41;
															if(_v41 == 0) {
																goto L123;
															} else {
																_t454 =  &(_t454[1]);
																_v12 = _t454;
																goto L110;
															}
														}
													} else {
														do {
															__eflags =  *_t453 - 0x7c;
															if( *_t453 != 0x7c) {
																_t453 = CharNextA(_t453);
															} else {
																_t328 = _v12;
																 *_t453 =  *_t453 & 0x00000000;
																__eflags =  *_t328;
																if( *_t328 != 0) {
																	_t328 = SendMessageA(_t442, _v40, 0, _t328);
																}
																_t453 =  &(_t453[1]);
																_v12 = _t453;
															}
															__eflags =  *_t453;
														} while ( *_t453 != 0);
														goto L105;
													}
												}
												__eflags = _t319 - 0xa;
												if(_t319 >= 0xa) {
													__eflags =  *(_t408[1]) - 0x31;
													if( *(_t408[1]) != 0x31) {
														goto L123;
													}
													_push(0);
													_push(1);
													_push(0xf1);
													goto L120;
												}
												__eflags = _t319 - 4;
												if(_t319 < 4) {
													goto L123;
												}
												__eflags = _t319 - 5;
												if(_t319 <= 5) {
													__eflags = _t319 - 5;
													_v16 = 0 | _t319 != 0x00000005;
													_t423 =  *_t408;
													__eflags = _t423;
													if(_t423 == 0) {
														_t341 = LoadIconA(GetModuleHandleA(0), 0x67);
													} else {
														asm("sbb edx, edx");
														_t432 = _v36.right - _v36.left;
														asm("sbb eax, eax");
														_t341 = LoadImageA( *0x31c67d8, _t423, _v16,  ~(_t408[0xd] & 0x00008000) & _t432,  ~(_t408[0xd] & 0x00008000) & _v36.bottom - _v36.top, 0x10); // executed
														_t408[0x11] = _t341;
													}
													__eflags = _t408[0xd] & 0x00000020;
													_v48 = _t341;
													if((_t408[0xd] & 0x00000020) == 0) {
														L87:
														SendMessageA(_t442, 0x172, _v16, _v48); // executed
														__eflags = _t408[8] - 5;
														if(_t408[8] == 5) {
															GetClientRect(_t442,  &_v128);
															asm("cdq");
															_t425 = _v36.right - _v128.right + _v36 - _t432 >> 1;
															_v128.left = _t425;
															asm("cdq");
															_t352 = _v36.bottom - _v128.bottom + _v36.top - _t432;
															_t432 = 0;
															_t353 = _t352 >> 1;
															_v128.top = _t353;
															SetWindowPos(_t442, 0, _t425, _t353, 0, 0, 0x15);
														}
														goto L123;
													} else {
														__eflags = _v16;
														if(_v16 != 0) {
															goto L87;
														}
														_t356 = GetObjectA(_v48, 0x18,  &_v112);
														__eflags = _t356;
														if(_t356 == 0) {
															goto L87;
														}
														_t360 = E031C1000(_v104 * _v108 << 2);
														__eflags = _t360;
														_v12 = _t360;
														if(_t360 == 0) {
															goto L87;
														}
														_v164 = _v104;
														_v158 = 0x20;
														_v156 = 0;
														_v160 = 1;
														_v172.bmiHeader = 0x28;
														_v168 = _v108;
														_v140 = 0;
														_v136 = 0;
														_t363 = CreateCompatibleDC(0);
														_v52 = _t363;
														SelectObject(_t363, _v48);
														_t443 = _v12;
														GetDIBits(_v52, _v48, 0, _v104, _t443,  &_v172, 0);
														_v60 = CreateRectRgn(0, 0, _v108, _v104);
														_t457 =  *_t443 & 0x00ffffff;
														_t444 = _v104 - 1;
														__eflags = _t444;
														if(_t444 < 0) {
															L86:
															SetWindowRgn(_v40, _v60, 1);
															DeleteObject(_v60);
															E031C100F(DeleteObject(_v52), _v12);
															_t442 = _v40;
															goto L87;
														} else {
															goto L77;
														}
														do {
															L77:
															_t426 = _v108;
															_v20 = _v20 & 0x00000000;
															__eflags = _t426;
															if(_t426 <= 0) {
																goto L85;
															} else {
																goto L78;
															}
															do {
																L78:
																__eflags = ( *_v12 & 0x00ffffff) - _t457;
																if(( *_v12 & 0x00ffffff) != _t457) {
																	_v12 =  &(_v12[1]);
																	_t184 =  &_v20;
																	 *_t184 = _v20 + 1;
																	__eflags =  *_t184;
																	goto L84;
																}
																_t376 = _v20;
																__eflags = _t376 - _t426;
																if(_t376 >= _t426) {
																	L82:
																	_t377 = CreateRectRgn(_t376, _t444, _v20, _t444 + 1);
																	_v76 = _t377;
																	CombineRgn(_v60, _v60, _t377, 3);
																	DeleteObject(_v76);
																	goto L84;
																} else {
																	goto L80;
																}
																while(1) {
																	L80:
																	_t432 =  *_v12 & 0x00ffffff;
																	__eflags = _t432 - _t457;
																	if(_t432 != _t457) {
																		goto L82;
																	}
																	_v12 = _v12 + 4;
																	_v20 = _v20 + 1;
																	__eflags = _v20 - _t426;
																	if(_v20 < _t426) {
																		continue;
																	}
																	goto L82;
																}
																goto L82;
																L84:
																_t426 = _v108;
																__eflags = _v20 - _t426;
															} while (_v20 < _t426);
															L85:
															_t444 = _t444 - 1;
															__eflags = _t444;
														} while (_t444 >= 0);
														goto L86;
													}
												}
												__eflags = _t319 - 7;
												if(_t319 == 7) {
													_t408[0x10] = SetWindowLongA(_t442, 0xfffffffc, E031C1C53);
												}
												goto L123;
											}
										} else {
											_v8 = _v8 | 0x00000044;
											__eflags = _t387 & 0x00100200;
											if((_t387 & 0x00100200) == 0) {
												_t81 =  &_v8;
												 *_t81 = _v8 & 0x0000007f;
												__eflags =  *_t81;
											}
											E031C2A54(_t451);
											__eflags = _t408[0xd] & 0x00000010;
											if((_t408[0xd] & 0x00000010) != 0) {
												L54:
												_t451 = 0;
											}
											goto L60;
										}
									}
									__eflags = _t297 - 4;
									if(_t297 < 4) {
										goto L60;
									}
									__eflags = _t297 - 5;
									if(_t297 <= 5) {
										goto L54;
									}
									__eflags = _t297 - 9;
									if(_t297 > 9) {
										__eflags = _t297 - 0xb;
										if(_t297 <= 0xb) {
											_v8 = _v8 ^ _t408[0xd] & 0x00000020;
										}
									}
									goto L60;
								}
								L133:
								_v56 = _v56 + 1;
								__eflags = _v56 -  *0x31c680c; // 0x5
							} while (__eflags < 0);
							__eflags = _v68;
							if(_v68 != 0) {
								goto L136;
							}
							goto L135;
						}
					} else {
						E031C2ABB(0);
						_push("error finding childwnd");
						goto L139;
					}
				} else {
					E031C2ABB(0);
					_push("error finding mainwnd");
					L139:
					E031C2AFB();
					return 1;
				}
			}





























































































                                                                                                                                  0x031c1e39
                                                                                                                                  0x031c1e43
                                                                                                                                  0x031c1e48
                                                                                                                                  0x031c1e4e
                                                                                                                                  0x031c1e54
                                                                                                                                  0x031c1e66
                                                                                                                                  0x031c1e6b
                                                                                                                                  0x031c1e6d
                                                                                                                                  0x031c271a
                                                                                                                                  0x031c271b
                                                                                                                                  0x031c2720
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2720
                                                                                                                                  0x031c1e73
                                                                                                                                  0x031c1e75
                                                                                                                                  0x031c1e77
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1e7d
                                                                                                                                  0x031c1e80
                                                                                                                                  0x031c1e82
                                                                                                                                  0x031c1e87
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1e8d
                                                                                                                                  0x031c1e90
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1e96
                                                                                                                                  0x031c1e9b
                                                                                                                                  0x031c1e9d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1eb0
                                                                                                                                  0x031c1eb2
                                                                                                                                  0x031c1eb4
                                                                                                                                  0x031c1eb7
                                                                                                                                  0x031c1ed1
                                                                                                                                  0x031c1edb
                                                                                                                                  0x031c1ee0
                                                                                                                                  0x031c1ee2
                                                                                                                                  0x031c1ee8
                                                                                                                                  0x031c1ef3
                                                                                                                                  0x031c1ef8
                                                                                                                                  0x031c1f04
                                                                                                                                  0x031c1f09
                                                                                                                                  0x031c1f15
                                                                                                                                  0x031c1f1a
                                                                                                                                  0x031c1f25
                                                                                                                                  0x031c1f28
                                                                                                                                  0x031c1f31
                                                                                                                                  0x031c1f31
                                                                                                                                  0x031c1f33
                                                                                                                                  0x031c1f38
                                                                                                                                  0x031c1f3b
                                                                                                                                  0x031c1f44
                                                                                                                                  0x031c1f46
                                                                                                                                  0x031c1f4c
                                                                                                                                  0x031c1f51
                                                                                                                                  0x031c1f4e
                                                                                                                                  0x031c1f4e
                                                                                                                                  0x031c1f4e
                                                                                                                                  0x031c1f61
                                                                                                                                  0x031c1f61
                                                                                                                                  0x031c1f67
                                                                                                                                  0x031c1f6c
                                                                                                                                  0x031c1f6f
                                                                                                                                  0x031c1f73
                                                                                                                                  0x031c1f75
                                                                                                                                  0x031c1f75
                                                                                                                                  0x031c1f85
                                                                                                                                  0x031c1f85
                                                                                                                                  0x031c1fa6
                                                                                                                                  0x031c1fa9
                                                                                                                                  0x031c1faf
                                                                                                                                  0x031c1fb5
                                                                                                                                  0x031c1fb7
                                                                                                                                  0x031c1fbc
                                                                                                                                  0x031c2707
                                                                                                                                  0x031c2711
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1fc2
                                                                                                                                  0x031c1fc9
                                                                                                                                  0x031c1fd7
                                                                                                                                  0x031c1fe3
                                                                                                                                  0x031c1fe6
                                                                                                                                  0x031c1ff0
                                                                                                                                  0x031c1ff3
                                                                                                                                  0x031c2000
                                                                                                                                  0x031c2012
                                                                                                                                  0x031c2017
                                                                                                                                  0x031c201d
                                                                                                                                  0x031c2020
                                                                                                                                  0x031c2023
                                                                                                                                  0x031c2026
                                                                                                                                  0x031c26b6
                                                                                                                                  0x031c26bc
                                                                                                                                  0x031c26c1
                                                                                                                                  0x031c26c1
                                                                                                                                  0x031c26ca
                                                                                                                                  0x031c26cf
                                                                                                                                  0x031c26db
                                                                                                                                  0x031c26e5
                                                                                                                                  0x031c26f3
                                                                                                                                  0x031c26fd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c202c
                                                                                                                                  0x031c202c
                                                                                                                                  0x031c2032
                                                                                                                                  0x031c2038
                                                                                                                                  0x031c203b
                                                                                                                                  0x031c203e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2044
                                                                                                                                  0x031c2047
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2050
                                                                                                                                  0x031c2053
                                                                                                                                  0x031c205a
                                                                                                                                  0x031c206a
                                                                                                                                  0x031c2070
                                                                                                                                  0x031c205c
                                                                                                                                  0x031c205c
                                                                                                                                  0x031c2062
                                                                                                                                  0x031c2062
                                                                                                                                  0x031c207c
                                                                                                                                  0x031c207d
                                                                                                                                  0x031c207e
                                                                                                                                  0x031c2084
                                                                                                                                  0x031c2086
                                                                                                                                  0x031c208c
                                                                                                                                  0x031c208d
                                                                                                                                  0x031c2093
                                                                                                                                  0x031c2097
                                                                                                                                  0x031c209c
                                                                                                                                  0x031c209c
                                                                                                                                  0x031c209c
                                                                                                                                  0x031c209c
                                                                                                                                  0x031c20a1
                                                                                                                                  0x031c20a4
                                                                                                                                  0x031c20a9
                                                                                                                                  0x031c20a9
                                                                                                                                  0x031c20a9
                                                                                                                                  0x031c20a9
                                                                                                                                  0x031c20ac
                                                                                                                                  0x031c20af
                                                                                                                                  0x031c20b4
                                                                                                                                  0x031c20b4
                                                                                                                                  0x031c20b4
                                                                                                                                  0x031c20b4
                                                                                                                                  0x031c20b7
                                                                                                                                  0x031c20ba
                                                                                                                                  0x031c20bf
                                                                                                                                  0x031c20bf
                                                                                                                                  0x031c20bf
                                                                                                                                  0x031c20bf
                                                                                                                                  0x031c20c2
                                                                                                                                  0x031c20c8
                                                                                                                                  0x031c20d3
                                                                                                                                  0x031c20d9
                                                                                                                                  0x031c20d9
                                                                                                                                  0x031c20db
                                                                                                                                  0x031c20db
                                                                                                                                  0x031c20de
                                                                                                                                  0x031c20e1
                                                                                                                                  0x031c20e3
                                                                                                                                  0x031c20e6
                                                                                                                                  0x031c215f
                                                                                                                                  0x031c215f
                                                                                                                                  0x031c2162
                                                                                                                                  0x031c2174
                                                                                                                                  0x031c217f
                                                                                                                                  0x031c217f
                                                                                                                                  0x031c2182
                                                                                                                                  0x031c2182
                                                                                                                                  0x031c2182
                                                                                                                                  0x031c2182
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2182
                                                                                                                                  0x031c2164
                                                                                                                                  0x031c2165
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c216a
                                                                                                                                  0x00000000
                                                                                                                                  0x031c20e8
                                                                                                                                  0x031c20e8
                                                                                                                                  0x031c20eb
                                                                                                                                  0x031c2114
                                                                                                                                  0x031c2117
                                                                                                                                  0x031c2119
                                                                                                                                  0x031c211b
                                                                                                                                  0x031c211b
                                                                                                                                  0x031c211b
                                                                                                                                  0x031c211b
                                                                                                                                  0x031c211f
                                                                                                                                  0x031c2121
                                                                                                                                  0x031c2123
                                                                                                                                  0x031c2123
                                                                                                                                  0x031c2123
                                                                                                                                  0x031c2123
                                                                                                                                  0x031c2127
                                                                                                                                  0x031c212a
                                                                                                                                  0x031c212c
                                                                                                                                  0x031c212c
                                                                                                                                  0x031c212c
                                                                                                                                  0x031c212c
                                                                                                                                  0x031c2130
                                                                                                                                  0x031c2132
                                                                                                                                  0x031c2134
                                                                                                                                  0x031c2134
                                                                                                                                  0x031c2134
                                                                                                                                  0x031c2134
                                                                                                                                  0x031c2138
                                                                                                                                  0x031c213b
                                                                                                                                  0x031c213e
                                                                                                                                  0x031c2185
                                                                                                                                  0x031c2185
                                                                                                                                  0x031c2190
                                                                                                                                  0x031c2193
                                                                                                                                  0x031c2198
                                                                                                                                  0x031c219a
                                                                                                                                  0x031c219a
                                                                                                                                  0x031c219a
                                                                                                                                  0x031c219a
                                                                                                                                  0x031c21d7
                                                                                                                                  0x031c21e6
                                                                                                                                  0x031c21f4
                                                                                                                                  0x031c21f7
                                                                                                                                  0x031c21fa
                                                                                                                                  0x031c2209
                                                                                                                                  0x031c220b
                                                                                                                                  0x031c2225
                                                                                                                                  0x031c222b
                                                                                                                                  0x031c222d
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2233
                                                                                                                                  0x031c223b
                                                                                                                                  0x031c2240
                                                                                                                                  0x031c2243
                                                                                                                                  0x031c2246
                                                                                                                                  0x031c24d8
                                                                                                                                  0x031c24db
                                                                                                                                  0x031c2647
                                                                                                                                  0x031c2649
                                                                                                                                  0x031c264c
                                                                                                                                  0x031c2687
                                                                                                                                  0x031c2691
                                                                                                                                  0x031c2693
                                                                                                                                  0x031c2695
                                                                                                                                  0x031c2699
                                                                                                                                  0x031c2699
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2693
                                                                                                                                  0x031c2656
                                                                                                                                  0x031c265b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c265d
                                                                                                                                  0x031c2661
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2663
                                                                                                                                  0x031c2667
                                                                                                                                  0x031c2669
                                                                                                                                  0x031c2669
                                                                                                                                  0x031c2670
                                                                                                                                  0x031c2673
                                                                                                                                  0x031c267a
                                                                                                                                  0x031c267b
                                                                                                                                  0x031c2682
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2675
                                                                                                                                  0x031c2675
                                                                                                                                  0x031c2678
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2678
                                                                                                                                  0x031c2673
                                                                                                                                  0x031c24e1
                                                                                                                                  0x031c24e4
                                                                                                                                  0x031c2622
                                                                                                                                  0x031c2627
                                                                                                                                  0x031c262b
                                                                                                                                  0x031c263e
                                                                                                                                  0x031c2641
                                                                                                                                  0x031c2641
                                                                                                                                  0x00000000
                                                                                                                                  0x031c262b
                                                                                                                                  0x031c24ea
                                                                                                                                  0x031c24ed
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c24f3
                                                                                                                                  0x031c24f6
                                                                                                                                  0x031c24f8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c24fe
                                                                                                                                  0x031c2501
                                                                                                                                  0x031c251a
                                                                                                                                  0x031c2521
                                                                                                                                  0x031c2528
                                                                                                                                  0x031c2503
                                                                                                                                  0x031c2503
                                                                                                                                  0x031c250a
                                                                                                                                  0x031c2511
                                                                                                                                  0x031c2511
                                                                                                                                  0x031c2530
                                                                                                                                  0x031c2535
                                                                                                                                  0x031c2538
                                                                                                                                  0x031c253b
                                                                                                                                  0x031c253d
                                                                                                                                  0x031c2540
                                                                                                                                  0x031c2572
                                                                                                                                  0x031c2575
                                                                                                                                  0x031c257a
                                                                                                                                  0x031c257d
                                                                                                                                  0x031c257f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2585
                                                                                                                                  0x031c258b
                                                                                                                                  0x031c25f8
                                                                                                                                  0x031c25ff
                                                                                                                                  0x031c2604
                                                                                                                                  0x031c2607
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2609
                                                                                                                                  0x031c260b
                                                                                                                                  0x031c260c
                                                                                                                                  0x031c260f
                                                                                                                                  0x031c2610
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2610
                                                                                                                                  0x031c258d
                                                                                                                                  0x031c2594
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c25a0
                                                                                                                                  0x031c25a5
                                                                                                                                  0x031c25a8
                                                                                                                                  0x031c25a8
                                                                                                                                  0x031c25ab
                                                                                                                                  0x031c25ab
                                                                                                                                  0x031c25ab
                                                                                                                                  0x031c25ad
                                                                                                                                  0x031c25af
                                                                                                                                  0x031c25b2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c25b4
                                                                                                                                  0x031c25b6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c25bf
                                                                                                                                  0x031c25bf
                                                                                                                                  0x031c25c3
                                                                                                                                  0x031c25c6
                                                                                                                                  0x031c25c9
                                                                                                                                  0x031c25cc
                                                                                                                                  0x031c25d7
                                                                                                                                  0x031c25dc
                                                                                                                                  0x031c25df
                                                                                                                                  0x031c25ea
                                                                                                                                  0x031c25ea
                                                                                                                                  0x031c25df
                                                                                                                                  0x031c25ef
                                                                                                                                  0x031c25f3
                                                                                                                                  0x00000000
                                                                                                                                  0x031c25f5
                                                                                                                                  0x031c25f5
                                                                                                                                  0x031c25a8
                                                                                                                                  0x00000000
                                                                                                                                  0x031c25a8
                                                                                                                                  0x031c25f3
                                                                                                                                  0x031c2542
                                                                                                                                  0x031c2542
                                                                                                                                  0x031c2542
                                                                                                                                  0x031c2545
                                                                                                                                  0x031c256b
                                                                                                                                  0x031c2547
                                                                                                                                  0x031c2547
                                                                                                                                  0x031c254a
                                                                                                                                  0x031c254d
                                                                                                                                  0x031c2550
                                                                                                                                  0x031c2559
                                                                                                                                  0x031c2559
                                                                                                                                  0x031c255e
                                                                                                                                  0x031c255f
                                                                                                                                  0x031c255f
                                                                                                                                  0x031c256d
                                                                                                                                  0x031c256d
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2542
                                                                                                                                  0x031c2540
                                                                                                                                  0x031c224c
                                                                                                                                  0x031c224f
                                                                                                                                  0x031c24c1
                                                                                                                                  0x031c24c4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c24ca
                                                                                                                                  0x031c24cc
                                                                                                                                  0x031c24ce
                                                                                                                                  0x00000000
                                                                                                                                  0x031c24ce
                                                                                                                                  0x031c2255
                                                                                                                                  0x031c2258
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c225e
                                                                                                                                  0x031c2261
                                                                                                                                  0x031c2284
                                                                                                                                  0x031c228a
                                                                                                                                  0x031c228d
                                                                                                                                  0x031c228f
                                                                                                                                  0x031c2291
                                                                                                                                  0x031c22d9
                                                                                                                                  0x031c2293
                                                                                                                                  0x031c22a7
                                                                                                                                  0x031c22af
                                                                                                                                  0x031c22b4
                                                                                                                                  0x031c22c3
                                                                                                                                  0x031c22c9
                                                                                                                                  0x031c22c9
                                                                                                                                  0x031c22df
                                                                                                                                  0x031c22e3
                                                                                                                                  0x031c22e6
                                                                                                                                  0x031c245f
                                                                                                                                  0x031c246b
                                                                                                                                  0x031c2470
                                                                                                                                  0x031c2474
                                                                                                                                  0x031c247f
                                                                                                                                  0x031c2490
                                                                                                                                  0x031c249b
                                                                                                                                  0x031c24a0
                                                                                                                                  0x031c24a3
                                                                                                                                  0x031c24a4
                                                                                                                                  0x031c24a6
                                                                                                                                  0x031c24a8
                                                                                                                                  0x031c24b0
                                                                                                                                  0x031c24b3
                                                                                                                                  0x031c24b3
                                                                                                                                  0x00000000
                                                                                                                                  0x031c22ec
                                                                                                                                  0x031c22ec
                                                                                                                                  0x031c22f0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c22ff
                                                                                                                                  0x031c2305
                                                                                                                                  0x031c2307
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2318
                                                                                                                                  0x031c231d
                                                                                                                                  0x031c231f
                                                                                                                                  0x031c2322
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c232d
                                                                                                                                  0x031c2337
                                                                                                                                  0x031c2340
                                                                                                                                  0x031c2346
                                                                                                                                  0x031c234f
                                                                                                                                  0x031c2359
                                                                                                                                  0x031c235f
                                                                                                                                  0x031c2365
                                                                                                                                  0x031c236b
                                                                                                                                  0x031c2374
                                                                                                                                  0x031c2378
                                                                                                                                  0x031c237e
                                                                                                                                  0x031c2394
                                                                                                                                  0x031c23aa
                                                                                                                                  0x031c23b0
                                                                                                                                  0x031c23b6
                                                                                                                                  0x031c23b9
                                                                                                                                  0x031c23bb
                                                                                                                                  0x031c2436
                                                                                                                                  0x031c243e
                                                                                                                                  0x031c244d
                                                                                                                                  0x031c2457
                                                                                                                                  0x031c245c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c23bd
                                                                                                                                  0x031c23bd
                                                                                                                                  0x031c23bd
                                                                                                                                  0x031c23c0
                                                                                                                                  0x031c23c4
                                                                                                                                  0x031c23c6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c23c8
                                                                                                                                  0x031c23c8
                                                                                                                                  0x031c23d2
                                                                                                                                  0x031c23d4
                                                                                                                                  0x031c2424
                                                                                                                                  0x031c2428
                                                                                                                                  0x031c2428
                                                                                                                                  0x031c2428
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2428
                                                                                                                                  0x031c23d6
                                                                                                                                  0x031c23d9
                                                                                                                                  0x031c23db
                                                                                                                                  0x031c23f8
                                                                                                                                  0x031c2401
                                                                                                                                  0x031c240d
                                                                                                                                  0x031c2413
                                                                                                                                  0x031c241c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c23dd
                                                                                                                                  0x031c23dd
                                                                                                                                  0x031c23e2
                                                                                                                                  0x031c23e8
                                                                                                                                  0x031c23ea
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c23ec
                                                                                                                                  0x031c23f0
                                                                                                                                  0x031c23f3
                                                                                                                                  0x031c23f6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c23f6
                                                                                                                                  0x00000000
                                                                                                                                  0x031c242b
                                                                                                                                  0x031c242b
                                                                                                                                  0x031c242e
                                                                                                                                  0x031c242e
                                                                                                                                  0x031c2433
                                                                                                                                  0x031c2433
                                                                                                                                  0x031c2433
                                                                                                                                  0x031c2433
                                                                                                                                  0x00000000
                                                                                                                                  0x031c23bd
                                                                                                                                  0x031c22e6
                                                                                                                                  0x031c2263
                                                                                                                                  0x031c2266
                                                                                                                                  0x031c227a
                                                                                                                                  0x031c227a
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2266
                                                                                                                                  0x031c2140
                                                                                                                                  0x031c2140
                                                                                                                                  0x031c2144
                                                                                                                                  0x031c2149
                                                                                                                                  0x031c214b
                                                                                                                                  0x031c214b
                                                                                                                                  0x031c214b
                                                                                                                                  0x031c214b
                                                                                                                                  0x031c2150
                                                                                                                                  0x031c2155
                                                                                                                                  0x031c2159
                                                                                                                                  0x031c215b
                                                                                                                                  0x031c215b
                                                                                                                                  0x031c215b
                                                                                                                                  0x00000000
                                                                                                                                  0x031c2159
                                                                                                                                  0x031c213e
                                                                                                                                  0x031c20ed
                                                                                                                                  0x031c20f0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c20f6
                                                                                                                                  0x031c20f9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c20fb
                                                                                                                                  0x031c20fe
                                                                                                                                  0x031c2104
                                                                                                                                  0x031c2107
                                                                                                                                  0x031c210f
                                                                                                                                  0x031c210f
                                                                                                                                  0x031c2107
                                                                                                                                  0x00000000
                                                                                                                                  0x031c20fe
                                                                                                                                  0x031c269e
                                                                                                                                  0x031c269e
                                                                                                                                  0x031c26a4
                                                                                                                                  0x031c26a4
                                                                                                                                  0x031c26b0
                                                                                                                                  0x031c26b4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c26b4
                                                                                                                                  0x031c1eb9
                                                                                                                                  0x031c1eba
                                                                                                                                  0x031c1ebf
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1ebf
                                                                                                                                  0x031c1e56
                                                                                                                                  0x031c1e57
                                                                                                                                  0x031c1e5c
                                                                                                                                  0x031c2725
                                                                                                                                  0x031c2725
                                                                                                                                  0x00000000
                                                                                                                                  0x031c272c

                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32 ref: 031C1EB0
                                                                                                                                    • Part of subcall function 031C2ABB: lstrcpyA.KERNEL32(?,?,?,031C2720,00000000), ref: 031C2ADA
                                                                                                                                    • Part of subcall function 031C2ABB: GlobalFree.KERNEL32 ref: 031C2AEA
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748522491.00000000031C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 031C0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748395968.00000000031C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748634965.00000000031C3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748656419.00000000031C4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748694802.00000000031C6000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748715226.00000000031C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_31c0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeGlobalItemlstrcpy
                                                                                                                                  • String ID: $ $($721796$D$Field %d$error creating dialog$error finding childwnd$error finding config$error finding mainwnd$cvt$nwt
                                                                                                                                  • API String ID: 962754457-3151227133
                                                                                                                                  • Opcode ID: a25f7937ea18cfd8c58b301aa54407a68dbce48c5000394848c72de41fb0df36
                                                                                                                                  • Instruction ID: caf3b876b111f9f227465ede957a03de2416e89d8607fb33ad40d8e4845e8f12
                                                                                                                                  • Opcode Fuzzy Hash: a25f7937ea18cfd8c58b301aa54407a68dbce48c5000394848c72de41fb0df36
                                                                                                                                  • Instruction Fuzzy Hash: 8652CF75920298AFDF16DFA4CC84AADBFB5FF1D300F18495DE810AA295C7748992CF20
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00403A45 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 429 403a45-403a57 430 403b98-403ba7 429->430 431 403a5d-403a63 429->431 433 403bf6-403c0b 430->433 434 403ba9-403be4 GetDlgItem * 2 call 403f18 KiUserCallbackDispatcher call 40140b 430->434 431->430 432 403a69-403a72 431->432 438 403a74-403a81 SetWindowPos 432->438 439 403a87-403a8a 432->439 436 403c4b-403c50 call 403f64 433->436 437 403c0d-403c10 433->437 454 403be9-403bf1 434->454 451 403c55-403c70 436->451 443 403c12-403c1d call 401389 437->443 444 403c43-403c45 437->444 438->439 440 403aa4-403aaa 439->440 441 403a8c-403a9e ShowWindow 439->441 446 403ac6-403ac9 440->446 447 403aac-403ac1 KiUserCallbackDispatcher 440->447 441->440 443->444 464 403c1f-403c3e SendMessageA 443->464 444->436 450 403ee5 444->450 455 403acb-403ad7 SetWindowLongA 446->455 456 403adc-403ae2 446->456 453 403ec2-403ec8 447->453 452 403ee7-403eee 450->452 458 403c72-403c74 call 40140b 451->458 459 403c79-403c7f 451->459 453->450 465 403eca-403ed0 453->465 454->433 455->452 462 403b85-403b93 call 403f7f 456->462 463 403ae8-403af9 GetDlgItem 456->463 458->459 460 403ea3-403ebc DestroyWindow EndDialog 459->460 461 403c85-403c90 459->461 460->453 461->460 467 403c96-403ce3 call 405b88 call 403f18 * 3 GetDlgItem 461->467 462->452 468 403b18-403b1b 463->468 469 403afb-403b12 SendMessageA IsWindowEnabled 463->469 464->452 465->450 471 403ed2-403edb ShowWindow 465->471 499 403ce5-403cea 467->499 500 403ced-403d29 ShowWindow KiUserCallbackDispatcher call 403f3a KiUserCallbackDispatcher 467->500 473 403b20-403b23 468->473 474 403b1d-403b1e 468->474 469->450 469->468 471->450 478 403b31-403b36 473->478 479 403b25-403b2b 473->479 477 403b4e-403b53 call 403ef1 474->477 477->462 482 403b6c-403b7f SendMessageA 478->482 484 403b38-403b3e 478->484 479->482 483 403b2d-403b2f 479->483 482->462 483->477 487 403b40-403b46 call 40140b 484->487 488 403b55-403b5e call 40140b 484->488 495 403b4c 487->495 488->462 497 403b60-403b6a 488->497 495->477 497->495 499->500 503 403d2b-403d2c 500->503 504 403d2e 500->504 505 403d30-403d5e GetSystemMenu EnableMenuItem SendMessageA 503->505 504->505 506 403d60-403d71 SendMessageA 505->506 507 403d73 505->507 508 403d79-403db2 call 403f4d call 405b66 lstrlenA call 405b88 SetWindowTextA call 401389 506->508 507->508 508->451 517 403db8-403dba 508->517 517->451 518 403dc0-403dc4 517->518 519 403de3-403df7 DestroyWindow 518->519 520 403dc6-403dcc 518->520 519->453 522 403dfd-403e2a CreateDialogParamA 519->522 520->450 521 403dd2-403dd8 520->521 521->451 523 403dde 521->523 522->453 524 403e30-403e87 call 403f18 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 522->524 523->450 524->450 529 403e89-403e9c ShowWindow call 403f64 524->529 531 403ea1 529->531 531->453
                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                  			E00403A45(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420484 = _t35;
					if(_t115 == 0x110) {
						 *0x423ea8 = _t125;
						 *0x420498 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f460 = _t91;
						E00403F18(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423688); // executed
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420484 = 1;
					}
					_t122 =  *0x4091c4; // 0x6
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ec0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403F64(0x40b);
						while(1) {
							_t37 =  *0x420484;
							 *0x4091c4 =  *0x4091c4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091c4; // 0x6
							__eflags = _t39 -  *0x423ec4; // 0x9
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423ec4; // 0x9
							__eflags =  *0x4091c4 - _t44; // 0x6
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405B88(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403F18(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f2c - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008); // executed
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100); // executed
							E00403F3A(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f460, _t117); // executed
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f2c - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420498);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f460);
							}
							E00403F4D();
							E00405B66(0x4204a0, "ibaAnalyzer v7.3.6 (x64) Setup");
							E00405B88(0x4204a0, _t125, _t130,  &(0x4204a0[lstrlenA(0x4204a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x4204a0); // executed
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423678); // executed
									 *0x41fc70 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423ea0,  *_t130 +  *0x423680 & 0x0000ffff, _t125,  *(0x4091c8 +  *(_t130 + 4) * 4), _t130); // executed
									__eflags = _t73 - _t133;
									 *0x423678 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403F18(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423678, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42366c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423678, 8); // executed
									E00403F64(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t133; // 0x20
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423678);
						 *0x423ea8 = _t133;
						EndDialog(_t125,  *0x41f868);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420478, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420478,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403F7F(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f868 = 1;
											L21:
											_push(0x78);
											L22:
											E00403EF1();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f868 = _t127;
										goto L21;
									}
									__eflags =  *0x4091c4 - _t133; // 0x6
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423678); // executed
						 *0x423678 = _a12;
						L58:
						if( *0x4214a0 == _t133) {
							_t142 =  *0x423678 - _t133; // 0x70240
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa); // executed
								 *0x4214a0 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                                                                                                  0x00403a4e
                                                                                                                                  0x00403a57
                                                                                                                                  0x00403b98
                                                                                                                                  0x00403b9c
                                                                                                                                  0x00403ba0
                                                                                                                                  0x00403ba2
                                                                                                                                  0x00403ba7
                                                                                                                                  0x00403bb2
                                                                                                                                  0x00403bbd
                                                                                                                                  0x00403bc2
                                                                                                                                  0x00403bc4
                                                                                                                                  0x00403bc6
                                                                                                                                  0x00403bc9
                                                                                                                                  0x00403bce
                                                                                                                                  0x00403bdc
                                                                                                                                  0x00403be9
                                                                                                                                  0x00403bf0
                                                                                                                                  0x00403bf0
                                                                                                                                  0x00403bf1
                                                                                                                                  0x00403bf1
                                                                                                                                  0x00403bf6
                                                                                                                                  0x00403bfc
                                                                                                                                  0x00403c03
                                                                                                                                  0x00403c09
                                                                                                                                  0x00403c0b
                                                                                                                                  0x00403c4b
                                                                                                                                  0x00403c50
                                                                                                                                  0x00403c55
                                                                                                                                  0x00403c55
                                                                                                                                  0x00403c5a
                                                                                                                                  0x00403c63
                                                                                                                                  0x00403c65
                                                                                                                                  0x00403c6a
                                                                                                                                  0x00403c70
                                                                                                                                  0x00403c74
                                                                                                                                  0x00403c74
                                                                                                                                  0x00403c79
                                                                                                                                  0x00403c7f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403c85
                                                                                                                                  0x00403c8a
                                                                                                                                  0x00403c90
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403c99
                                                                                                                                  0x00403ca1
                                                                                                                                  0x00403ca6
                                                                                                                                  0x00403ca9
                                                                                                                                  0x00403caf
                                                                                                                                  0x00403cb4
                                                                                                                                  0x00403cb7
                                                                                                                                  0x00403cbd
                                                                                                                                  0x00403cc2
                                                                                                                                  0x00403cc5
                                                                                                                                  0x00403ccb
                                                                                                                                  0x00403cd3
                                                                                                                                  0x00403cd9
                                                                                                                                  0x00403cdf
                                                                                                                                  0x00403ce3
                                                                                                                                  0x00403cea
                                                                                                                                  0x00403cea
                                                                                                                                  0x00403cea
                                                                                                                                  0x00403cf4
                                                                                                                                  0x00403d06
                                                                                                                                  0x00403d12
                                                                                                                                  0x00403d17
                                                                                                                                  0x00403d21
                                                                                                                                  0x00403d27
                                                                                                                                  0x00403d29
                                                                                                                                  0x00403d2e
                                                                                                                                  0x00403d2b
                                                                                                                                  0x00403d2b
                                                                                                                                  0x00403d2b
                                                                                                                                  0x00403d3e
                                                                                                                                  0x00403d56
                                                                                                                                  0x00403d58
                                                                                                                                  0x00403d5e
                                                                                                                                  0x00403d73
                                                                                                                                  0x00403d60
                                                                                                                                  0x00403d69
                                                                                                                                  0x00403d6b
                                                                                                                                  0x00403d6b
                                                                                                                                  0x00403d79
                                                                                                                                  0x00403d89
                                                                                                                                  0x00403d9a
                                                                                                                                  0x00403da1
                                                                                                                                  0x00403da7
                                                                                                                                  0x00403dab
                                                                                                                                  0x00403db0
                                                                                                                                  0x00403db2
                                                                                                                                  0x00000000
                                                                                                                                  0x00403db8
                                                                                                                                  0x00403db8
                                                                                                                                  0x00403dba
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403dc0
                                                                                                                                  0x00403dc4
                                                                                                                                  0x00403de9
                                                                                                                                  0x00403def
                                                                                                                                  0x00403df5
                                                                                                                                  0x00403df7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403e1d
                                                                                                                                  0x00403e23
                                                                                                                                  0x00403e25
                                                                                                                                  0x00403e2a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403e30
                                                                                                                                  0x00403e33
                                                                                                                                  0x00403e36
                                                                                                                                  0x00403e4d
                                                                                                                                  0x00403e59
                                                                                                                                  0x00403e72
                                                                                                                                  0x00403e78
                                                                                                                                  0x00403e7c
                                                                                                                                  0x00403e81
                                                                                                                                  0x00403e87
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403e91
                                                                                                                                  0x00403e9c
                                                                                                                                  0x00000000
                                                                                                                                  0x00403e9c
                                                                                                                                  0x00403dc6
                                                                                                                                  0x00403dcc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403dd2
                                                                                                                                  0x00403dd8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403dde
                                                                                                                                  0x00403db2
                                                                                                                                  0x00403ea9
                                                                                                                                  0x00403eb5
                                                                                                                                  0x00403ebc
                                                                                                                                  0x00000000
                                                                                                                                  0x00403c0d
                                                                                                                                  0x00403c0d
                                                                                                                                  0x00403c10
                                                                                                                                  0x00403c43
                                                                                                                                  0x00403c43
                                                                                                                                  0x00403c45
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403c45
                                                                                                                                  0x00403c12
                                                                                                                                  0x00403c16
                                                                                                                                  0x00403c1b
                                                                                                                                  0x00403c1d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403c2d
                                                                                                                                  0x00403c35
                                                                                                                                  0x00000000
                                                                                                                                  0x00403c3b
                                                                                                                                  0x00403a69
                                                                                                                                  0x00403a69
                                                                                                                                  0x00403a6d
                                                                                                                                  0x00403a72
                                                                                                                                  0x00403a81
                                                                                                                                  0x00403a81
                                                                                                                                  0x00403a8a
                                                                                                                                  0x00403a93
                                                                                                                                  0x00403a9e
                                                                                                                                  0x00403a9e
                                                                                                                                  0x00403aaa
                                                                                                                                  0x00403ac6
                                                                                                                                  0x00403ac9
                                                                                                                                  0x00403adc
                                                                                                                                  0x00403ae2
                                                                                                                                  0x00403b85
                                                                                                                                  0x00000000
                                                                                                                                  0x00403b8e
                                                                                                                                  0x00403ae8
                                                                                                                                  0x00403af5
                                                                                                                                  0x00403af7
                                                                                                                                  0x00403af9
                                                                                                                                  0x00403b18
                                                                                                                                  0x00403b18
                                                                                                                                  0x00403b1b
                                                                                                                                  0x00403b20
                                                                                                                                  0x00403b23
                                                                                                                                  0x00403b33
                                                                                                                                  0x00403b34
                                                                                                                                  0x00403b36
                                                                                                                                  0x00403b6c
                                                                                                                                  0x00403b7f
                                                                                                                                  0x00000000
                                                                                                                                  0x00403b7f
                                                                                                                                  0x00403b38
                                                                                                                                  0x00403b3e
                                                                                                                                  0x00403b57
                                                                                                                                  0x00403b5c
                                                                                                                                  0x00403b5e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403b60
                                                                                                                                  0x00403b4c
                                                                                                                                  0x00403b4c
                                                                                                                                  0x00403b4e
                                                                                                                                  0x00403b4e
                                                                                                                                  0x00000000
                                                                                                                                  0x00403b4e
                                                                                                                                  0x00403b41
                                                                                                                                  0x00403b46
                                                                                                                                  0x00000000
                                                                                                                                  0x00403b46
                                                                                                                                  0x00403b25
                                                                                                                                  0x00403b2b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403b2d
                                                                                                                                  0x00000000
                                                                                                                                  0x00403b2d
                                                                                                                                  0x00403b1d
                                                                                                                                  0x00000000
                                                                                                                                  0x00403b1d
                                                                                                                                  0x00403b03
                                                                                                                                  0x00403b0a
                                                                                                                                  0x00403b10
                                                                                                                                  0x00403b12
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403b12
                                                                                                                                  0x00403ace
                                                                                                                                  0x00000000
                                                                                                                                  0x00403aac
                                                                                                                                  0x00403ab2
                                                                                                                                  0x00403abc
                                                                                                                                  0x00403ec2
                                                                                                                                  0x00403ec8
                                                                                                                                  0x00403eca
                                                                                                                                  0x00403ed0
                                                                                                                                  0x00403ed5
                                                                                                                                  0x00403edb
                                                                                                                                  0x00403edb
                                                                                                                                  0x00403ed0
                                                                                                                                  0x00403ee5
                                                                                                                                  0x00000000
                                                                                                                                  0x00403ee5
                                                                                                                                  0x00403aaa

                                                                                                                                  APIs
                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A81
                                                                                                                                  • ShowWindow.USER32(?), ref: 00403A9E
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL ref: 00403AB2
                                                                                                                                  • SetWindowLongA.USER32 ref: 00403ACE
                                                                                                                                  • GetDlgItem.USER32 ref: 00403AEF
                                                                                                                                  • SendMessageA.USER32 ref: 00403B03
                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00403B0A
                                                                                                                                  • GetDlgItem.USER32 ref: 00403BB8
                                                                                                                                  • GetDlgItem.USER32 ref: 00403BC2
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403BDC
                                                                                                                                  • SendMessageA.USER32 ref: 00403C2D
                                                                                                                                  • GetDlgItem.USER32 ref: 00403CD3
                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 00403CF4
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403D06
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403D21
                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D37
                                                                                                                                  • EnableMenuItem.USER32 ref: 00403D3E
                                                                                                                                  • SendMessageA.USER32 ref: 00403D56
                                                                                                                                  • SendMessageA.USER32 ref: 00403D69
                                                                                                                                  • lstrlenA.KERNEL32(004204A0,?,004204A0,ibaAnalyzer v7.3.6 (x64) Setup), ref: 00403D92
                                                                                                                                  • SetWindowTextA.USER32(?,004204A0), ref: 00403DA1
                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 00403ED5
                                                                                                                                  Strings
                                                                                                                                  • ibaAnalyzer v7.3.6 (x64) Setup, xrefs: 00403D83
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Item$CallbackDispatcherMessageSendUser$Show$Menu$EnableEnabledLongSystemTextlstrlen
                                                                                                                                  • String ID: ibaAnalyzer v7.3.6 (x64) Setup
                                                                                                                                  • API String ID: 3696009075-3120951093
                                                                                                                                  • Opcode ID: 0ca44dad19ebef12785e3fca4310d205a7ec76f049bba6dd02c4170e1792f308
                                                                                                                                  • Instruction ID: 1b558320748e03173a152966608fa9e4bba3452d5179f8dde3fdb5243a6fbb8a
                                                                                                                                  • Opcode Fuzzy Hash: 0ca44dad19ebef12785e3fca4310d205a7ec76f049bba6dd02c4170e1792f308
                                                                                                                                  • Instruction Fuzzy Hash: 21C18071A04204BBDB216F21ED45E2B3E7DEB4970AF40053EF541B12E1C739AA42DB6E
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 004036AF Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 683 4036af-4036c7 call 405e88 686 4036c9-4036d9 call 405ac4 683->686 687 4036db-403702 call 405a4d 683->687 696 403725-40374e call 403978 call 40573a 686->696 692 403704-403715 call 405a4d 687->692 693 40371a-403720 lstrcatA 687->693 692->693 693->696 701 403754-403759 696->701 702 4037d5-4037dd call 40573a 696->702 701->702 703 40375b-40377f call 405a4d 701->703 708 4037eb-403810 LoadImageA 702->708 709 4037df-4037e6 call 405b88 702->709 703->702 710 403781-403783 703->710 712 403816-40384c RegisterClassA 708->712 713 40389f-4038a7 call 40140b 708->713 709->708 714 403794-4037a0 lstrlenA 710->714 715 403785-403792 call 405684 710->715 716 403852-40389a SystemParametersInfoA CreateWindowExA 712->716 717 40396e 712->717 726 4038b1-4038bc call 403978 713->726 727 4038a9-4038ac 713->727 721 4037a2-4037b0 lstrcmpiA 714->721 722 4037c8-4037d0 call 405659 call 405b66 714->722 715->714 716->713 719 403970-403977 717->719 721->722 725 4037b2-4037bc GetFileAttributesA 721->725 722->702 730 4037c2-4037c3 call 4056a0 725->730 731 4037be-4037c0 725->731 736 4038c2-4038df ShowWindow LoadLibraryA 726->736 737 403945-403946 call 404fd6 726->737 727->719 730->722 731->722 731->730 738 4038e1-4038e6 LoadLibraryA 736->738 739 4038e8-4038fa GetClassInfoA 736->739 743 40394b-40394d 737->743 738->739 741 403912-403935 DialogBoxParamA call 40140b 739->741 742 4038fc-40390c GetClassInfoA RegisterClassA 739->742 748 40393a-403943 call 4035ff 741->748 742->741 745 403967-403969 call 40140b 743->745 746 40394f-403955 743->746 745->717 746->727 749 40395b-403962 call 40140b 746->749 748->719 749->727
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E004036AF() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423eb0; // 0x69fab8
				_t20 = E00405E88(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x4204a0;
					"1033" = 0x7830;
					E00405A4D(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x4204a0, 0);
					__eflags =  *0x4204a0;
					if(__eflags == 0) {
						E00405A4D(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x4204a0, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AC4("1033",  *_t20() & 0x0000ffff);
				}
				E00403978(_t76, _t88);
				_t24 =  *0x423eb8; // 0xa0
				_t85 = "C:\\Program Files\\iba\\ibaAnalyzer";
				 *0x423f20 = _t24 & 0x00000020;
				 *0x423f3c = 0x10000;
				if(E0040573A(_t88, "C:\\Program Files\\iba\\ibaAnalyzer") != 0) {
					L16:
					if(E0040573A(_t96, _t85) == 0) {
						E00405B88(0, _t79, _t81, _t85,  *((intOrPtr*)(_t81 + 0x118))); // executed
					}
					_t28 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423688 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403978(_t76, __eflags);
							__eflags =  *0x423f40; // 0x0
							if(__eflags != 0) {
								_t31 = E00404FD6(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420478, 5); // executed
							_t37 = LoadLibraryA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423640);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t86;
								RegisterClassA(0x423640);
							}
							_t39 =  *0x423680; // 0x0
							_t42 = DialogBoxParamA( *0x423ea0, _t39 + 0x00000069 & 0x0000ffff, 0, E00403A45, 0); // executed
							E004035FF(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423ea0; // 0x400000
						 *0x423654 = _t28;
						_v20 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 = _t76;
						 *0x423664 =  &_v20;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420478 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423ed8; // 0x6aaf78
					_t79 = 0x422e40;
					E00405A4D( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422e40, 0);
					_t62 =  *0x422e40; // 0x45
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e41;
						 *((char*)(E00405684(0x422e41, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B66(_t85, E00405659(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056A0(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                                                                                                                  0x004036b5
                                                                                                                                  0x004036be
                                                                                                                                  0x004036c5
                                                                                                                                  0x004036c7
                                                                                                                                  0x004036db
                                                                                                                                  0x004036ed
                                                                                                                                  0x004036f7
                                                                                                                                  0x004036fc
                                                                                                                                  0x00403702
                                                                                                                                  0x00403715
                                                                                                                                  0x00403715
                                                                                                                                  0x00403720
                                                                                                                                  0x004036c9
                                                                                                                                  0x004036d4
                                                                                                                                  0x004036d4
                                                                                                                                  0x00403725
                                                                                                                                  0x0040372a
                                                                                                                                  0x0040372f
                                                                                                                                  0x00403738
                                                                                                                                  0x0040373d
                                                                                                                                  0x0040374e
                                                                                                                                  0x004037d5
                                                                                                                                  0x004037dd
                                                                                                                                  0x004037e6
                                                                                                                                  0x004037e6
                                                                                                                                  0x004037fc
                                                                                                                                  0x00403802
                                                                                                                                  0x00403810
                                                                                                                                  0x0040389f
                                                                                                                                  0x004038a7
                                                                                                                                  0x004038b1
                                                                                                                                  0x004038b6
                                                                                                                                  0x004038bc
                                                                                                                                  0x00403946
                                                                                                                                  0x0040394b
                                                                                                                                  0x0040394d
                                                                                                                                  0x00403969
                                                                                                                                  0x00000000
                                                                                                                                  0x00403969
                                                                                                                                  0x0040394f
                                                                                                                                  0x00403955
                                                                                                                                  0x0040395d
                                                                                                                                  0x0040395d
                                                                                                                                  0x00000000
                                                                                                                                  0x00403955
                                                                                                                                  0x004038ca
                                                                                                                                  0x004038db
                                                                                                                                  0x004038dd
                                                                                                                                  0x004038df
                                                                                                                                  0x004038e6
                                                                                                                                  0x004038e6
                                                                                                                                  0x004038ee
                                                                                                                                  0x004038f6
                                                                                                                                  0x004038f8
                                                                                                                                  0x004038fa
                                                                                                                                  0x00403903
                                                                                                                                  0x00403906
                                                                                                                                  0x0040390c
                                                                                                                                  0x0040390c
                                                                                                                                  0x00403912
                                                                                                                                  0x0040392b
                                                                                                                                  0x0040393c
                                                                                                                                  0x00000000
                                                                                                                                  0x00403941
                                                                                                                                  0x004038a9
                                                                                                                                  0x004038ab
                                                                                                                                  0x00000000
                                                                                                                                  0x00403816
                                                                                                                                  0x00403816
                                                                                                                                  0x0040381c
                                                                                                                                  0x00403826
                                                                                                                                  0x0040382e
                                                                                                                                  0x00403838
                                                                                                                                  0x0040383e
                                                                                                                                  0x0040384c
                                                                                                                                  0x0040396e
                                                                                                                                  0x0040396e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040396e
                                                                                                                                  0x00403852
                                                                                                                                  0x0040385b
                                                                                                                                  0x0040389a
                                                                                                                                  0x00000000
                                                                                                                                  0x0040389a
                                                                                                                                  0x00403754
                                                                                                                                  0x00403754
                                                                                                                                  0x00403759
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040375e
                                                                                                                                  0x00403763
                                                                                                                                  0x00403773
                                                                                                                                  0x00403778
                                                                                                                                  0x0040377f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403783
                                                                                                                                  0x00403785
                                                                                                                                  0x00403792
                                                                                                                                  0x00403792
                                                                                                                                  0x0040379a
                                                                                                                                  0x004037a0
                                                                                                                                  0x004037c8
                                                                                                                                  0x004037d0
                                                                                                                                  0x00000000
                                                                                                                                  0x004037b2
                                                                                                                                  0x004037b3
                                                                                                                                  0x004037bc
                                                                                                                                  0x004037c2
                                                                                                                                  0x004037c3
                                                                                                                                  0x00000000
                                                                                                                                  0x004037c3
                                                                                                                                  0x004037be
                                                                                                                                  0x004037c0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004037c0
                                                                                                                                  0x004037a0

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                    • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                    • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                                  • lstrcatA.KERNEL32(1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403720
                                                                                                                                  • lstrlenA.KERNEL32(Execute: ,?,?,?,Execute: ,00000000,C:\Program Files\iba\ibaAnalyzer,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ), ref: 00403795
                                                                                                                                  • lstrcmpiA.KERNEL32(?,.exe,Execute: ,?,?,?,Execute: ,00000000,C:\Program Files\iba\ibaAnalyzer,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000), ref: 004037A8
                                                                                                                                  • GetFileAttributesA.KERNEL32(Execute: ), ref: 004037B3
                                                                                                                                  • LoadImageA.USER32 ref: 004037FC
                                                                                                                                    • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                                                  • RegisterClassA.USER32 ref: 00403843
                                                                                                                                  • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040385B
                                                                                                                                  • CreateWindowExA.USER32 ref: 00403894
                                                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 004038CA
                                                                                                                                  • LoadLibraryA.KERNELBASE(RichEd20), ref: 004038DB
                                                                                                                                  • LoadLibraryA.KERNEL32(RichEd32), ref: 004038E6
                                                                                                                                  • GetClassInfoA.USER32 ref: 004038F6
                                                                                                                                  • GetClassInfoA.USER32 ref: 00403903
                                                                                                                                  • RegisterClassA.USER32 ref: 0040390C
                                                                                                                                  • DialogBoxParamA.USER32 ref: 0040392B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                  • String ID: "C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" $.DEFAULT\Control Panel\International$.exe$1033$@6B$C:\Program Files\iba\ibaAnalyzer$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Execute: $RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                  • API String ID: 914957316-2281990554
                                                                                                                                  • Opcode ID: df3e65e4785b10912f2cc945d8ce61fae7cc82ae08d3dd313a0b53a2ea4163e5
                                                                                                                                  • Instruction ID: 5edcd83abe1923a5ef33726047749e404321c8c293ca1ea02831498dc8d0bb6f
                                                                                                                                  • Opcode Fuzzy Hash: df3e65e4785b10912f2cc945d8ce61fae7cc82ae08d3dd313a0b53a2ea4163e5
                                                                                                                                  • Instruction Fuzzy Hash: A961A3B16442007FD720AF659D45E2B3AADEB4475AF40457FF940B22E1D77CAD01CA2E
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00404060 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 204windowstringCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 754 404060-404070 755 404183-404196 754->755 756 404076-40407e 754->756 757 4041f2-4041f6 755->757 758 404198-4041a1 755->758 759 404080-40408f 756->759 760 404091-404129 call 403f18 * 2 CheckDlgButton call 403f3a GetDlgItem call 403f4d SendMessageA 756->760 764 4042c6-4042cd 757->764 765 4041fc-404210 GetDlgItem 757->765 761 4042d5 758->761 762 4041a7-4041af 758->762 759->760 792 404134-40417e SendMessageA * 2 lstrlenA SendMessageA * 2 760->792 793 40412b-40412e GetSysColor 760->793 770 4042d8-4042df call 403f7f 761->770 762->761 768 4041b5-4041c1 762->768 764->761 769 4042cf 764->769 766 404212-404219 765->766 767 404284-40428b 765->767 766->767 772 40421b-404236 766->772 767->770 773 40428d-404294 767->773 768->761 774 4041c7-4041ed GetDlgItem SendMessageA call 403f3a call 4042eb 768->774 769->761 780 4042e4-4042e8 770->780 772->767 777 404238-404281 SendMessageA LoadCursorA SetCursor ShellExecuteA LoadCursorA SetCursor 772->777 773->770 778 404296-40429a 773->778 774->757 777->767 783 40429c-4042ab SendMessageA 778->783 784 4042ad-4042b1 778->784 783->784 787 4042c1-4042c4 784->787 788 4042b3-4042bf SendMessageA 784->788 787->780 788->787 792->780 793->792
                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                  			E00404060(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420480 =  *0x420480 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403F7F(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e40;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420480 != 0) {
						goto L25;
					} else {
						_t103 =  *0x41fc70; // 0x69fd64
						_t25 = _t103 + 0x14; // 0x69fd78
						_t112 = _t25;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403F3A(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004042EB();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42367c; // 0x6b2723
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423ed8; // 0x6aaf78
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040402C;
				E00403F18(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403F18(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403F3A( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403F4D(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423eb0; // 0x69fab8
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f464 =  *0x41f464 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16); // executed
				 *0x420480 =  *0x420480 & 0x00000000;
				return 0;
			}





















                                                                                                                                  0x00404070
                                                                                                                                  0x00404196
                                                                                                                                  0x004041f2
                                                                                                                                  0x004041f6
                                                                                                                                  0x004042cd
                                                                                                                                  0x004042cf
                                                                                                                                  0x004042cf
                                                                                                                                  0x004042d5
                                                                                                                                  0x004042d5
                                                                                                                                  0x004042d8
                                                                                                                                  0x00000000
                                                                                                                                  0x004042df
                                                                                                                                  0x00404204
                                                                                                                                  0x00404206
                                                                                                                                  0x00404210
                                                                                                                                  0x0040421b
                                                                                                                                  0x0040421e
                                                                                                                                  0x00404221
                                                                                                                                  0x0040422c
                                                                                                                                  0x0040422f
                                                                                                                                  0x00404236
                                                                                                                                  0x00404244
                                                                                                                                  0x0040425c
                                                                                                                                  0x00404264
                                                                                                                                  0x0040426f
                                                                                                                                  0x0040427f
                                                                                                                                  0x00404281
                                                                                                                                  0x00404281
                                                                                                                                  0x00404236
                                                                                                                                  0x0040428b
                                                                                                                                  0x00000000
                                                                                                                                  0x00404296
                                                                                                                                  0x0040429a
                                                                                                                                  0x004042ab
                                                                                                                                  0x004042ab
                                                                                                                                  0x004042b1
                                                                                                                                  0x004042bf
                                                                                                                                  0x004042bf
                                                                                                                                  0x00000000
                                                                                                                                  0x004042c3
                                                                                                                                  0x0040428b
                                                                                                                                  0x004041a1
                                                                                                                                  0x00000000
                                                                                                                                  0x004041b5
                                                                                                                                  0x004041b5
                                                                                                                                  0x004041bb
                                                                                                                                  0x004041bb
                                                                                                                                  0x004041c1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004041e6
                                                                                                                                  0x004041e8
                                                                                                                                  0x004041ed
                                                                                                                                  0x00000000
                                                                                                                                  0x004041ed
                                                                                                                                  0x004041a1
                                                                                                                                  0x00404076
                                                                                                                                  0x00404079
                                                                                                                                  0x0040407e
                                                                                                                                  0x00404080
                                                                                                                                  0x0040408f
                                                                                                                                  0x0040408f
                                                                                                                                  0x00404091
                                                                                                                                  0x00404096
                                                                                                                                  0x00404099
                                                                                                                                  0x0040409b
                                                                                                                                  0x004040a0
                                                                                                                                  0x004040a9
                                                                                                                                  0x004040af
                                                                                                                                  0x004040bb
                                                                                                                                  0x004040be
                                                                                                                                  0x004040c7
                                                                                                                                  0x004040cc
                                                                                                                                  0x004040cf
                                                                                                                                  0x004040d4
                                                                                                                                  0x004040eb
                                                                                                                                  0x004040f2
                                                                                                                                  0x00404105
                                                                                                                                  0x00404108
                                                                                                                                  0x0040411d
                                                                                                                                  0x0040411f
                                                                                                                                  0x00404124
                                                                                                                                  0x00404129
                                                                                                                                  0x0040412e
                                                                                                                                  0x0040412e
                                                                                                                                  0x0040413d
                                                                                                                                  0x0040414c
                                                                                                                                  0x0040414e
                                                                                                                                  0x00404164
                                                                                                                                  0x00404173
                                                                                                                                  0x00404175
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                  • String ID: #'k$@.B$N$open
                                                                                                                                  • API String ID: 3615053054-3251791316
                                                                                                                                  • Opcode ID: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                                                  • Instruction ID: 7761d7a6ce13443680711406d70bf9c6d022160e69bfd2fffc9b265f6460a43d
                                                                                                                                  • Opcode Fuzzy Hash: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                                                  • Instruction Fuzzy Hash: 4661B2B1A40209BFEB109F60DC45F6A3B69FB44755F10817AFB04BA2D1C7B8A951CF98
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C10DC Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 225windowstringCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 794 31c10dc-31c10f4 call 31c1000 797 31c10fa-31c110c 794->797 798 31c13a2-31c13a4 794->798 800 31c1366-31c1393 wsprintfA WritePrivateProfileStringA call 31c100f 797->800 801 31c1112 797->801 799 31c139a-31c13a1 798->799 806 31c1398 800->806 802 31c1116-31c112f 801->802 804 31c1334-31c133d 802->804 805 31c1135-31c1138 802->805 809 31c133f 804->809 810 31c1345 804->810 807 31c113e-31c1141 805->807 808 31c1349-31c1360 805->808 806->799 811 31c1147-31c114a 807->811 812 31c12e2-31c1302 SendMessageA wsprintfA 807->812 808->800 808->802 809->810 810->808 814 31c1150-31c1153 811->814 815 31c1202-31c1210 SendMessageA 811->815 813 31c1305-31c1332 wsprintfA WritePrivateProfileStringA 812->813 813->808 814->808 816 31c1159-31c1169 lstrlenA 814->816 817 31c122b-31c124f GetWindowTextA 815->817 818 31c1212-31c1225 call 31c100f call 31c1000 815->818 819 31c116b-31c117d call 31c100f call 31c1000 816->819 820 31c1183-31c1191 call 31c1000 816->820 817->813 822 31c1255-31c1259 817->822 818->798 818->817 819->798 819->820 820->798 834 31c1197-31c11ad SendMessageA 820->834 822->813 826 31c125f-31c1272 call 31c1000 822->826 835 31c1274-31c127b 826->835 836 31c12d3-31c12e0 call 31c100f 826->836 838 31c11af-31c11bf SendMessageA 834->838 839 31c11f4-31c11fd call 31c100f 834->839 842 31c127d-31c127e 835->842 843 31c12b5 835->843 836->813 840 31c11ed-31c11f2 838->840 841 31c11c1-31c11c4 838->841 839->813 840->838 840->839 846 31c11c6-31c11cc lstrcatA 841->846 847 31c11d2-31c11e7 SendMessageA lstrcatA 841->847 848 31c12ae-31c12b3 842->848 849 31c1280-31c1283 842->849 851 31c12ba 843->851 846->847 847->840 848->851 853 31c1285-31c1288 849->853 854 31c12a7-31c12ac 849->854 855 31c12bb-31c12d1 CharNextA * 2 851->855 856 31c128e-31c12a5 CharNextA lstrcpynA 853->856 857 31c128a-31c128d 853->857 854->851 855->835 855->836 856->855 857->856
                                                                                                                                  C-Code - Quality: 99%
                                                                                                                                  			E031C10DC() {
				int _t44;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				signed int _t51;
				CHAR* _t61;
				void* _t65;
				void* _t67;
				void* _t68;
				CHAR* _t76;
				void* _t83;
				int _t84;
				void* _t89;
				CHAR* _t91;
				CHAR* _t92;
				void* _t94;
				int _t95;
				CHAR* _t96;
				struct HWND__* _t97;
				long _t98;
				CHAR* _t99;
				void* _t100;
				void* _t103;
				void* _t116;

				_t83 = 0x2000;
				_t96 = E031C1000(0x2000);
				_t84 = 0;
				if(_t96 == 0) {
					L43:
					return 0;
				}
				_t103 =  *0x31c680c - _t84; // 0x5
				 *((intOrPtr*)(_t100 + 0x1c)) = 0;
				 *((intOrPtr*)(_t100 + 0x10)) = 1;
				if(_t103 <= 0) {
					L41:
					wsprintfA(_t96, "%d",  *0x31c67bc);
					_t44 = WritePrivateProfileStringA("Settings", "State", _t96,  *0x31c67e0); // executed
					E031C100F(_t44, _t96);
					return 1;
				}
				 *((intOrPtr*)(_t100 + 0x18)) = 0;
				do {
					_t47 =  *0x31c6804; // 0x71c3d0
					_t89 =  *((intOrPtr*)(_t100 + 0x18)) + _t47;
					_t48 =  *((intOrPtr*)(_t89 + 0x20));
					_t97 =  *(_t89 + 0x38);
					 *(_t100 + 0x20) = _t97;
					if(_t48 == 6) {
						_t49 =  *0x31c67bc; // 0x0
						if(_t49 >  *((intOrPtr*)(_t100 + 0x10))) {
							 *0x31c67bc =  *0x31c67bc - 1;
						}
						 *((intOrPtr*)(_t100 + 0x10)) =  *((intOrPtr*)(_t100 + 0x10)) - 1;
						goto L40;
					}
					if(_t48 <= 9) {
						goto L40;
					}
					if(_t48 <= 0xb) {
						_t51 = SendMessageA(_t97, 0xf0, _t84, _t84);
						asm("sbb eax, eax");
						wsprintfA(_t96, "%d",  ~( ~_t51));
						_t100 = _t100 + 0xc;
						L36:
						wsprintfA(0x31c6648, "Field %d",  *((intOrPtr*)(_t100 + 0x10)));
						_t100 = _t100 + 0xc;
						WritePrivateProfileStringA(0x31c6648, "State", _t96,  *0x31c67e0); // executed
						_t84 = 0;
						goto L40;
					}
					if(_t48 <= 0xf) {
						_t98 = SendMessageA(_t97, 0xe, _t84, _t84);
						if(_t98 <= _t83) {
							L20:
							_t17 = _t83 - 1; // 0x13
							 *_t96 = 0x22;
							_t18 =  &(_t96[1]); // 0x1
							GetWindowTextA( *(_t100 + 0x28), _t18, _t17);
							_t61 =  &(_t96[_t98]);
							_t61[2] = _t61[2] & 0x00000000;
							_t61[1] = 0x22;
							if( *((intOrPtr*)(_t89 + 0x20)) != 0xc || ( *(_t89 + 0x35) & 0x00000001) == 0) {
								goto L36;
							} else {
								_t83 = _t83 + _t83;
								_t91 = E031C1000(_t83);
								 *(_t100 + 0x20) = _t91;
								_t99 = _t96;
								if( *_t96 == 0) {
									L34:
									 *_t91 =  *_t91 & 0x00000000;
									E031C100F(_t62, _t96);
									_t96 =  *(_t100 + 0x20);
									goto L36;
								} else {
									goto L23;
								}
								do {
									L23:
									_t65 =  *_t99 - 9;
									if(_t65 == 0) {
										 *_t91 = 0x745c;
										L32:
										_t92 =  &(_t91[1]);
										goto L33;
									}
									_t67 = _t65 - 1;
									if(_t67 == 0) {
										 *_t91 = 0x6e5c;
										goto L32;
									}
									_t68 = _t67 - 3;
									if(_t68 == 0) {
										 *_t91 = 0x725c;
										goto L32;
									}
									if(_t68 == 0x4f) {
										 *_t91 = 0x5c;
										_t91 =  &(_t91[1]);
									}
									lstrcpynA(_t91, _t99,  &((CharNextA(_t99))[1 - _t99]));
									L33:
									_t99 = CharNextA(_t99);
									_t91 = CharNextA(_t92);
								} while ( *_t99 != 0);
								goto L34;
							}
						}
						E031C100F(_t57, _t96);
						_t16 = _t98 + 0x14; // 0x14
						_t83 = _t16;
						_t96 = E031C1000(_t83);
						if(_t96 == 0) {
							goto L43;
						}
						goto L20;
					}
					if(_t48 != 0x10) {
						goto L40;
					}
					_t94 = lstrlenA( *(_t89 + 0xc)) + 0xa;
					if(_t94 <= _t83) {
						L10:
						_t76 = E031C1000(_t83);
						_t95 = 0;
						 *(_t100 + 0x14) = _t76;
						if(_t76 == 0) {
							goto L43;
						}
						 *_t96 =  *_t96 & 0x00000000;
						_t77 = SendMessageA(_t97, 0x18b, 0, 0);
						 *(_t100 + 0x20) = _t77;
						if(_t77 <= 0) {
							L17:
							E031C100F(_t77,  *(_t100 + 0x14));
							goto L36;
						} else {
							goto L12;
						}
						do {
							L12:
							if(SendMessageA(_t97, 0x187, _t95, 0) > 0) {
								if( *_t96 != 0) {
									lstrcatA(_t96, "|");
								}
								SendMessageA(_t97, 0x189, _t95,  *(_t100 + 0x14));
								_t77 = lstrcatA(_t96,  *(_t100 + 0x14));
							}
							_t95 = _t95 + 1;
						} while (_t95 <  *(_t100 + 0x20));
						goto L17;
					}
					E031C100F(_t75, _t96);
					_t83 = _t94;
					_t96 = E031C1000(_t94);
					if(_t96 == 0) {
						goto L43;
					}
					goto L10;
					L40:
					 *((intOrPtr*)(_t100 + 0x1c)) =  *((intOrPtr*)(_t100 + 0x1c)) + 1;
					 *((intOrPtr*)(_t100 + 0x18)) =  *((intOrPtr*)(_t100 + 0x18)) + 0x54;
					_t50 =  *((intOrPtr*)(_t100 + 0x1c));
					 *((intOrPtr*)(_t100 + 0x10)) =  *((intOrPtr*)(_t100 + 0x10)) + 1;
					_t116 = _t50 -  *0x31c680c; // 0x5
				} while (_t116 < 0);
				goto L41;
			}




























                                                                                                                                  0x031c10e2
                                                                                                                                  0x031c10ee
                                                                                                                                  0x031c10f0
                                                                                                                                  0x031c10f4
                                                                                                                                  0x031c13a2
                                                                                                                                  0x00000000
                                                                                                                                  0x031c13a2
                                                                                                                                  0x031c10fa
                                                                                                                                  0x031c1100
                                                                                                                                  0x031c1104
                                                                                                                                  0x031c110c
                                                                                                                                  0x031c1366
                                                                                                                                  0x031c1372
                                                                                                                                  0x031c138c
                                                                                                                                  0x031c1393
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1398
                                                                                                                                  0x031c1112
                                                                                                                                  0x031c1116
                                                                                                                                  0x031c1116
                                                                                                                                  0x031c111f
                                                                                                                                  0x031c1122
                                                                                                                                  0x031c1125
                                                                                                                                  0x031c112b
                                                                                                                                  0x031c112f
                                                                                                                                  0x031c1334
                                                                                                                                  0x031c133d
                                                                                                                                  0x031c133f
                                                                                                                                  0x031c133f
                                                                                                                                  0x031c1345
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1345
                                                                                                                                  0x031c1138
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1141
                                                                                                                                  0x031c12ea
                                                                                                                                  0x031c12f1
                                                                                                                                  0x031c12fc
                                                                                                                                  0x031c1302
                                                                                                                                  0x031c1305
                                                                                                                                  0x031c1314
                                                                                                                                  0x031c131a
                                                                                                                                  0x031c132a
                                                                                                                                  0x031c1330
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1330
                                                                                                                                  0x031c114a
                                                                                                                                  0x031c120c
                                                                                                                                  0x031c1210
                                                                                                                                  0x031c122b
                                                                                                                                  0x031c122b
                                                                                                                                  0x031c122e
                                                                                                                                  0x031c1232
                                                                                                                                  0x031c123a
                                                                                                                                  0x031c1240
                                                                                                                                  0x031c1243
                                                                                                                                  0x031c1247
                                                                                                                                  0x031c124f
                                                                                                                                  0x00000000
                                                                                                                                  0x031c125f
                                                                                                                                  0x031c125f
                                                                                                                                  0x031c126a
                                                                                                                                  0x031c126c
                                                                                                                                  0x031c1270
                                                                                                                                  0x031c1272
                                                                                                                                  0x031c12d3
                                                                                                                                  0x031c12d3
                                                                                                                                  0x031c12d7
                                                                                                                                  0x031c12dc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1274
                                                                                                                                  0x031c1274
                                                                                                                                  0x031c1278
                                                                                                                                  0x031c127b
                                                                                                                                  0x031c12b5
                                                                                                                                  0x031c12ba
                                                                                                                                  0x031c12ba
                                                                                                                                  0x00000000
                                                                                                                                  0x031c12ba
                                                                                                                                  0x031c127d
                                                                                                                                  0x031c127e
                                                                                                                                  0x031c12ae
                                                                                                                                  0x00000000
                                                                                                                                  0x031c12ae
                                                                                                                                  0x031c1280
                                                                                                                                  0x031c1283
                                                                                                                                  0x031c12a7
                                                                                                                                  0x00000000
                                                                                                                                  0x031c12a7
                                                                                                                                  0x031c1288
                                                                                                                                  0x031c128a
                                                                                                                                  0x031c128d
                                                                                                                                  0x031c128d
                                                                                                                                  0x031c129f
                                                                                                                                  0x031c12bb
                                                                                                                                  0x031c12c3
                                                                                                                                  0x031c12cf
                                                                                                                                  0x031c12cf
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1274
                                                                                                                                  0x031c124f
                                                                                                                                  0x031c1213
                                                                                                                                  0x031c1218
                                                                                                                                  0x031c1218
                                                                                                                                  0x031c1221
                                                                                                                                  0x031c1225
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1225
                                                                                                                                  0x031c1153
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1164
                                                                                                                                  0x031c1169
                                                                                                                                  0x031c1183
                                                                                                                                  0x031c1184
                                                                                                                                  0x031c1189
                                                                                                                                  0x031c118d
                                                                                                                                  0x031c1191
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1197
                                                                                                                                  0x031c11a2
                                                                                                                                  0x031c11a9
                                                                                                                                  0x031c11ad
                                                                                                                                  0x031c11f4
                                                                                                                                  0x031c11f8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c11af
                                                                                                                                  0x031c11af
                                                                                                                                  0x031c11bf
                                                                                                                                  0x031c11c4
                                                                                                                                  0x031c11cc
                                                                                                                                  0x031c11cc
                                                                                                                                  0x031c11dd
                                                                                                                                  0x031c11e7
                                                                                                                                  0x031c11e7
                                                                                                                                  0x031c11ed
                                                                                                                                  0x031c11ee
                                                                                                                                  0x00000000
                                                                                                                                  0x031c11af
                                                                                                                                  0x031c116c
                                                                                                                                  0x031c1172
                                                                                                                                  0x031c1179
                                                                                                                                  0x031c117d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1349
                                                                                                                                  0x031c1349
                                                                                                                                  0x031c134d
                                                                                                                                  0x031c1352
                                                                                                                                  0x031c1356
                                                                                                                                  0x031c135a
                                                                                                                                  0x031c135a
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 031C1000: GlobalAlloc.KERNEL32(00000040,?,031C1030,00000001), ref: 031C1006
                                                                                                                                  • lstrlenA.KERNEL32(?,00002000), ref: 031C115C
                                                                                                                                  • SendMessageA.USER32 ref: 031C11A2
                                                                                                                                  • SendMessageA.USER32 ref: 031C11B8
                                                                                                                                  • lstrcatA.KERNEL32(00000000,031C44B8,?,00000187,00000000,00000000,?,0000018B,00000000,00000000,00002000), ref: 031C11CC
                                                                                                                                  • SendMessageA.USER32 ref: 031C11DD
                                                                                                                                  • lstrcatA.KERNEL32(00000000,00002000,?,00000189,00000000,00002000,?,00000187,00000000,00000000,?,0000018B,00000000,00000000,00002000), ref: 031C11E7
                                                                                                                                  • SendMessageA.USER32 ref: 031C1207
                                                                                                                                  • GetWindowTextA.USER32 ref: 031C123A
                                                                                                                                  • CharNextA.USER32(00000000,00002000), ref: 031C128F
                                                                                                                                  • lstrcpynA.KERNEL32(00000000,00000000,00000000), ref: 031C129F
                                                                                                                                  • CharNextA.USER32(00000000,00002000), ref: 031C12BC
                                                                                                                                  • CharNextA.USER32(00000001), ref: 031C12C5
                                                                                                                                  • SendMessageA.USER32 ref: 031C12EA
                                                                                                                                  • wsprintfA.USER32 ref: 031C12FC
                                                                                                                                  • wsprintfA.USER32 ref: 031C1314
                                                                                                                                  • WritePrivateProfileStringA.KERNEL32(Field 3,State,00000000), ref: 031C132A
                                                                                                                                  • wsprintfA.USER32 ref: 031C1372
                                                                                                                                  • WritePrivateProfileStringA.KERNEL32(Settings,State,00000000), ref: 031C138C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748522491.00000000031C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 031C0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748395968.00000000031C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748634965.00000000031C3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748656419.00000000031C4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748694802.00000000031C6000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748715226.00000000031C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_31c0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$CharNextwsprintf$PrivateProfileStringWritelstrcat$AllocGlobalTextWindowlstrcpynlstrlen
                                                                                                                                  • String ID: Field %d$Field 3$Settings$State$T
                                                                                                                                  • API String ID: 1338839387-4183222860
                                                                                                                                  • Opcode ID: 37ce5b5c1e81de61bcf4c45a41333acb3c7118ccb617826cfa345add74dfc415
                                                                                                                                  • Instruction ID: 016101b0a5e7f2f554e060aaee52ca30a2295a6399591f771234df2085c5a0eb
                                                                                                                                  • Opcode Fuzzy Hash: 37ce5b5c1e81de61bcf4c45a41333acb3c7118ccb617826cfa345add74dfc415
                                                                                                                                  • Instruction Fuzzy Hash: D7710F355A43C2BFC315EB21C848A2FBFA9EF6D705F18482CF84196207DB688491C7A2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C2732 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 122windowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  C-Code - Quality: 97%
                                                                                                                                  			E031C2732() {
				struct tagMSG _v28;
				int _v32;
				int _t22;
				int _t24;
				int _t30;
				char* _t32;
				intOrPtr _t34;
				signed int _t35;
				signed int _t46;
				signed int _t49;
				void* _t51;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t68;

				 *0x31c67c0 = SetWindowLongA( *0x31c67c8, 4, E031C19E7);
				SendMessageA( *0x31c67c8, 0x40d,  *0x31c67c4, 0);
				ShowWindow( *0x31c67c4, 8); // executed
				 *0x31c67bc = 0;
				 *0x31c6680 = 0;
				do {
					GetMessageA( &_v28, 0, 0, 0); // executed
					_t22 = IsDialogMessageA( *0x31c67c4,  &_v28); // executed
					if(_t22 == 0 && IsDialogMessageA( *0x31c67c8,  &_v28) == 0) {
						TranslateMessage( &_v28);
						DispatchMessageA( &_v28);
					}
					_t57 =  *0x31c6680; // 0x0
				} while (_t57 == 0);
				_t58 =  *0x31c67b8; // 0x0
				if(_t58 == 0) {
					E031C10DC();
				}
				SetWindowLongA( *0x31c67c8, 4,  *0x31c67c0);
				_t24 = DestroyWindow( *0x31c67c4); // executed
				if( *0x31c67fc != 0xffffffff) {
					_t35 =  *0x31c66ac; // 0x0
					asm("sbb eax, eax");
					_t24 = ShowWindow( *0x31c67cc,  ~_t35 & 0x00000008);
				}
				E031C100F(E031C100F(E031C100F(E031C100F(E031C100F(_t24,  *0x31c67dc),  *0x31c67e4),  *0x31c67e8),  *0x31c67ec),  *0x31c67f0);
				_t30 =  *0x31c680c; // 0x5
				if(_t30 == 0) {
					L18:
					E031C100F(_t30,  *0x31c6804);
					_t68 =  *0x31c67b8; // 0x0
					if(_t68 == 0) {
						__eflags =  *0x31c6684; // 0x0
						_t32 = "back";
						if(__eflags == 0) {
							_t32 = "success";
						}
					} else {
						_t32 = "cancel";
					}
					return E031C2AFB(_t32);
				} else {
					_v32 = _t30;
					_t49 = _t30 * 0x54;
					do {
						_t34 =  *0x31c6804; // 0x71c3d0
						_t49 = _t49 - 0x54;
						_t51 = _t49 + _t34;
						_t46 = 6;
						do {
							_t46 = _t46 - 1;
							_t34 = E031C100F(_t34,  *((intOrPtr*)(_t51 + _t46 * 4)));
						} while (_t46 != 0);
						if( *((intOrPtr*)(_t51 + 0x20)) == 5) {
							_t30 = DeleteObject( *(_t51 + 0x44));
						}
						if( *((intOrPtr*)(_t51 + 0x20)) == 4) {
							_t30 = DestroyIcon( *(_t51 + 0x44));
						}
						_t14 =  &_v32;
						 *_t14 = _v32 - 1;
					} while ( *_t14 != 0);
					goto L18;
				}
			}

















                                                                                                                                  0x031c2750
                                                                                                                                  0x031c2767
                                                                                                                                  0x031c277a
                                                                                                                                  0x031c2782
                                                                                                                                  0x031c2788
                                                                                                                                  0x031c278e
                                                                                                                                  0x031c2796
                                                                                                                                  0x031c27a7
                                                                                                                                  0x031c27ab
                                                                                                                                  0x031c27c3
                                                                                                                                  0x031c27ce
                                                                                                                                  0x031c27ce
                                                                                                                                  0x031c27d4
                                                                                                                                  0x031c27d4
                                                                                                                                  0x031c27dc
                                                                                                                                  0x031c27e2
                                                                                                                                  0x031c27e4
                                                                                                                                  0x031c27e4
                                                                                                                                  0x031c27f7
                                                                                                                                  0x031c27ff
                                                                                                                                  0x031c280c
                                                                                                                                  0x031c280e
                                                                                                                                  0x031c2815
                                                                                                                                  0x031c2821
                                                                                                                                  0x031c2821
                                                                                                                                  0x031c2855
                                                                                                                                  0x031c285a
                                                                                                                                  0x031c2861
                                                                                                                                  0x031c28ab
                                                                                                                                  0x031c28b1
                                                                                                                                  0x031c28b6
                                                                                                                                  0x031c28bc
                                                                                                                                  0x031c28c5
                                                                                                                                  0x031c28cb
                                                                                                                                  0x031c28d0
                                                                                                                                  0x031c28d2
                                                                                                                                  0x031c28d2
                                                                                                                                  0x031c28be
                                                                                                                                  0x031c28be
                                                                                                                                  0x031c28be
                                                                                                                                  0x031c28e4
                                                                                                                                  0x031c2863
                                                                                                                                  0x031c2865
                                                                                                                                  0x031c2869
                                                                                                                                  0x031c286c
                                                                                                                                  0x031c286c
                                                                                                                                  0x031c2871
                                                                                                                                  0x031c2876
                                                                                                                                  0x031c2879
                                                                                                                                  0x031c287a
                                                                                                                                  0x031c287a
                                                                                                                                  0x031c287e
                                                                                                                                  0x031c2883
                                                                                                                                  0x031c288b
                                                                                                                                  0x031c2890
                                                                                                                                  0x031c2890
                                                                                                                                  0x031c289a
                                                                                                                                  0x031c289f
                                                                                                                                  0x031c289f
                                                                                                                                  0x031c28a5
                                                                                                                                  0x031c28a5
                                                                                                                                  0x031c28a5
                                                                                                                                  0x00000000
                                                                                                                                  0x031c286c

                                                                                                                                  APIs
                                                                                                                                  • SetWindowLongA.USER32 ref: 031C274C
                                                                                                                                  • SendMessageA.USER32 ref: 031C2767
                                                                                                                                  • ShowWindow.USER32(00000008,0000040D,00000000), ref: 031C277A
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL ref: 031C2796
                                                                                                                                  • IsDialogMessageA.USER32(?), ref: 031C27A7
                                                                                                                                  • IsDialogMessageA.USER32(?), ref: 031C27B8
                                                                                                                                  • TranslateMessage.USER32(?), ref: 031C27C3
                                                                                                                                  • DispatchMessageA.USER32 ref: 031C27CE
                                                                                                                                  • SetWindowLongA.USER32 ref: 031C27F7
                                                                                                                                  • DestroyWindow.USER32 ref: 031C27FF
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 031C2821
                                                                                                                                  • DeleteObject.GDI32(?), ref: 031C2890
                                                                                                                                  • DestroyIcon.USER32(?,7477D2B0), ref: 031C289F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748522491.00000000031C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 031C0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748395968.00000000031C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748634965.00000000031C3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748656419.00000000031C4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748694802.00000000031C6000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748715226.00000000031C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_31c0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageWindow$DestroyDialogLongShow$CallbackDeleteDispatchDispatcherIconObjectSendTranslateUser
                                                                                                                                  • String ID: E:@$back$cancel$success
                                                                                                                                  • API String ID: 90777642-2239140673
                                                                                                                                  • Opcode ID: 6e58deb1078d3f4ba56264a4beef71a2596ae658c6e61ae142dc07d3285eae8c
                                                                                                                                  • Instruction ID: b385c7bccc3b2eac86acd01fa49e14941765e155630a011bc7732c5a5cda638c
                                                                                                                                  • Opcode Fuzzy Hash: 6e58deb1078d3f4ba56264a4beef71a2596ae658c6e61ae142dc07d3285eae8c
                                                                                                                                  • Instruction Fuzzy Hash: 35416A36530385FFCB29FF65ED4481A7FA9FB6C601B080D29E15192068CB3298A9DB31
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00402C72 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1001 402c72-402cc0 GetTickCount GetModuleFileNameA call 40583d 1004 402cc2-402cc7 1001->1004 1005 402ccc-402cfa call 405b66 call 4056a0 call 405b66 GetFileSize 1001->1005 1006 402f11-402f15 1004->1006 1013 402d00-402d17 1005->1013 1014 402dea-402df8 call 402bd3 1005->1014 1016 402d19 1013->1016 1017 402d1b-402d21 call 4031bf 1013->1017 1020 402ec9-402ece 1014->1020 1021 402dfe-402e01 1014->1021 1016->1017 1022 402d26-402d28 1017->1022 1020->1006 1023 402e03-402e14 call 4031f1 call 4031bf 1021->1023 1024 402e2d-402e79 GlobalAlloc call 405f62 call 40586c CreateFileA 1021->1024 1025 402e85-402e8d call 402bd3 1022->1025 1026 402d2e-402d34 1022->1026 1044 402e19-402e1b 1023->1044 1051 402e7b-402e80 1024->1051 1052 402e8f-402ebf call 4031f1 call 402f18 1024->1052 1025->1020 1030 402db4-402db8 1026->1030 1031 402d36-402d4e call 4057fe 1026->1031 1034 402dc1-402dc7 1030->1034 1035 402dba-402dc0 call 402bd3 1030->1035 1031->1034 1048 402d50-402d57 1031->1048 1040 402dc9-402dd7 call 405ef4 1034->1040 1041 402dda-402de4 1034->1041 1035->1034 1040->1041 1041->1013 1041->1014 1044->1020 1049 402e21-402e27 1044->1049 1048->1034 1053 402d59-402d60 1048->1053 1049->1020 1049->1024 1051->1006 1061 402ec4-402ec7 1052->1061 1053->1034 1054 402d62-402d69 1053->1054 1054->1034 1056 402d6b-402d72 1054->1056 1056->1034 1058 402d74-402d94 1056->1058 1058->1020 1060 402d9a-402d9e 1058->1060 1062 402da0-402da4 1060->1062 1063 402da6-402dae 1060->1063 1061->1020 1064 402ed0-402ee1 1061->1064 1062->1014 1062->1063 1063->1034 1065 402db0-402db2 1063->1065 1066 402ee3 1064->1066 1067 402ee9-402eee 1064->1067 1065->1034 1066->1067 1068 402eef-402ef5 1067->1068 1068->1068 1069 402ef7-402f0f call 4057fe 1068->1069 1069->1006
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E00402C72(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t57;
				void* _t62;
				signed int _t63;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				signed int _t101;
				signed int _t103;
				void* _t105;
				signed int _t106;
				signed int _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\alfons\\Desktop\\ibaAnalyzerSetup_x64_v7.3.6.exe", 0x400);
				_t105 = E0040583D("C:\\Users\\alfons\\Desktop\\ibaAnalyzerSetup_x64_v7.3.6.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405B66("C:\\Users\\alfons\\Desktop", "C:\\Users\\alfons\\Desktop\\ibaAnalyzerSetup_x64_v7.3.6.exe");
				E00405B66(0x42b000, E004056A0("C:\\Users\\alfons\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				__eflags = _t54;
				 *0x41f050 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BD3(1);
					__eflags =  *0x423eb4; // 0xdc00
					if(__eflags == 0) {
						goto L30;
					}
					__eflags = _v12;
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00405F62(0x40afb8);
						E0040586C( &_v300, "C:\\Users\\alfons\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t63 =  *0x423eb4; // 0xdc00
							_t65 = E004031F1(_t63 + 0x1c);
							 *0x41f054 = _t65;
							 *0x417048 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F18(_v16, 0xffffffff, 0, _t110, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
									__eflags =  *0x423ebc;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
									__eflags = _t101;
								} while (_t101 != 0);
								_t71 =  *0x417044; // 0x7dd9dfc
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E004057FE(0x423ec0, _t110 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031F1( *0x417040);
					_t77 = E004031BF( &_a4, 4); // executed
					__eflags = _t77;
					if(_t77 == 0) {
						goto L30;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L30;
					}
					goto L26;
				} else {
					do {
						_t79 =  *0x423eb4; // 0xdc00
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~_t79 & 0x00007e00) + 0x200;
						__eflags = _t109 - _t82;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031BF(0x417050, _t106); // executed
						__eflags = _t83;
						if(_t83 == 0) {
							E00402BD3(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423eb4; // 0xdc00
						if(__eflags != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BD3(0);
							}
							goto L19;
						}
						E004057FE( &_v40, 0x417050, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L19;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L19;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L19;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L19;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L19;
						}
						_a4 = _a4 | _t89;
						_t103 =  *0x417040; // 0x1c25d
						 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t109;
						 *0x423eb4 = _t103;
						if(_t92 > _t109) {
							goto L30;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L15:
							_v12 = _v12 + 1;
							_t109 = _t92 - 4;
							__eflags = _t106 - _t109;
							if(_t106 > _t109) {
								_t106 = _t109;
							}
							goto L19;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							goto L22;
						}
						goto L15;
						L19:
						__eflags = _t109 -  *0x41f050; // 0x1ae6b
						if(__eflags < 0) {
							_v8 = E00405EF4(_v8, 0x417050, _t106);
						}
						 *0x417040 =  *0x417040 + _t106;
						_t109 = _t109 - _t106;
						__eflags = _t109;
					} while (_t109 > 0);
					goto L22;
				}
			}

































                                                                                                                                  0x00402c80
                                                                                                                                  0x00402c83
                                                                                                                                  0x00402c9d
                                                                                                                                  0x00402ca2
                                                                                                                                  0x00402cb5
                                                                                                                                  0x00402cba
                                                                                                                                  0x00402cc0
                                                                                                                                  0x00000000
                                                                                                                                  0x00402cc2
                                                                                                                                  0x00402cd3
                                                                                                                                  0x00402ce4
                                                                                                                                  0x00402ceb
                                                                                                                                  0x00402cf1
                                                                                                                                  0x00402cf3
                                                                                                                                  0x00402cf8
                                                                                                                                  0x00402cfa
                                                                                                                                  0x00402dea
                                                                                                                                  0x00402dec
                                                                                                                                  0x00402df1
                                                                                                                                  0x00402df8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402dfe
                                                                                                                                  0x00402e01
                                                                                                                                  0x00402e2d
                                                                                                                                  0x00402e32
                                                                                                                                  0x00402e3d
                                                                                                                                  0x00402e3f
                                                                                                                                  0x00402e50
                                                                                                                                  0x00402e6b
                                                                                                                                  0x00402e71
                                                                                                                                  0x00402e74
                                                                                                                                  0x00402e79
                                                                                                                                  0x00402e8f
                                                                                                                                  0x00402e98
                                                                                                                                  0x00402ea8
                                                                                                                                  0x00402eba
                                                                                                                                  0x00402ebf
                                                                                                                                  0x00402ec4
                                                                                                                                  0x00402ec7
                                                                                                                                  0x00402ed0
                                                                                                                                  0x00402ed4
                                                                                                                                  0x00402edc
                                                                                                                                  0x00402ee1
                                                                                                                                  0x00402ee3
                                                                                                                                  0x00402ee3
                                                                                                                                  0x00402ee3
                                                                                                                                  0x00402eeb
                                                                                                                                  0x00402eeb
                                                                                                                                  0x00402eee
                                                                                                                                  0x00402eef
                                                                                                                                  0x00402eef
                                                                                                                                  0x00402ef2
                                                                                                                                  0x00402ef4
                                                                                                                                  0x00402ef4
                                                                                                                                  0x00402ef4
                                                                                                                                  0x00402ef7
                                                                                                                                  0x00402efe
                                                                                                                                  0x00402f0a
                                                                                                                                  0x00402f0f
                                                                                                                                  0x00000000
                                                                                                                                  0x00402f0f
                                                                                                                                  0x00000000
                                                                                                                                  0x00402ec7
                                                                                                                                  0x00000000
                                                                                                                                  0x00402e7b
                                                                                                                                  0x00402e09
                                                                                                                                  0x00402e14
                                                                                                                                  0x00402e19
                                                                                                                                  0x00402e1b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402e24
                                                                                                                                  0x00402e27
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402d00
                                                                                                                                  0x00402d00
                                                                                                                                  0x00402d00
                                                                                                                                  0x00402d05
                                                                                                                                  0x00402d09
                                                                                                                                  0x00402d10
                                                                                                                                  0x00402d15
                                                                                                                                  0x00402d17
                                                                                                                                  0x00402d19
                                                                                                                                  0x00402d19
                                                                                                                                  0x00402d21
                                                                                                                                  0x00402d26
                                                                                                                                  0x00402d28
                                                                                                                                  0x00402e87
                                                                                                                                  0x00402ec9
                                                                                                                                  0x00000000
                                                                                                                                  0x00402ec9
                                                                                                                                  0x00402d2e
                                                                                                                                  0x00402d34
                                                                                                                                  0x00402db4
                                                                                                                                  0x00402db8
                                                                                                                                  0x00402dbb
                                                                                                                                  0x00402dc0
                                                                                                                                  0x00000000
                                                                                                                                  0x00402db8
                                                                                                                                  0x00402d41
                                                                                                                                  0x00402d46
                                                                                                                                  0x00402d49
                                                                                                                                  0x00402d4e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402d50
                                                                                                                                  0x00402d57
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402d59
                                                                                                                                  0x00402d60
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402d62
                                                                                                                                  0x00402d69
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402d6b
                                                                                                                                  0x00402d72
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402d74
                                                                                                                                  0x00402d7a
                                                                                                                                  0x00402d83
                                                                                                                                  0x00402d89
                                                                                                                                  0x00402d8c
                                                                                                                                  0x00402d8e
                                                                                                                                  0x00402d94
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402d9a
                                                                                                                                  0x00402d9e
                                                                                                                                  0x00402da6
                                                                                                                                  0x00402da6
                                                                                                                                  0x00402da9
                                                                                                                                  0x00402dac
                                                                                                                                  0x00402dae
                                                                                                                                  0x00402db0
                                                                                                                                  0x00402db0
                                                                                                                                  0x00000000
                                                                                                                                  0x00402dae
                                                                                                                                  0x00402da0
                                                                                                                                  0x00402da4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402dc1
                                                                                                                                  0x00402dc1
                                                                                                                                  0x00402dc7
                                                                                                                                  0x00402dd7
                                                                                                                                  0x00402dd7
                                                                                                                                  0x00402dda
                                                                                                                                  0x00402de0
                                                                                                                                  0x00402de2
                                                                                                                                  0x00402de2
                                                                                                                                  0x00000000
                                                                                                                                  0x00402d00

                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402C86
                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe,00000400), ref: 00402CA2
                                                                                                                                    • Part of subcall function 0040583D: GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe,80000000,00000003), ref: 00405841
                                                                                                                                    • Part of subcall function 0040583D: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe,C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe,80000000,00000003), ref: 00402CEB
                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E32
                                                                                                                                  Strings
                                                                                                                                  • Null, xrefs: 00402D6B
                                                                                                                                  • C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe, xrefs: 00402C8C, 00402C9B, 00402CAF, 00402CCC
                                                                                                                                  • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E7B
                                                                                                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EC9
                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C72, 00402E4A
                                                                                                                                  • C:\Users\user\Desktop, xrefs: 00402CCD, 00402CD2, 00402CD8
                                                                                                                                  • "C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" , xrefs: 00402C7F
                                                                                                                                  • soft, xrefs: 00402D62
                                                                                                                                  • Inst, xrefs: 00402D59
                                                                                                                                  • Error launching installer, xrefs: 00402CC2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                  • String ID: "C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                  • API String ID: 2803837635-2736019978
                                                                                                                                  • Opcode ID: 0cdd48fbc5a4d5c8723b79192c8575744a8c62d839b7521bcc62a74243bb106d
                                                                                                                                  • Instruction ID: 0b72a330c31c6d4d52753dad6a5c3012229d4666e6dae103a7747cbc92612fb8
                                                                                                                                  • Opcode Fuzzy Hash: 0cdd48fbc5a4d5c8723b79192c8575744a8c62d839b7521bcc62a74243bb106d
                                                                                                                                  • Instruction Fuzzy Hash: B761E231A40215ABDB20DF64DE49B9E7BB4EB04315F20407BF904B62D2D7BC9E458B9C
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AC580 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 113librarysynchronizationloaderCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032AC580() {
				struct _SECURITY_DESCRIPTOR _v20;
				struct _SECURITY_ATTRIBUTES _v32;
				char _v36;
				struct HINSTANCE__* _t18;
				_Unknown_base(*)()* _t20;
				intOrPtr _t26;
				intOrPtr _t34;
				void* _t53;
				void* _t54;

				 *0x32f0bcc = 0;
				 *0x32f0bdc = 0;
				 *0x32f0be0 = 0;
				 *0x32f0008 = 0; // executed
				_t18 = LoadLibraryA("setupapi.dll"); // executed
				 *0x32f0bf0 = _t18;
				if(_t18 == 0) {
					 *0x32f0008 = 0;
					return 0xbb;
				} else {
					_t20 = GetProcAddress(_t18, "SetupDiOpenClassRegKeyExA");
					 *0x32f0008 = _t20;
					if(_t20 != 0) {
						InitializeSecurityDescriptor( &_v20, 1);
						SetSecurityDescriptorDacl( &_v20, 1, 0, 0);
						_v32.nLength = 0xc;
						_v32.lpSecurityDescriptor =  &_v20;
						_v32.bInheritHandle = 0;
						_t53 = CreateEventA( &_v32, 1, 0, 0);
						_t26 = E032C7751( &_v32,  &_v32, 0, E032AC560, _t53, 0, 0x32f0bd0); // executed
						 *0x32f0bd4 = _t26;
						WaitForSingleObject(_t53, 0xffffffff);
						CloseHandle(_t53); // executed
						InitializeSecurityDescriptor( &_v20, 1);
						SetSecurityDescriptorDacl( &_v20, 1, 0, 0);
						_v32.nLength = 0xc;
						_v32.lpSecurityDescriptor =  &_v20;
						_v32.bInheritHandle = 0;
						_t54 = CreateEventA( &_v32, 1, 0, 0);
						_t34 = E032C7751( &_v32,  &_v32, 0, E032A7430, _t54, 0,  &_v36); // executed
						 *0x32f0bd8 = _t34;
						WaitForSingleObject(_t54, 0xffffffff);
						CloseHandle(_t54);
						return 0;
					} else {
						return 0xbb;
					}
				}
			}












                                                                                                                                  0x032ac58b
                                                                                                                                  0x032ac591
                                                                                                                                  0x032ac597
                                                                                                                                  0x032ac59d
                                                                                                                                  0x032ac5a3
                                                                                                                                  0x032ac5ab
                                                                                                                                  0x032ac5b0
                                                                                                                                  0x032ac5d1
                                                                                                                                  0x032ac5e0
                                                                                                                                  0x032ac5b2
                                                                                                                                  0x032ac5b8
                                                                                                                                  0x032ac5c0
                                                                                                                                  0x032ac5c5
                                                                                                                                  0x032ac5f1
                                                                                                                                  0x032ac602
                                                                                                                                  0x032ac617
                                                                                                                                  0x032ac61f
                                                                                                                                  0x032ac623
                                                                                                                                  0x032ac630
                                                                                                                                  0x032ac63f
                                                                                                                                  0x032ac64a
                                                                                                                                  0x032ac64f
                                                                                                                                  0x032ac656
                                                                                                                                  0x032ac663
                                                                                                                                  0x032ac670
                                                                                                                                  0x032ac681
                                                                                                                                  0x032ac689
                                                                                                                                  0x032ac68d
                                                                                                                                  0x032ac697
                                                                                                                                  0x032ac6ad
                                                                                                                                  0x032ac6b8
                                                                                                                                  0x032ac6bd
                                                                                                                                  0x032ac6c4
                                                                                                                                  0x032ac6d3
                                                                                                                                  0x032ac5c7
                                                                                                                                  0x032ac5d0
                                                                                                                                  0x032ac5d0
                                                                                                                                  0x032ac5c5

                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNELBASE(setupapi.dll), ref: 032AC5A3
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetupDiOpenClassRegKeyExA), ref: 032AC5B8
                                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 032AC5F1
                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 032AC602
                                                                                                                                  • CreateEventA.KERNEL32 ref: 032AC627
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00000000), ref: 032AC64F
                                                                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 032AC656
                                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 032AC663
                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 032AC670
                                                                                                                                  • CreateEventA.KERNEL32 ref: 032AC695
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,00000001,00000000,00000000), ref: 032AC6BD
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000001,00000000,00000000), ref: 032AC6C4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DescriptorSecurity$CloseCreateDaclEventHandleInitializeObjectSingleWait$AddressLibraryLoadProc
                                                                                                                                  • String ID: SetupDiOpenClassRegKeyExA$setupapi.dll
                                                                                                                                  • API String ID: 1764040151-2192552038
                                                                                                                                  • Opcode ID: a36357b4e1549697fcf20fdb60bb6c63024978dbbc9d2cc2da4b20b89690bab3
                                                                                                                                  • Instruction ID: efc5b2d991d6be64ce42876f8cc2029bde4e45d05bb76670dbd53094b8601df9
                                                                                                                                  • Opcode Fuzzy Hash: a36357b4e1549697fcf20fdb60bb6c63024978dbbc9d2cc2da4b20b89690bab3
                                                                                                                                  • Instruction Fuzzy Hash: 4531E271915320AFD300EB69EC49F8B7BE8FB48B28F408619F248E6180D7B0D240CB96
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00401734 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1211 401734-401757 call 4029f6 call 4056c6 1216 401761-401773 call 405b66 call 405659 lstrcatA 1211->1216 1217 401759-40175f call 405b66 1211->1217 1223 401778-40177e call 405dc8 1216->1223 1217->1223 1227 401783-401787 1223->1227 1228 401789-401793 call 405e61 1227->1228 1229 4017ba-4017bd 1227->1229 1237 4017a5-4017b7 1228->1237 1238 401795-4017a3 CompareFileTime 1228->1238 1231 4017c5-4017e1 call 40583d 1229->1231 1232 4017bf-4017c0 call 40581e 1229->1232 1239 4017e3-4017e6 1231->1239 1240 401859-401882 call 404f04 call 402f18 1231->1240 1232->1231 1237->1229 1238->1237 1241 4017e8-40182a call 405b66 * 2 call 405b88 call 405b66 call 405427 1239->1241 1242 40183b-401845 call 404f04 1239->1242 1254 401884-401888 1240->1254 1255 40188a-401896 SetFileTime 1240->1255 1241->1227 1275 401830-401831 1241->1275 1252 40184e-401854 1242->1252 1256 402894 1252->1256 1254->1255 1258 40189c-4018a7 FindCloseChangeNotification 1254->1258 1255->1258 1259 402896-40289a 1256->1259 1261 40288b-40288e 1258->1261 1262 4018ad-4018b0 1258->1262 1261->1256 1264 4018b2-4018c3 call 405b88 lstrcatA 1262->1264 1265 4018c5-4018c8 call 405b88 1262->1265 1270 4018cd-402213 call 405427 1264->1270 1265->1270 1270->1259 1275->1252 1277 401833-401834 1275->1277 1277->1242
                                                                                                                                  C-Code - Quality: 75%
                                                                                                                                  			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004056C6(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405659(E00405B66(0x409b70, "C:\\Program Files\\iba\\ibaAnalyzer\\Plugins")), ??);
				} else {
					_push(0x409b70);
					E00405B66();
				}
				E00405DC8(0x409b70);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E61(0x409b70);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040581E(0x409b70);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040583D(0x409b70, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404F04(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405B66(0x40a370, 0x424000);
						E00405B66(0x424000, 0x409b70);
						E00405B88(_t75, 0x40a370, 0x409b70, "C:\Program Files\iba\ibaAnalyzer\Plugins",  *((intOrPtr*)(_t85 - 0x10)));
						E00405B66(0x424000, 0x40a370);
						_t62 = E00405427("C:\Program Files\iba\ibaAnalyzer\Plugins",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b70);
								_push(0xfffffffa);
								E00404F04();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404F04(0xffffffea,  *(_t85 - 8)); // executed
				 *0x423f54 =  *0x423f54 + 1;
				_t43 = E00402F18(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffee);
					} else {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffe9);
						lstrcatA(0x409b70,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b70);
					E00405427();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                                  0x00401734
                                                                                                                                  0x0040173b
                                                                                                                                  0x00401744
                                                                                                                                  0x00401747
                                                                                                                                  0x0040174a
                                                                                                                                  0x0040174f
                                                                                                                                  0x00401757
                                                                                                                                  0x00401773
                                                                                                                                  0x00401759
                                                                                                                                  0x00401759
                                                                                                                                  0x0040175a
                                                                                                                                  0x0040175a
                                                                                                                                  0x00401779
                                                                                                                                  0x00401783
                                                                                                                                  0x00401783
                                                                                                                                  0x00401787
                                                                                                                                  0x0040178a
                                                                                                                                  0x0040178f
                                                                                                                                  0x00401791
                                                                                                                                  0x00401793
                                                                                                                                  0x00401798
                                                                                                                                  0x00401798
                                                                                                                                  0x004017a3
                                                                                                                                  0x004017a3
                                                                                                                                  0x004017b4
                                                                                                                                  0x004017b6
                                                                                                                                  0x004017b6
                                                                                                                                  0x004017b7
                                                                                                                                  0x004017b7
                                                                                                                                  0x004017ba
                                                                                                                                  0x004017bd
                                                                                                                                  0x004017c0
                                                                                                                                  0x004017c0
                                                                                                                                  0x004017c7
                                                                                                                                  0x004017d6
                                                                                                                                  0x004017db
                                                                                                                                  0x004017de
                                                                                                                                  0x004017e1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004017e3
                                                                                                                                  0x004017e6
                                                                                                                                  0x00401840
                                                                                                                                  0x00401845
                                                                                                                                  0x004015a8
                                                                                                                                  0x0040265c
                                                                                                                                  0x0040265c
                                                                                                                                  0x0040288b
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040288e
                                                                                                                                  0x00000000
                                                                                                                                  0x004017e8
                                                                                                                                  0x004017ee
                                                                                                                                  0x004017f9
                                                                                                                                  0x00401806
                                                                                                                                  0x00401811
                                                                                                                                  0x00401827
                                                                                                                                  0x00401827
                                                                                                                                  0x0040182a
                                                                                                                                  0x00000000
                                                                                                                                  0x00401830
                                                                                                                                  0x00401830
                                                                                                                                  0x00401831
                                                                                                                                  0x0040184e
                                                                                                                                  0x00402894
                                                                                                                                  0x00402894
                                                                                                                                  0x00402894
                                                                                                                                  0x00401833
                                                                                                                                  0x00401833
                                                                                                                                  0x00401834
                                                                                                                                  0x00401492
                                                                                                                                  0x0040220e
                                                                                                                                  0x0040220e
                                                                                                                                  0x0040220e
                                                                                                                                  0x00401831
                                                                                                                                  0x0040182a
                                                                                                                                  0x00402896
                                                                                                                                  0x0040289a
                                                                                                                                  0x0040289a
                                                                                                                                  0x0040185e
                                                                                                                                  0x00401863
                                                                                                                                  0x00401871
                                                                                                                                  0x00401876
                                                                                                                                  0x0040187c
                                                                                                                                  0x00401880
                                                                                                                                  0x00401882
                                                                                                                                  0x0040188a
                                                                                                                                  0x00401896
                                                                                                                                  0x00401884
                                                                                                                                  0x00401884
                                                                                                                                  0x00401888
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00401888
                                                                                                                                  0x0040189f
                                                                                                                                  0x004018a5
                                                                                                                                  0x004018a7
                                                                                                                                  0x00000000
                                                                                                                                  0x004018ad
                                                                                                                                  0x004018ad
                                                                                                                                  0x004018b0
                                                                                                                                  0x004018c8
                                                                                                                                  0x004018b2
                                                                                                                                  0x004018b5
                                                                                                                                  0x004018be
                                                                                                                                  0x004018be
                                                                                                                                  0x004018cd
                                                                                                                                  0x004018d2
                                                                                                                                  0x00402209
                                                                                                                                  0x00000000
                                                                                                                                  0x00402209
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • lstrcatA.KERNEL32(00000000,00000000,"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",C:\Program Files\iba\ibaAnalyzer\Plugins,00000000,00000000,00000031), ref: 00401773
                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx","C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",C:\Program Files\iba\ibaAnalyzer\Plugins,00000000,00000000,00000031), ref: 0040179D
                                                                                                                                    • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,ibaAnalyzer v7.3.6 (x64) Setup,NSIS Error), ref: 00405B73
                                                                                                                                    • Part of subcall function 00404F04: lstrlenA.KERNEL32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                    • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                    • Part of subcall function 00404F04: lstrcatA.KERNEL32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00402C4A,00402C4A,Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000), ref: 00404F60
                                                                                                                                    • Part of subcall function 00404F04: SetWindowTextA.USER32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx"), ref: 00404F72
                                                                                                                                    • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404F98
                                                                                                                                    • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FB2
                                                                                                                                    • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FC0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                  • String ID: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx"$C:\Program Files\iba\ibaAnalyzer\Plugins$C:\Program Files\iba\ibaAnalyzer\Plugins
                                                                                                                                  • API String ID: 1941528284-2173934132
                                                                                                                                  • Opcode ID: c50c07e9c34bb8d8f3066d7714e9e00841c620ef4e08def9809282e1cb43631e
                                                                                                                                  • Instruction ID: ca24b6133afb507e547736dc5ab02d451b7f1a2d30e0a517c5ad6537af4b780a
                                                                                                                                  • Opcode Fuzzy Hash: c50c07e9c34bb8d8f3066d7714e9e00841c620ef4e08def9809282e1cb43631e
                                                                                                                                  • Instruction Fuzzy Hash: 8441C131900515BBCB10BFB5DD46EAF3A79EF01369B24433BF511B11E1D63C9A418AAD
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00404F04 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00404F04(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423684; // 0x2103b0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f54; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405B88(0, _t39, 0x41fc78, 0x41fc78, _a4);
					}
					_t26 = lstrlenA(0x41fc78);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc78); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc78;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc78)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc78, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                                  0x00404f0a
                                                                                                                                  0x00404f16
                                                                                                                                  0x00404f19
                                                                                                                                  0x00404f1f
                                                                                                                                  0x00404f2b
                                                                                                                                  0x00404f2e
                                                                                                                                  0x00404f31
                                                                                                                                  0x00404f37
                                                                                                                                  0x00404f37
                                                                                                                                  0x00404f3d
                                                                                                                                  0x00404f45
                                                                                                                                  0x00404f48
                                                                                                                                  0x00404f65
                                                                                                                                  0x00404f69
                                                                                                                                  0x00404f72
                                                                                                                                  0x00404f72
                                                                                                                                  0x00404f7c
                                                                                                                                  0x00404f85
                                                                                                                                  0x00404f91
                                                                                                                                  0x00404f98
                                                                                                                                  0x00404f9c
                                                                                                                                  0x00404f9f
                                                                                                                                  0x00404fb2
                                                                                                                                  0x00404fc0
                                                                                                                                  0x00404fc0
                                                                                                                                  0x00404fc4
                                                                                                                                  0x00404fc6
                                                                                                                                  0x00404fc9
                                                                                                                                  0x00000000
                                                                                                                                  0x00404fc9
                                                                                                                                  0x00404f4a
                                                                                                                                  0x00404f52
                                                                                                                                  0x00404f5a
                                                                                                                                  0x00404f60
                                                                                                                                  0x00000000
                                                                                                                                  0x00404f60
                                                                                                                                  0x00404f5a
                                                                                                                                  0x00404f48
                                                                                                                                  0x00404fd3

                                                                                                                                  APIs
                                                                                                                                  • lstrlenA.KERNEL32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                  • lstrlenA.KERNEL32(00402C4A,Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                  • lstrcatA.KERNEL32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00402C4A,00402C4A,Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000), ref: 00404F60
                                                                                                                                  • SetWindowTextA.USER32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx"), ref: 00404F72
                                                                                                                                  • SendMessageA.USER32 ref: 00404F98
                                                                                                                                  • SendMessageA.USER32 ref: 00404FB2
                                                                                                                                  • SendMessageA.USER32 ref: 00404FC0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                  • String ID: Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx"
                                                                                                                                  • API String ID: 2531174081-2479212178
                                                                                                                                  • Opcode ID: c16ae44753e0492e8ebf0dec6d4426dfb74cf51d03073e062323e975129af71d
                                                                                                                                  • Instruction ID: 33d69ec58002f5e3cec48cf4aa7ac502a1da6879986bf9ca4026f821734cd723
                                                                                                                                  • Opcode Fuzzy Hash: c16ae44753e0492e8ebf0dec6d4426dfb74cf51d03073e062323e975129af71d
                                                                                                                                  • Instruction Fuzzy Hash: C4219D71A00108BBDF119FA5CD849DEBFB9EB49354F14807AFA04B6290C3389E45CBA8
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C19E7 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031C19E7(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				intOrPtr _v8;
				char _v1032;
				intOrPtr _t28;
				long _t30;
				intOrPtr _t37;
				intOrPtr _t38;
				intOrPtr _t39;
				long _t41;
				void* _t42;
				void* _t45;
				void* _t46;
				void* _t52;

				if(_a8 != 0x408 || _a12 != 1) {
					L11:
					_t41 = CallWindowProcA( *0x31c67c0, _a4, _a8, _a12, _a16);
					if(_a8 == 0x408 && _t41 == 0) {
						if(_a12 == 0xffffffff) {
							 *0x31c6684 =  *0x31c6684 + 1;
						}
						if(_a12 == 0x78) {
							 *0x31c67b8 =  *0x31c67b8 + 1;
						}
						 *0x31c6680 =  *0x31c6680 + 1;
						PostMessageA( *0x31c67c4, 0x10, 0, 0); // executed
					}
					return _t41;
				} else {
					_t37 = 0;
					_t45 =  *0x31c67bc - _t37; // 0x0
					if(_t45 != 0) {
						L10:
						E031C10DC();
						 *0x31c67bc =  *0x31c67bc & 0x00000000;
						goto L11;
					}
					_t46 =  *0x31c680c - _t37; // 0x5
					_v8 = 0;
					if(_t46 <= 0) {
						goto L10;
					} else {
						goto L4;
					}
					do {
						L4:
						_t28 =  *0x31c6804; // 0x71c3d0
						_t42 = _t37 + _t28;
						if( *((intOrPtr*)(_t42 + 0x20)) < 0xc) {
							goto L9;
						}
						_t30 = SendMessageA( *(_t42 + 0x38), 0xe, 0, 0);
						_t38 =  *((intOrPtr*)(_t42 + 0x1c));
						if(_t38 <= 0 || _t30 <= _t38) {
							_t39 =  *((intOrPtr*)(_t42 + 0x18));
							if(_t39 <= 0 || _t30 >= _t39) {
								goto L9;
							} else {
								goto L20;
							}
						} else {
							L20:
							if( *(_t42 + 0x14) != 0) {
								GetWindowTextA( *0x31c67c8,  &_v1032, 0x400);
								MessageBoxA( *0x31c67c4,  *(_t42 + 0x14),  &_v1032, 0x30);
							}
							E031C1071( *(_t42 + 0x38));
							return 0;
						}
						L9:
						_v8 = _v8 + 1;
						_t37 = _t37 + 0x54;
						_t52 = _v8 -  *0x31c680c; // 0x5
					} while (_t52 < 0);
					goto L10;
				}
			}















                                                                                                                                  0x031c19fb
                                                                                                                                  0x031c1a6b
                                                                                                                                  0x031c1a86
                                                                                                                                  0x031c1a88
                                                                                                                                  0x031c1a92
                                                                                                                                  0x031c1a94
                                                                                                                                  0x031c1a94
                                                                                                                                  0x031c1a9e
                                                                                                                                  0x031c1aa0
                                                                                                                                  0x031c1aa0
                                                                                                                                  0x031c1aa6
                                                                                                                                  0x031c1ab8
                                                                                                                                  0x031c1ab8
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1a03
                                                                                                                                  0x031c1a03
                                                                                                                                  0x031c1a05
                                                                                                                                  0x031c1a0b
                                                                                                                                  0x031c1a5f
                                                                                                                                  0x031c1a5f
                                                                                                                                  0x031c1a64
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1a64
                                                                                                                                  0x031c1a0d
                                                                                                                                  0x031c1a13
                                                                                                                                  0x031c1a16
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1a18
                                                                                                                                  0x031c1a18
                                                                                                                                  0x031c1a18
                                                                                                                                  0x031c1a1d
                                                                                                                                  0x031c1a24
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1a2f
                                                                                                                                  0x031c1a34
                                                                                                                                  0x031c1a39
                                                                                                                                  0x031c1a43
                                                                                                                                  0x031c1a48
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1ac7
                                                                                                                                  0x031c1ac7
                                                                                                                                  0x031c1acb
                                                                                                                                  0x031c1adf
                                                                                                                                  0x031c1af7
                                                                                                                                  0x031c1af7
                                                                                                                                  0x031c1b00
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1b05
                                                                                                                                  0x031c1a4e
                                                                                                                                  0x031c1a4e
                                                                                                                                  0x031c1a51
                                                                                                                                  0x031c1a57
                                                                                                                                  0x031c1a57
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1a18

                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748522491.00000000031C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 031C0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748395968.00000000031C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748634965.00000000031C3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748656419.00000000031C4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748694802.00000000031C6000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748715226.00000000031C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_31c0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$Window$CallPostProcSendText
                                                                                                                                  • String ID: E:@$x
                                                                                                                                  • API String ID: 630778482-369864073
                                                                                                                                  • Opcode ID: 32287482bc2869e3ae25991eadd093982d44240148089ffcff5cd95bae3cad67
                                                                                                                                  • Instruction ID: c54c52176d1152bf5b3ca5e184be67b9afd33d178c2dfbecf34884317045dcd6
                                                                                                                                  • Opcode Fuzzy Hash: 32287482bc2869e3ae25991eadd093982d44240148089ffcff5cd95bae3cad67
                                                                                                                                  • Instruction Fuzzy Hash: A53186352A0285FBCB28EF51DD40B69BBB6FB5C701F18983DE60295096C371D995CF60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10001D3B Relevance: 11.7, APIs: 9, Instructions: 464stringmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 95%
                                                                                                                                  			E10001D3B() {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				CHAR* _v44;
				intOrPtr _v48;
				void* _v52;
				CHAR* _t180;
				void* _t182;
				signed int _t183;
				void* _t186;
				void* _t188;
				CHAR* _t190;
				void* _t198;
				struct HINSTANCE__* _t199;
				_Unknown_base(*)()* _t200;
				_Unknown_base(*)()* _t202;
				struct HINSTANCE__* _t203;
				void* _t205;
				char* _t206;
				_Unknown_base(*)()* _t207;
				void* _t218;
				signed char _t219;
				void* _t224;
				struct HINSTANCE__* _t226;
				void* _t227;
				void* _t228;
				void* _t232;
				void* _t235;
				void* _t237;
				void* _t244;
				void* _t245;
				void* _t248;
				struct HINSTANCE__* _t253;
				CHAR* _t254;
				signed char _t257;
				void _t258;
				void* _t259;
				void* _t266;
				void* _t267;
				void* _t271;
				void* _t272;
				void* _t276;
				void* _t277;
				void* _t278;
				void* _t279;
				signed char _t282;
				signed int _t283;
				CHAR* _t284;
				CHAR* _t286;
				struct HINSTANCE__* _t288;
				void* _t290;
				void* _t291;

				_t253 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v12 = 0;
				_v40 = 0;
				_t291 = 0;
				_t180 = E10001541();
				_v24 = _t180;
				_v28 = _t180;
				_v44 = E10001541();
				_t182 = E10001561();
				_v52 = _t182;
				_v8 = _t182;
				while(1) {
					_t183 = _v32;
					_t283 = 3;
					_v48 = _t183;
					if(_t183 != _t253 && _t291 == _t253) {
						break;
					}
					_t282 =  *_v8;
					_t257 = _t282;
					_t186 = _t257 - _t253;
					if(_t186 == 0) {
						_t29 =  &_v32;
						 *_t29 = _v32 | 0xffffffff;
						__eflags =  *_t29;
						L13:
						_t188 = _v48 - _t253;
						if(_t188 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t291 - _t253;
							if(_t291 == _t253) {
								_t224 = GlobalAlloc(0x40, 0x14a4); // executed
								_t291 = _t224;
								 *(_t291 + 0x810) = _t253;
								 *(_t291 + 0x814) = _t253;
							}
							_t258 = _v36;
							_t39 = _t291 + 8; // 0x8
							_t190 = _t39;
							_t40 = _t291 + 0x408; // 0x408
							_t284 = _t40;
							 *_t291 = _t258;
							 *_t190 =  *_t190 & 0x00000000;
							 *(_t291 + 0x808) = _t253;
							 *_t284 =  *_t284 & 0x00000000;
							_t259 = _t258 - _t253;
							__eflags = _t259;
							 *(_t291 + 0x80c) = _t253;
							 *(_t291 + 4) = _t253;
							if(_t259 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L56;
								}
								_t290 = 0;
								GlobalFree(_t291);
								_t291 = E10001641(_v24);
								__eflags = _t291 - _t253;
								if(_t291 == _t253) {
									goto L56;
								} else {
									goto L28;
								}
								while(1) {
									L28:
									_t218 =  *(_t291 + 0x14a0);
									__eflags = _t218 - _t253;
									if(_t218 == _t253) {
										break;
									}
									_t290 = _t291;
									_t291 = _t218;
									__eflags = _t291 - _t253;
									if(_t291 != _t253) {
										continue;
									}
									break;
								}
								__eflags = _t290 - _t253;
								if(_t290 != _t253) {
									 *(_t290 + 0x14a0) = _t253;
								}
								_t219 =  *(_t291 + 0x810);
								__eflags = _t219 & 0x00000008;
								if((_t219 & 0x00000008) == 0) {
									 *(_t291 + 0x810) = _t219 | 0x00000002;
								} else {
									_t291 = E1000187C(_t291);
									 *(_t291 + 0x810) =  *(_t291 + 0x810) & 0xfffffff5;
								}
								goto L56;
							} else {
								_t266 = _t259 - 1;
								__eflags = _t266;
								if(_t266 == 0) {
									L24:
									lstrcpyA(_t190, _v44);
									L25:
									lstrcpyA(_t284, _v24);
									L56:
									_v28 = _v24;
									L57:
									_v8 = _v8 + 1;
									if(_v32 != 0xffffffff) {
										continue;
									}
									break;
								}
								_t267 = _t266 - 1;
								__eflags = _t267;
								if(_t267 == 0) {
									goto L25;
								}
								__eflags = _t267 != 1;
								if(_t267 != 1) {
									goto L56;
								}
								goto L24;
							}
						}
						if(_t188 == 1) {
							_t226 = _v16;
							if(_v40 == _t253) {
								_t226 = _t226 - 1;
							}
							 *(_t291 + 0x814) = _t226;
						}
						goto L56;
					}
					_t227 = _t186 - 0x23;
					if(_t227 == 0) {
						_v32 = _t253;
						_v36 = _t253;
						goto L13;
					}
					_t228 = _t227 - 5;
					if(_t228 == 0) {
						__eflags = _v36 - _t283;
						_v32 = 1;
						_v12 = _t253;
						_v20 = _t253;
						_v16 = (0 | _v36 == _t283) + 1;
						_v40 = _t253;
						goto L13;
					}
					_t232 = _t228 - 1;
					if(_t232 == 0) {
						_v32 = 2;
						_v12 = _t253;
						_v20 = _t253;
						goto L13;
					}
					if(_t232 != 0x16) {
						_t235 = _v32 - _t253;
						__eflags = _t235;
						if(_t235 == 0) {
							__eflags = _t282 - 0x2a;
							if(_t282 == 0x2a) {
								_v36 = 2;
								L55:
								_t253 = 0;
								__eflags = 0;
								goto L56;
							}
							__eflags = _t282 - 0x2d;
							if(_t282 == 0x2d) {
								L124:
								_t237 = _v8 + 1;
								__eflags =  *_t237 - 0x3e;
								if( *_t237 != 0x3e) {
									L126:
									_t237 = _v8 + 1;
									__eflags =  *_t237 - 0x3a;
									if( *_t237 != 0x3a) {
										L133:
										_v28 =  &(_v28[1]);
										 *_v28 = _t282;
										goto L57;
									}
									__eflags = _t282 - 0x2d;
									if(_t282 == 0x2d) {
										goto L133;
									}
									_v36 = 1;
									L129:
									_v8 = _t237;
									__eflags = _v28 - _v24;
									if(_v28 <= _v24) {
										 *_v44 =  *_v44 & 0x00000000;
									} else {
										 *_v28 =  *_v28 & 0x00000000;
										lstrcpyA(_v44, _v24);
									}
									goto L55;
								}
								_v36 = _t283;
								goto L129;
							}
							__eflags = _t282 - 0x3a;
							if(_t282 != 0x3a) {
								goto L133;
							}
							__eflags = _t282 - 0x2d;
							if(_t282 != 0x2d) {
								goto L126;
							}
							goto L124;
						}
						_t244 = _t235 - 1;
						__eflags = _t244;
						if(_t244 == 0) {
							L68:
							_t245 = _t257 - 0x22;
							__eflags = _t245 - 0x55;
							if(_t245 > 0x55) {
								goto L55;
							}
							switch( *((intOrPtr*)(( *(_t245 + 0x100023a0) & 0x000000ff) * 4 +  &M10002344))) {
								case 0:
									__eax = _v24;
									__edi = _v8;
									while(1) {
										__edi = __edi + 1;
										_v8 = __edi;
										__cl =  *__edi;
										__eflags = __cl - __dl;
										if(__cl != __dl) {
											goto L108;
										}
										L107:
										__eflags =  *(__edi + 1) - __dl;
										if( *(__edi + 1) != __dl) {
											L112:
											 *__eax =  *__eax & 0x00000000;
											__ebx = E10001550(_v24);
											goto L84;
										}
										L108:
										__eflags = __cl;
										if(__cl == 0) {
											goto L112;
										}
										__eflags = __cl - __dl;
										if(__cl == __dl) {
											__edi = __edi + 1;
											__eflags = __edi;
										}
										__cl =  *__edi;
										 *__eax =  *__edi;
										__eax = __eax + 1;
										__edi = __edi + 1;
										_v8 = __edi;
										__cl =  *__edi;
										__eflags = __cl - __dl;
										if(__cl != __dl) {
											goto L108;
										}
										goto L107;
									}
								case 1:
									_v12 = 1;
									goto L55;
								case 2:
									_v12 = _v12 | 0xffffffff;
									goto L55;
								case 3:
									_v12 = _v12 & 0x00000000;
									_v20 = _v20 & 0x00000000;
									_v16 = _v16 + 1;
									goto L73;
								case 4:
									__eflags = _v20;
									if(_v20 != 0) {
										goto L55;
									}
									_v8 = _v8 - 1;
									__ebx = E10001541();
									 &_v8 = E10001CD9( &_v8);
									__eax = E1000176C(__edx, __eax, __edx, __ebx);
									goto L84;
								case 5:
									L92:
									_v20 = _v20 + 1;
									goto L55;
								case 6:
									_push(0x19);
									goto L119;
								case 7:
									_push(0x15);
									goto L119;
								case 8:
									_push(0x16);
									goto L119;
								case 9:
									_push(0x18);
									goto L119;
								case 0xa:
									_push(5);
									goto L99;
								case 0xb:
									__eax = 0;
									__eax = 1;
									goto L78;
								case 0xc:
									_push(6);
									goto L99;
								case 0xd:
									_push(2);
									goto L99;
								case 0xe:
									_push(3);
									goto L99;
								case 0xf:
									_push(0x17);
									L119:
									_pop(__ebx);
									goto L85;
								case 0x10:
									__eax =  &_v8;
									__eax = E10001CD9( &_v8);
									__ebx = __eax;
									__ebx = __eax + 1;
									__eflags = __ebx - 0xb;
									if(__ebx < 0xb) {
										__ebx = __ebx + 0xa;
									}
									goto L84;
								case 0x11:
									__ebx = 0xffffffff;
									goto L85;
								case 0x12:
									__eax = 0;
									__eflags = 0;
									goto L78;
								case 0x13:
									_push(4);
									L99:
									_pop(__eax);
									L78:
									__edx = _v16;
									__ecx = 0;
									__edx = _v16 << 5;
									__ecx = 1;
									__eflags = _v12 - 0xffffffff;
									__edi = (_v16 << 5) + __esi;
									_v40 = 1;
									 *(__edi + 0x818) = __eax;
									if(_v12 == 0xffffffff) {
										L80:
										__eax = __ecx;
										L81:
										__eflags = _v12 - __ecx;
										 *(__edi + 0x828) = __eax;
										if(_v12 == __ecx) {
											__eax =  &_v8;
											__eax = E10001CD9( &_v8);
											__eax = __eax + 1;
											__eflags = __eax;
											_v12 = __eax;
										}
										__eax = _v12;
										 *((intOrPtr*)(__edi + 0x81c)) = _v12;
										_t126 = _v16 + 0x41; // 0x41
										_t126 = _t126 << 5;
										__eax = 0;
										__eflags = 0;
										 *((intOrPtr*)((_t126 << 5) + __esi)) = 0;
										 *((intOrPtr*)(__edi + 0x82c)) = 0;
										 *((intOrPtr*)(__edi + 0x830)) = 0;
										goto L84;
									}
									__eax =  *(0x10003058 + __eax * 4);
									__eflags = __eax;
									if(__eax > 0) {
										goto L81;
									}
									goto L80;
								case 0x14:
									_t247 =  *(_t291 + 0x814);
									__eflags = _t247 - _v16;
									if(_t247 > _v16) {
										_v16 = _t247;
									}
									_v12 = _v12 & 0x00000000;
									_v20 = _v20 & 0x00000000;
									_v36 - 3 = _t247 - (_v36 == 3);
									if(_t247 != _v36 == 3) {
										L73:
										_v40 = 1;
									}
									goto L55;
								case 0x15:
									__eax =  &_v8;
									__eax = E10001CD9( &_v8);
									__ebx = __eax;
									__ebx = __eax + 1;
									L84:
									__eflags = __ebx;
									if(__ebx == 0) {
										goto L55;
									}
									L85:
									__eflags = _v20;
									_v40 = 1;
									if(_v20 != 0) {
										L90:
										__eflags = _v20 - 1;
										if(_v20 == 1) {
											__eax = _v16;
											__eax = _v16 << 5;
											__eflags = __eax;
											 *(__eax + __esi + 0x830) = __ebx;
										}
										goto L92;
									}
									_v16 = _v16 << 5;
									_t134 = __esi + 0x82c; // 0x82c
									__edi = (_v16 << 5) + _t134;
									__eax =  *__edi;
									__eflags = __eax - 0xffffffff;
									if(__eax <= 0xffffffff) {
										L88:
										__eax = GlobalFree(__eax);
										L89:
										 *__edi = __ebx;
										goto L90;
									}
									__eflags = __eax - 0x19;
									if(__eax <= 0x19) {
										goto L89;
									}
									goto L88;
								case 0x16:
									goto L55;
							}
						}
						_t248 = _t244 - 1;
						__eflags = _t248;
						if(_t248 == 0) {
							_v16 = _t253;
							goto L68;
						}
						__eflags = _t248 != 1;
						if(_t248 != 1) {
							goto L133;
						}
						_t271 = _t257 - 0x21;
						__eflags = _t271;
						if(_t271 == 0) {
							_v12 =  ~_v12;
							goto L55;
						}
						_t272 = _t271 - 0x42;
						__eflags = _t272;
						if(_t272 == 0) {
							L51:
							__eflags = _v12 - 1;
							if(_v12 != 1) {
								_t84 = _t291 + 0x810;
								 *_t84 =  *(_t291 + 0x810) &  !0x00000001;
								__eflags =  *_t84;
							} else {
								 *(_t291 + 0x810) =  *(_t291 + 0x810) | 1;
							}
							_v12 = 1;
							goto L55;
						}
						_t276 = _t272;
						__eflags = _t276;
						if(_t276 == 0) {
							_push(0x20);
							L50:
							_pop(1);
							goto L51;
						}
						_t277 = _t276 - 9;
						__eflags = _t277;
						if(_t277 == 0) {
							_push(8);
							goto L50;
						}
						_push(4);
						_pop(1);
						_t278 = _t277 - 1;
						__eflags = _t278;
						if(_t278 == 0) {
							goto L51;
						}
						_t279 = _t278 - 1;
						__eflags = _t279;
						if(_t279 == 0) {
							_push(0x10);
							goto L50;
						}
						__eflags = _t279 != 0;
						if(_t279 != 0) {
							goto L55;
						}
						_push(0x40);
						goto L50;
					} else {
						_v32 = _t283;
						_v12 = 1;
						goto L13;
					}
				}
				GlobalFree(_v52);
				GlobalFree(_v24);
				GlobalFree(_v44);
				if(_t291 == _t253 ||  *(_t291 + 0x80c) != _t253) {
					L145:
					return _t291;
				} else {
					_t198 =  *_t291 - 1;
					if(_t198 == 0) {
						_t169 = _t291 + 8; // 0x8
						_t286 = _t169;
						__eflags =  *_t286;
						if( *_t286 != 0) {
							_t199 = GetModuleHandleA(_t286);
							__eflags = _t199 - _t253;
							 *(_t291 + 0x808) = _t199;
							if(_t199 != _t253) {
								L141:
								_t254 = _t291 + 0x408;
								_t200 = GetProcAddress( *(_t291 + 0x808), _t254);
								__eflags = _t200;
								 *(_t291 + 0x80c) = _t200;
								if(_t200 != 0) {
									goto L145;
								}
								lstrcatA(_t254, 0x10004024);
								_t202 = GetProcAddress( *(_t291 + 0x808), _t254);
								__eflags = _t202;
								L143:
								 *(_t291 + 0x80c) = _t202;
								if(__eflags != 0) {
									goto L145;
								}
								L144:
								_t178 = _t291 + 4;
								 *_t178 =  *(_t291 + 4) | 0xffffffff;
								__eflags =  *_t178;
								goto L145;
							}
							_t203 = LoadLibraryA(_t286);
							__eflags = _t203 - _t253;
							 *(_t291 + 0x808) = _t203;
							if(_t203 == _t253) {
								goto L144;
							}
							goto L141;
						}
						_t202 = E10001641(_t291 + 0x408);
						__eflags = _t202 - _t253;
						goto L143;
					}
					_t205 = _t198 - 1;
					if(_t205 == 0) {
						_t167 = _t291 + 0x408; // 0x408
						_t206 = _t167;
						__eflags =  *_t206;
						if( *_t206 == 0) {
							goto L145;
						}
						_t207 = E10001641(_t206);
						L136:
						 *(_t291 + 0x80c) = _t207;
						goto L145;
					}
					if(_t205 != 1) {
						goto L145;
					}
					_t72 = _t291 + 8; // 0x8
					_t255 = _t72;
					_t288 = E10001641(_t72);
					 *(_t291 + 0x808) = _t288;
					if(_t288 == 0) {
						goto L144;
					}
					 *(_t291 + 0x850) =  *(_t291 + 0x850) & 0x00000000;
					 *((intOrPtr*)(_t291 + 0x84c)) = E10001550(_t255);
					 *(_t291 + 0x83c) =  *(_t291 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t291 + 0x848)) = 1;
					 *((intOrPtr*)(_t291 + 0x838)) = 1;
					_t81 = _t291 + 0x408; // 0x408
					_t207 =  *(_t288->i + E10001641(_t81) * 4);
					goto L136;
				}
			}





























































                                                                                                                                  0x10001d43
                                                                                                                                  0x10001d46
                                                                                                                                  0x10001d49
                                                                                                                                  0x10001d4c
                                                                                                                                  0x10001d4f
                                                                                                                                  0x10001d52
                                                                                                                                  0x10001d55
                                                                                                                                  0x10001d57
                                                                                                                                  0x10001d5c
                                                                                                                                  0x10001d5f
                                                                                                                                  0x10001d67
                                                                                                                                  0x10001d6a
                                                                                                                                  0x10001d6f
                                                                                                                                  0x10001d72
                                                                                                                                  0x10001d75
                                                                                                                                  0x10001d75
                                                                                                                                  0x10001d7c
                                                                                                                                  0x10001d7d
                                                                                                                                  0x10001d80
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001d8d
                                                                                                                                  0x10001d8f
                                                                                                                                  0x10001d94
                                                                                                                                  0x10001d96
                                                                                                                                  0x10001def
                                                                                                                                  0x10001def
                                                                                                                                  0x10001def
                                                                                                                                  0x10001df3
                                                                                                                                  0x10001df6
                                                                                                                                  0x10001df8
                                                                                                                                  0x10001e1a
                                                                                                                                  0x10001e1d
                                                                                                                                  0x10001e1f
                                                                                                                                  0x10001e28
                                                                                                                                  0x10001e2e
                                                                                                                                  0x10001e30
                                                                                                                                  0x10001e36
                                                                                                                                  0x10001e36
                                                                                                                                  0x10001e3c
                                                                                                                                  0x10001e3f
                                                                                                                                  0x10001e3f
                                                                                                                                  0x10001e42
                                                                                                                                  0x10001e42
                                                                                                                                  0x10001e48
                                                                                                                                  0x10001e4a
                                                                                                                                  0x10001e4d
                                                                                                                                  0x10001e53
                                                                                                                                  0x10001e56
                                                                                                                                  0x10001e56
                                                                                                                                  0x10001e58
                                                                                                                                  0x10001e5e
                                                                                                                                  0x10001e61
                                                                                                                                  0x10001e8c
                                                                                                                                  0x10001e8f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001e96
                                                                                                                                  0x10001e98
                                                                                                                                  0x10001ea6
                                                                                                                                  0x10001ea9
                                                                                                                                  0x10001eab
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001eb1
                                                                                                                                  0x10001eb1
                                                                                                                                  0x10001eb1
                                                                                                                                  0x10001eb7
                                                                                                                                  0x10001eb9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001ebb
                                                                                                                                  0x10001ebd
                                                                                                                                  0x10001ebf
                                                                                                                                  0x10001ec1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001ec1
                                                                                                                                  0x10001ec3
                                                                                                                                  0x10001ec5
                                                                                                                                  0x10001ec7
                                                                                                                                  0x10001ec7
                                                                                                                                  0x10001ecd
                                                                                                                                  0x10001ed3
                                                                                                                                  0x10001ed5
                                                                                                                                  0x10001eeb
                                                                                                                                  0x10001ed7
                                                                                                                                  0x10001edd
                                                                                                                                  0x10001ee0
                                                                                                                                  0x10001ee0
                                                                                                                                  0x00000000
                                                                                                                                  0x10001e63
                                                                                                                                  0x10001e63
                                                                                                                                  0x10001e63
                                                                                                                                  0x10001e64
                                                                                                                                  0x10001e70
                                                                                                                                  0x10001e74
                                                                                                                                  0x10001e7a
                                                                                                                                  0x10001e7e
                                                                                                                                  0x10001f64
                                                                                                                                  0x10001f67
                                                                                                                                  0x10001f6a
                                                                                                                                  0x10001f6a
                                                                                                                                  0x10001f71
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001f71
                                                                                                                                  0x10001e66
                                                                                                                                  0x10001e66
                                                                                                                                  0x10001e67
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001e69
                                                                                                                                  0x10001e6a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001e6a
                                                                                                                                  0x10001e61
                                                                                                                                  0x10001dfb
                                                                                                                                  0x10001e04
                                                                                                                                  0x10001e07
                                                                                                                                  0x10001e14
                                                                                                                                  0x10001e14
                                                                                                                                  0x10001e09
                                                                                                                                  0x10001e09
                                                                                                                                  0x00000000
                                                                                                                                  0x10001dfb
                                                                                                                                  0x10001d98
                                                                                                                                  0x10001d9b
                                                                                                                                  0x10001de7
                                                                                                                                  0x10001dea
                                                                                                                                  0x00000000
                                                                                                                                  0x10001dea
                                                                                                                                  0x10001d9d
                                                                                                                                  0x10001da0
                                                                                                                                  0x10001dcb
                                                                                                                                  0x10001dce
                                                                                                                                  0x10001dd5
                                                                                                                                  0x10001ddc
                                                                                                                                  0x10001ddf
                                                                                                                                  0x10001de2
                                                                                                                                  0x00000000
                                                                                                                                  0x10001de2
                                                                                                                                  0x10001da2
                                                                                                                                  0x10001da3
                                                                                                                                  0x10001dba
                                                                                                                                  0x10001dc1
                                                                                                                                  0x10001dc4
                                                                                                                                  0x00000000
                                                                                                                                  0x10001dc4
                                                                                                                                  0x10001da8
                                                                                                                                  0x10001ef6
                                                                                                                                  0x10001ef6
                                                                                                                                  0x10001ef8
                                                                                                                                  0x10002225
                                                                                                                                  0x10002228
                                                                                                                                  0x10002289
                                                                                                                                  0x10001f62
                                                                                                                                  0x10001f62
                                                                                                                                  0x10001f62
                                                                                                                                  0x00000000
                                                                                                                                  0x10001f62
                                                                                                                                  0x1000222a
                                                                                                                                  0x1000222d
                                                                                                                                  0x10002239
                                                                                                                                  0x1000223c
                                                                                                                                  0x1000223d
                                                                                                                                  0x10002240
                                                                                                                                  0x10002247
                                                                                                                                  0x1000224a
                                                                                                                                  0x1000224b
                                                                                                                                  0x1000224e
                                                                                                                                  0x10002295
                                                                                                                                  0x10002298
                                                                                                                                  0x1000229b
                                                                                                                                  0x00000000
                                                                                                                                  0x1000229b
                                                                                                                                  0x10002250
                                                                                                                                  0x10002253
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002255
                                                                                                                                  0x1000225c
                                                                                                                                  0x1000225c
                                                                                                                                  0x10002262
                                                                                                                                  0x10002265
                                                                                                                                  0x10002281
                                                                                                                                  0x10002267
                                                                                                                                  0x10002270
                                                                                                                                  0x10002273
                                                                                                                                  0x10002273
                                                                                                                                  0x00000000
                                                                                                                                  0x10002265
                                                                                                                                  0x10002242
                                                                                                                                  0x00000000
                                                                                                                                  0x10002242
                                                                                                                                  0x1000222f
                                                                                                                                  0x10002232
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002234
                                                                                                                                  0x10002237
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002237
                                                                                                                                  0x10001efe
                                                                                                                                  0x10001efe
                                                                                                                                  0x10001eff
                                                                                                                                  0x10002026
                                                                                                                                  0x10002026
                                                                                                                                  0x1000202b
                                                                                                                                  0x1000202e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1000203b
                                                                                                                                  0x00000000
                                                                                                                                  0x100021cd
                                                                                                                                  0x100021d0
                                                                                                                                  0x100021d3
                                                                                                                                  0x100021d3
                                                                                                                                  0x100021d4
                                                                                                                                  0x100021d7
                                                                                                                                  0x100021d9
                                                                                                                                  0x100021db
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x100021dd
                                                                                                                                  0x100021dd
                                                                                                                                  0x100021e0
                                                                                                                                  0x100021f2
                                                                                                                                  0x100021f5
                                                                                                                                  0x100021fe
                                                                                                                                  0x00000000
                                                                                                                                  0x100021fe
                                                                                                                                  0x100021e2
                                                                                                                                  0x100021e2
                                                                                                                                  0x100021e4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x100021e6
                                                                                                                                  0x100021e8
                                                                                                                                  0x100021ea
                                                                                                                                  0x100021ea
                                                                                                                                  0x100021ea
                                                                                                                                  0x100021eb
                                                                                                                                  0x100021ed
                                                                                                                                  0x100021ef
                                                                                                                                  0x100021d3
                                                                                                                                  0x100021d4
                                                                                                                                  0x100021d7
                                                                                                                                  0x100021d9
                                                                                                                                  0x100021db
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x100021db
                                                                                                                                  0x00000000
                                                                                                                                  0x10002082
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1000208e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002075
                                                                                                                                  0x10002079
                                                                                                                                  0x1000207d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1000219f
                                                                                                                                  0x100021a3
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x100021a9
                                                                                                                                  0x100021b1
                                                                                                                                  0x100021b8
                                                                                                                                  0x100021c0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002147
                                                                                                                                  0x10002147
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1000221d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1000220d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002211
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002219
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1000215f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1000214f
                                                                                                                                  0x10002151
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002167
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002157
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1000215b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002215
                                                                                                                                  0x1000221f
                                                                                                                                  0x1000221f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1000216f
                                                                                                                                  0x10002173
                                                                                                                                  0x10002178
                                                                                                                                  0x1000217b
                                                                                                                                  0x1000217c
                                                                                                                                  0x1000217f
                                                                                                                                  0x10002185
                                                                                                                                  0x10002185
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002205
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002097
                                                                                                                                  0x10002097
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002163
                                                                                                                                  0x10002169
                                                                                                                                  0x10002169
                                                                                                                                  0x10002099
                                                                                                                                  0x10002099
                                                                                                                                  0x1000209c
                                                                                                                                  0x1000209e
                                                                                                                                  0x100020a1
                                                                                                                                  0x100020a2
                                                                                                                                  0x100020a6
                                                                                                                                  0x100020a9
                                                                                                                                  0x100020ac
                                                                                                                                  0x100020b2
                                                                                                                                  0x100020bf
                                                                                                                                  0x100020bf
                                                                                                                                  0x100020c1
                                                                                                                                  0x100020c1
                                                                                                                                  0x100020c4
                                                                                                                                  0x100020ca
                                                                                                                                  0x100020cc
                                                                                                                                  0x100020d0
                                                                                                                                  0x100020d5
                                                                                                                                  0x100020d5
                                                                                                                                  0x100020d7
                                                                                                                                  0x100020d7
                                                                                                                                  0x100020da
                                                                                                                                  0x100020dd
                                                                                                                                  0x100020e6
                                                                                                                                  0x100020e9
                                                                                                                                  0x100020ec
                                                                                                                                  0x100020ec
                                                                                                                                  0x100020ee
                                                                                                                                  0x100020f1
                                                                                                                                  0x100020f7
                                                                                                                                  0x00000000
                                                                                                                                  0x100020f7
                                                                                                                                  0x100020b4
                                                                                                                                  0x100020bb
                                                                                                                                  0x100020bd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002042
                                                                                                                                  0x10002048
                                                                                                                                  0x1000204b
                                                                                                                                  0x1000204d
                                                                                                                                  0x1000204d
                                                                                                                                  0x10002050
                                                                                                                                  0x10002054
                                                                                                                                  0x10002061
                                                                                                                                  0x10002063
                                                                                                                                  0x10002069
                                                                                                                                  0x10002069
                                                                                                                                  0x10002069
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1000218d
                                                                                                                                  0x10002191
                                                                                                                                  0x10002196
                                                                                                                                  0x10002199
                                                                                                                                  0x100020fd
                                                                                                                                  0x100020fd
                                                                                                                                  0x100020ff
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002105
                                                                                                                                  0x10002105
                                                                                                                                  0x10002109
                                                                                                                                  0x10002110
                                                                                                                                  0x10002134
                                                                                                                                  0x10002134
                                                                                                                                  0x10002138
                                                                                                                                  0x1000213a
                                                                                                                                  0x1000213d
                                                                                                                                  0x1000213d
                                                                                                                                  0x10002140
                                                                                                                                  0x10002140
                                                                                                                                  0x00000000
                                                                                                                                  0x10002138
                                                                                                                                  0x10002115
                                                                                                                                  0x10002118
                                                                                                                                  0x10002118
                                                                                                                                  0x1000211f
                                                                                                                                  0x10002121
                                                                                                                                  0x10002124
                                                                                                                                  0x1000212b
                                                                                                                                  0x1000212c
                                                                                                                                  0x10002132
                                                                                                                                  0x10002132
                                                                                                                                  0x00000000
                                                                                                                                  0x10002132
                                                                                                                                  0x10002126
                                                                                                                                  0x10002129
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1000203b
                                                                                                                                  0x10001f05
                                                                                                                                  0x10001f05
                                                                                                                                  0x10001f06
                                                                                                                                  0x10002023
                                                                                                                                  0x00000000
                                                                                                                                  0x10002023
                                                                                                                                  0x10001f0c
                                                                                                                                  0x10001f0d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001f13
                                                                                                                                  0x10001f13
                                                                                                                                  0x10001f16
                                                                                                                                  0x10001f5f
                                                                                                                                  0x00000000
                                                                                                                                  0x10001f5f
                                                                                                                                  0x10001f18
                                                                                                                                  0x10001f18
                                                                                                                                  0x10001f1b
                                                                                                                                  0x10001f43
                                                                                                                                  0x10001f46
                                                                                                                                  0x10001f49
                                                                                                                                  0x10002015
                                                                                                                                  0x10002015
                                                                                                                                  0x10002015
                                                                                                                                  0x10001f4f
                                                                                                                                  0x10001f4f
                                                                                                                                  0x10001f4f
                                                                                                                                  0x1000201b
                                                                                                                                  0x00000000
                                                                                                                                  0x1000201b
                                                                                                                                  0x10001f1e
                                                                                                                                  0x10001f1e
                                                                                                                                  0x10001f1f
                                                                                                                                  0x10001f40
                                                                                                                                  0x10001f42
                                                                                                                                  0x10001f42
                                                                                                                                  0x00000000
                                                                                                                                  0x10001f42
                                                                                                                                  0x10001f21
                                                                                                                                  0x10001f21
                                                                                                                                  0x10001f24
                                                                                                                                  0x10001f3c
                                                                                                                                  0x00000000
                                                                                                                                  0x10001f3c
                                                                                                                                  0x10001f26
                                                                                                                                  0x10001f28
                                                                                                                                  0x10001f29
                                                                                                                                  0x10001f29
                                                                                                                                  0x10001f2b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001f2d
                                                                                                                                  0x10001f2d
                                                                                                                                  0x10001f2e
                                                                                                                                  0x10001f38
                                                                                                                                  0x00000000
                                                                                                                                  0x10001f38
                                                                                                                                  0x10001f31
                                                                                                                                  0x10001f32
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001f34
                                                                                                                                  0x00000000
                                                                                                                                  0x10001dae
                                                                                                                                  0x10001dae
                                                                                                                                  0x10001db1
                                                                                                                                  0x00000000
                                                                                                                                  0x10001db1
                                                                                                                                  0x10001da8
                                                                                                                                  0x10001f80
                                                                                                                                  0x10001f85
                                                                                                                                  0x10001f8a
                                                                                                                                  0x10001f8e
                                                                                                                                  0x1000233d
                                                                                                                                  0x10002343
                                                                                                                                  0x10001fa0
                                                                                                                                  0x10001fa2
                                                                                                                                  0x10001fa3
                                                                                                                                  0x100022c0
                                                                                                                                  0x100022c0
                                                                                                                                  0x100022c3
                                                                                                                                  0x100022c6
                                                                                                                                  0x100022da
                                                                                                                                  0x100022e0
                                                                                                                                  0x100022e2
                                                                                                                                  0x100022e8
                                                                                                                                  0x100022fb
                                                                                                                                  0x10002301
                                                                                                                                  0x1000230e
                                                                                                                                  0x10002310
                                                                                                                                  0x10002312
                                                                                                                                  0x10002318
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002320
                                                                                                                                  0x1000232d
                                                                                                                                  0x1000232f
                                                                                                                                  0x10002331
                                                                                                                                  0x10002331
                                                                                                                                  0x10002337
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002339
                                                                                                                                  0x10002339
                                                                                                                                  0x10002339
                                                                                                                                  0x10002339
                                                                                                                                  0x00000000
                                                                                                                                  0x10002339
                                                                                                                                  0x100022eb
                                                                                                                                  0x100022f1
                                                                                                                                  0x100022f3
                                                                                                                                  0x100022f9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x100022f9
                                                                                                                                  0x100022cf
                                                                                                                                  0x100022d5
                                                                                                                                  0x00000000
                                                                                                                                  0x100022d5
                                                                                                                                  0x10001fa9
                                                                                                                                  0x10001faa
                                                                                                                                  0x100022a2
                                                                                                                                  0x100022a2
                                                                                                                                  0x100022a8
                                                                                                                                  0x100022ab
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x100022b2
                                                                                                                                  0x100022b7
                                                                                                                                  0x100022b8
                                                                                                                                  0x00000000
                                                                                                                                  0x100022b8
                                                                                                                                  0x10001fb1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001fb7
                                                                                                                                  0x10001fb7
                                                                                                                                  0x10001fc0
                                                                                                                                  0x10001fc5
                                                                                                                                  0x10001fcb
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001fd1
                                                                                                                                  0x10001fde
                                                                                                                                  0x10001fe4
                                                                                                                                  0x10001fee
                                                                                                                                  0x10001ff4
                                                                                                                                  0x10001ffc
                                                                                                                                  0x1000200c
                                                                                                                                  0x00000000
                                                                                                                                  0x1000200c

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 10001541: GlobalAlloc.KERNEL32(00000040,10001577,?,?,10001804,?,10001017), ref: 10001549
                                                                                                                                    • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                                    • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 10001E28
                                                                                                                                  • lstrcpyA.KERNEL32(00000008,?), ref: 10001E74
                                                                                                                                  • lstrcpyA.KERNEL32(00000408,?), ref: 10001E7E
                                                                                                                                  • GlobalFree.KERNEL32 ref: 10001E98
                                                                                                                                  • GlobalFree.KERNEL32 ref: 10001F80
                                                                                                                                  • GlobalFree.KERNEL32 ref: 10001F85
                                                                                                                                  • GlobalFree.KERNEL32 ref: 10001F8A
                                                                                                                                  • GlobalFree.KERNEL32 ref: 1000212C
                                                                                                                                  • lstrcpyA.KERNEL32(?,?), ref: 10002273
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.749338517.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.749309117.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749363604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749383020.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$lstrcpy$Alloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4227406936-0
                                                                                                                                  • Opcode ID: 4db69d6392801e5d2746045bac65134a125a553687dc9f3a9041a8d875cc8822
                                                                                                                                  • Instruction ID: a07e655b5acbd759bef49bc23e9150b4786b733537db7dc5a885176f28cf93da
                                                                                                                                  • Opcode Fuzzy Hash: 4db69d6392801e5d2746045bac65134a125a553687dc9f3a9041a8d875cc8822
                                                                                                                                  • Instruction Fuzzy Hash: 8A029C71D0464ADFEB60CFA4C8807EEBBF4FB043C4F21856AE565A7289C7745A81DB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00402F18 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                  			E00402F18(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				intOrPtr _t51;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t51 =  *0x423ef8; // 0x12e63
					_t44 = _t31 + _t51;
					 *0x417044 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403043(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417044 =  *0x417044 + _t57;
						_t32 = E00403043(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417044 =  *0x417044 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413040, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413040, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417044 =  *0x417044 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}


















                                                                                                                                  0x00402f1d
                                                                                                                                  0x00402f27
                                                                                                                                  0x00402f29
                                                                                                                                  0x00402f30
                                                                                                                                  0x00402f34
                                                                                                                                  0x00402f3f
                                                                                                                                  0x00402f3f
                                                                                                                                  0x00402f47
                                                                                                                                  0x00402f49
                                                                                                                                  0x00402f50
                                                                                                                                  0x00402f6c
                                                                                                                                  0x00402f70
                                                                                                                                  0x00403039
                                                                                                                                  0x00403039
                                                                                                                                  0x00000000
                                                                                                                                  0x00402f7f
                                                                                                                                  0x00402f82
                                                                                                                                  0x00402f88
                                                                                                                                  0x00402f8f
                                                                                                                                  0x00402f92
                                                                                                                                  0x00402f9b
                                                                                                                                  0x00403008
                                                                                                                                  0x0040300e
                                                                                                                                  0x00403010
                                                                                                                                  0x00403010
                                                                                                                                  0x00403022
                                                                                                                                  0x00403026
                                                                                                                                  0x00000000
                                                                                                                                  0x00403028
                                                                                                                                  0x00403028
                                                                                                                                  0x0040302b
                                                                                                                                  0x00403031
                                                                                                                                  0x00000000
                                                                                                                                  0x00403031
                                                                                                                                  0x00402f9d
                                                                                                                                  0x00402fa0
                                                                                                                                  0x00403034
                                                                                                                                  0x00403034
                                                                                                                                  0x00402fa6
                                                                                                                                  0x00402fab
                                                                                                                                  0x00402fab
                                                                                                                                  0x00402fb3
                                                                                                                                  0x00402fb5
                                                                                                                                  0x00402fb5
                                                                                                                                  0x00402fc6
                                                                                                                                  0x00402fca
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402fde
                                                                                                                                  0x00402fe6
                                                                                                                                  0x00403004
                                                                                                                                  0x0040303b
                                                                                                                                  0x0040303b
                                                                                                                                  0x00402fed
                                                                                                                                  0x00402fed
                                                                                                                                  0x00402ff0
                                                                                                                                  0x00402ff3
                                                                                                                                  0x00402ff6
                                                                                                                                  0x00403000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403002
                                                                                                                                  0x00000000
                                                                                                                                  0x00403002
                                                                                                                                  0x00403000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402fe6
                                                                                                                                  0x00000000
                                                                                                                                  0x00402fab
                                                                                                                                  0x00402fa0
                                                                                                                                  0x00402f9b
                                                                                                                                  0x00402f92
                                                                                                                                  0x00402f70
                                                                                                                                  0x0040303c
                                                                                                                                  0x00403040

                                                                                                                                  APIs
                                                                                                                                  • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130,0000DBE4), ref: 00402F3F
                                                                                                                                  • ReadFile.KERNELBASE(00409130,00000004,0000DBE4,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130), ref: 00402F6C
                                                                                                                                  • ReadFile.KERNELBASE(00413040,00004000,0000DBE4,00000000,00409130,?,00402EC4,000000FF,00000000,00000000,00409130,0000DBE4), ref: 00402FC6
                                                                                                                                  • WriteFile.KERNELBASE(00000000,00413040,0000DBE4,000000FF,00000000,?,00402EC4,000000FF,00000000,00000000,00409130,0000DBE4), ref: 00402FDE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Read$PointerWrite
                                                                                                                                  • String ID: @0A
                                                                                                                                  • API String ID: 2113905535-1363546919
                                                                                                                                  • Opcode ID: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                                                  • Instruction ID: f0f891dec1baa82fcb152a6e3a42d02399587e043c2e4755ce28507b82245ee9
                                                                                                                                  • Opcode Fuzzy Hash: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                                                  • Instruction Fuzzy Hash: 3F315731501249EBDB21CF55DD40A9E7FBCEB843A5F20407AFA05A6190D3789F81DBA9
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00402BD3 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00402BD3(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				void* _t13;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41704c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41704c = 0;
					return _t15;
				}
				__eflags =  *0x41704c; // 0x0
				if(__eflags != 0) {
					return E00405EC1(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8; // 0xa038c
					if(__eflags == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B3B, 0);
						 *0x41704c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BB7());
						_t13 = E00404F04(0,  &_v68); // executed
						return _t13;
					}
				}
				return _t6;
			}








                                                                                                                                  0x00402bdf
                                                                                                                                  0x00402be1
                                                                                                                                  0x00402be8
                                                                                                                                  0x00402beb
                                                                                                                                  0x00402beb
                                                                                                                                  0x00402bf1
                                                                                                                                  0x00000000
                                                                                                                                  0x00402bf1
                                                                                                                                  0x00402bf9
                                                                                                                                  0x00402bff
                                                                                                                                  0x00000000
                                                                                                                                  0x00402c02
                                                                                                                                  0x00402c09
                                                                                                                                  0x00402c0f
                                                                                                                                  0x00402c15
                                                                                                                                  0x00402c17
                                                                                                                                  0x00402c1d
                                                                                                                                  0x00402c5b
                                                                                                                                  0x00402c64
                                                                                                                                  0x00000000
                                                                                                                                  0x00402c69
                                                                                                                                  0x00402c1f
                                                                                                                                  0x00402c26
                                                                                                                                  0x00402c37
                                                                                                                                  0x00402c45
                                                                                                                                  0x00000000
                                                                                                                                  0x00402c45
                                                                                                                                  0x00402c26
                                                                                                                                  0x00402c71

                                                                                                                                  APIs
                                                                                                                                  • DestroyWindow.USER32(00000000,00000000), ref: 00402BEB
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402C09
                                                                                                                                  • wsprintfA.USER32 ref: 00402C37
                                                                                                                                    • Part of subcall function 00404F04: lstrlenA.KERNEL32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                    • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                    • Part of subcall function 00404F04: lstrcatA.KERNEL32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00402C4A,00402C4A,Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000), ref: 00404F60
                                                                                                                                    • Part of subcall function 00404F04: SetWindowTextA.USER32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx"), ref: 00404F72
                                                                                                                                    • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404F98
                                                                                                                                    • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FB2
                                                                                                                                    • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FC0
                                                                                                                                  • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C5B
                                                                                                                                  • ShowWindow.USER32(00000000,00000005), ref: 00402C69
                                                                                                                                    • Part of subcall function 00402BB7: MulDiv.KERNEL32(0001C25D,00000064,0001AE6B), ref: 00402BCC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                  • String ID: ... %d%%
                                                                                                                                  • API String ID: 722711167-2449383134
                                                                                                                                  • Opcode ID: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                                                  • Instruction ID: c44cf6bb529b7c61e0c77009ed50883557557090b8ffabf6f859222ef57aaf40
                                                                                                                                  • Opcode Fuzzy Hash: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                                                  • Instruction Fuzzy Hash: C6016170949210EBD7215F61EE4DA9F7B78AB04701B14403BF502B11E5C6BC9A01CBAE
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00403043 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E00403043(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t22;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t53;

				_t35 =  *0x417044; // 0x7dd9dfc
				_t37 = _t35 -  *0x40afb0 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BD3(1);
					return 0;
				}
				E004031F1( *0x41f054);
				SetFilePointer( *0x409018,  *0x40afb0, 0, 0); // executed
				 *0x41f050 = _t37;
				 *0x417040 = 0;
				while(1) {
					L2:
					_t12 =  *0x417048; // 0x42bba09
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f054;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031BF(0x413040, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f054 =  *0x41f054 + _t34;
					 *0x40afd0 = 0x413040;
					 *0x40afd4 = _t34;
					while(1) {
						_t46 =  *0x423eb0; // 0x69fab8
						if(_t46 != 0) {
							_t47 =  *0x423f40; // 0x0
							if(_t47 == 0) {
								_t22 =  *0x41f050; // 0x1ae6b
								 *0x417040 = _t22 -  *0x417044 - _a4 +  *0x40afb0; // executed
								E00402BD3(0); // executed
							}
						}
						 *0x40afd8 = 0x40b040;
						 *0x40afdc = 0x8000; // executed
						_t16 = E00405F82(0x40afb8); // executed
						if(_t16 < 0) {
							break;
						}
						_t39 =  *0x40afd8; // 0x40cac1
						_t40 = _t39 - 0x40b040;
						if(_t40 == 0) {
							__eflags =  *0x40afd4; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags = _t34;
							if(_t34 == 0) {
								break;
							}
							L17:
							_t18 =  *0x417044; // 0x7dd9dfc
							if(_t18 -  *0x40afb0 + _a4 > 0) {
								goto L2;
							}
							SetFilePointer( *0x409018, _t18, 0, 0); // executed
							goto L23;
						}
						_t21 = WriteFile( *0x409018, 0x40b040, _t40,  &_v4, 0); // executed
						if(_t21 == 0 || _t40 != _v4) {
							_push(0xfffffffe);
							L22:
							_pop(_t17);
							return _t17;
						} else {
							 *0x40afb0 =  *0x40afb0 + _t40;
							_t53 =  *0x40afd4; // 0x0
							if(_t53 != 0) {
								continue;
							}
							goto L17;
						}
					}
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}





















                                                                                                                                  0x00403047
                                                                                                                                  0x00403054
                                                                                                                                  0x00403067
                                                                                                                                  0x0040306c
                                                                                                                                  0x004031ad
                                                                                                                                  0x004031af
                                                                                                                                  0x00000000
                                                                                                                                  0x004031b5
                                                                                                                                  0x00403078
                                                                                                                                  0x0040308b
                                                                                                                                  0x00403091
                                                                                                                                  0x00403097
                                                                                                                                  0x004030a2
                                                                                                                                  0x004030a2
                                                                                                                                  0x004030a2
                                                                                                                                  0x004030a7
                                                                                                                                  0x004030ac
                                                                                                                                  0x004030b4
                                                                                                                                  0x004030b6
                                                                                                                                  0x004030b6
                                                                                                                                  0x004030bf
                                                                                                                                  0x004030c6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004030cc
                                                                                                                                  0x004030d2
                                                                                                                                  0x004030d8
                                                                                                                                  0x004030de
                                                                                                                                  0x004030de
                                                                                                                                  0x004030e4
                                                                                                                                  0x004030e6
                                                                                                                                  0x004030ec
                                                                                                                                  0x004030ee
                                                                                                                                  0x00403104
                                                                                                                                  0x00403109
                                                                                                                                  0x0040310e
                                                                                                                                  0x004030ec
                                                                                                                                  0x00403114
                                                                                                                                  0x0040311a
                                                                                                                                  0x00403124
                                                                                                                                  0x0040312b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040312d
                                                                                                                                  0x00403133
                                                                                                                                  0x00403135
                                                                                                                                  0x00403169
                                                                                                                                  0x0040316f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403171
                                                                                                                                  0x00403173
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403175
                                                                                                                                  0x00403175
                                                                                                                                  0x00403188
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403197
                                                                                                                                  0x00000000
                                                                                                                                  0x00403197
                                                                                                                                  0x00403145
                                                                                                                                  0x0040314d
                                                                                                                                  0x004031a4
                                                                                                                                  0x004031aa
                                                                                                                                  0x004031aa
                                                                                                                                  0x00000000
                                                                                                                                  0x00403155
                                                                                                                                  0x00403155
                                                                                                                                  0x0040315b
                                                                                                                                  0x00403161
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403167
                                                                                                                                  0x0040314d
                                                                                                                                  0x004031a8
                                                                                                                                  0x00000000
                                                                                                                                  0x004031a8
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403058
                                                                                                                                    • Part of subcall function 004031F1: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,0000DBE4), ref: 004031FF
                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000), ref: 0040308B
                                                                                                                                  • WriteFile.KERNELBASE(0040B040,0040CAC1,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403145
                                                                                                                                  • SetFilePointer.KERNELBASE(07DD9DFC,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403197
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Pointer$CountTickWrite
                                                                                                                                  • String ID: @0A
                                                                                                                                  • API String ID: 2146148272-1363546919
                                                                                                                                  • Opcode ID: c3ab3b2a6ebb8e6cedc02463b91186366695901546e3771a82caeddcf6bda455
                                                                                                                                  • Instruction ID: c862c83604f3b109b9ae356e59bf9e99270c6d64ee518f880403d0392c1b0dc8
                                                                                                                                  • Opcode Fuzzy Hash: c3ab3b2a6ebb8e6cedc02463b91186366695901546e3771a82caeddcf6bda455
                                                                                                                                  • Instruction Fuzzy Hash: 4B41ABB25042029FD710CF29EE4096A7FBDF748356705423BE501BA2E1CB3C6E099B9E
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00401F51 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 60%
                                                                                                                                  			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f28 =  *0x423f28 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404F04(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af70, " ?B"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E0040364F(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                                  0x00401f51
                                                                                                                                  0x00401f51
                                                                                                                                  0x00401f56
                                                                                                                                  0x00401f5d
                                                                                                                                  0x00402019
                                                                                                                                  0x00402164
                                                                                                                                  0x00402164
                                                                                                                                  0x0040288b
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a
                                                                                                                                  0x0040289a
                                                                                                                                  0x00401f6c
                                                                                                                                  0x00401f76
                                                                                                                                  0x00401f79
                                                                                                                                  0x00401f88
                                                                                                                                  0x00401f8c
                                                                                                                                  0x00401f92
                                                                                                                                  0x00401f96
                                                                                                                                  0x00402012
                                                                                                                                  0x00000000
                                                                                                                                  0x00402012
                                                                                                                                  0x00401f98
                                                                                                                                  0x00401fa2
                                                                                                                                  0x00401fa6
                                                                                                                                  0x00401fea
                                                                                                                                  0x00401fa8
                                                                                                                                  0x00401fab
                                                                                                                                  0x00401fae
                                                                                                                                  0x00401fde
                                                                                                                                  0x00401fb0
                                                                                                                                  0x00401fb3
                                                                                                                                  0x00401fbc
                                                                                                                                  0x00401fbe
                                                                                                                                  0x00401fbe
                                                                                                                                  0x00401fbc
                                                                                                                                  0x00401fae
                                                                                                                                  0x00401ff2
                                                                                                                                  0x00402007
                                                                                                                                  0x00402007
                                                                                                                                  0x00000000
                                                                                                                                  0x00401ff2
                                                                                                                                  0x00401f7c
                                                                                                                                  0x00401f82
                                                                                                                                  0x00401f86
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                                                    • Part of subcall function 00404F04: lstrlenA.KERNEL32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                    • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                    • Part of subcall function 00404F04: lstrcatA.KERNEL32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00402C4A,00402C4A,Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000), ref: 00404F60
                                                                                                                                    • Part of subcall function 00404F04: SetWindowTextA.USER32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx"), ref: 00404F72
                                                                                                                                    • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404F98
                                                                                                                                    • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FB2
                                                                                                                                    • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FC0
                                                                                                                                  • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                                                  • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                  • String ID: ?B
                                                                                                                                  • API String ID: 2987980305-117478770
                                                                                                                                  • Opcode ID: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                                                                  • Instruction ID: 83c29b7dad20212888764ed045f323035a642c1bbb84e8da84d377f5f563bf0e
                                                                                                                                  • Opcode Fuzzy Hash: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                                                                  • Instruction Fuzzy Hash: D621EE72D04216EBCF207FA4DE49A6E75B06B44399F204237F511B52E0D77C4D41965E
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                  			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E004056ED(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405684(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B66("C:\\Program Files\\iba\\ibaAnalyzer\\Plugins", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                                                                  0x004015b3
                                                                                                                                  0x004015ba
                                                                                                                                  0x004015bd
                                                                                                                                  0x004015c2
                                                                                                                                  0x004015c6
                                                                                                                                  0x004015c8
                                                                                                                                  0x004015d0
                                                                                                                                  0x004015d6
                                                                                                                                  0x004015d8
                                                                                                                                  0x004015db
                                                                                                                                  0x004015e3
                                                                                                                                  0x004015f0
                                                                                                                                  0x004015fd
                                                                                                                                  0x004015fd
                                                                                                                                  0x004015f2
                                                                                                                                  0x004015f3
                                                                                                                                  0x004015fb
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004015fb
                                                                                                                                  0x004015f0
                                                                                                                                  0x00401600
                                                                                                                                  0x00401603
                                                                                                                                  0x00401605
                                                                                                                                  0x00401606
                                                                                                                                  0x004015c8
                                                                                                                                  0x0040160d
                                                                                                                                  0x0040162d
                                                                                                                                  0x00402164
                                                                                                                                  0x0040160f
                                                                                                                                  0x00401611
                                                                                                                                  0x0040161c
                                                                                                                                  0x00401622
                                                                                                                                  0x00401622
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,004218A8,00000000,00405751,004218A8,004218A8,?,?,76DDF560,0040549F,?,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,76DDF560), ref: 004056FB
                                                                                                                                    • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                                                                                                                    • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                                                                                                                  • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                                  • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                                  • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                                  • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files\iba\ibaAnalyzer\Plugins,00000000,00000000,000000F0), ref: 00401622
                                                                                                                                  Strings
                                                                                                                                  • C:\Program Files\iba\ibaAnalyzer\Plugins, xrefs: 00401617
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                  • String ID: C:\Program Files\iba\ibaAnalyzer\Plugins
                                                                                                                                  • API String ID: 3751793516-3951075876
                                                                                                                                  • Opcode ID: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                                                                  • Instruction ID: c38907cd9fbddcdb820990ab727de55d75fa8bca08f123d111df4852c942a759
                                                                                                                                  • Opcode Fuzzy Hash: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                                                                  • Instruction Fuzzy Hash: 7E010431D08141AFDB216F751D4497F27B0AA56369728073FF891B22E2C63C0942962E
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0040586C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E0040586C(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                                                  0x00405870
                                                                                                                                  0x00405876
                                                                                                                                  0x00405877
                                                                                                                                  0x00405877
                                                                                                                                  0x00405878
                                                                                                                                  0x0040587f
                                                                                                                                  0x00405889
                                                                                                                                  0x00405896
                                                                                                                                  0x00405899
                                                                                                                                  0x004058a1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004058a5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004058a7
                                                                                                                                  0x00000000
                                                                                                                                  0x004058a7
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 0040587F
                                                                                                                                  • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405899
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                  • String ID: "C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                  • API String ID: 1716503409-3054606575
                                                                                                                                  • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                  • Instruction ID: 7bdb262dbebad2fb51735791196b4a750b565e3ebaa120aaaad2cbe3184e43fd
                                                                                                                                  • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                  • Instruction Fuzzy Hash: B1F0A73734820876E7105E55DC04B9B7F9DDF91760F14C027FE44DA1C0D6B49954C7A5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AD0D0 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 48memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032AD147
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,SMARXOS), ref: 032AD15A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocGloballstrcpyn
                                                                                                                                  • String ID: MPI$SMARXOS$UNKNOWN
                                                                                                                                  • API String ID: 3204721840-2250718591
                                                                                                                                  • Opcode ID: 64b510ffb89a5dc63314461cb042a737c6eb234dd8053d70171532da4a7a2651
                                                                                                                                  • Instruction ID: b2e39e407489fd2a4fa9d4ec762c133e7243f0444c9cc733db6405ab0c3e3648
                                                                                                                                  • Opcode Fuzzy Hash: 64b510ffb89a5dc63314461cb042a737c6eb234dd8053d70171532da4a7a2651
                                                                                                                                  • Instruction Fuzzy Hash: F511C4BD6146128BC718FF14F559AA2B7A6F788F50B45806DE9058F748D3319CC1CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00401CC1(int __edx) {
				long _t16;
				void* _t17;
				int _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t16 = LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10); // executed
				_t17 = SendMessageA(_t25, 0x172, _t21, _t16); // executed
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}








                                                                                                                                  0x00401ccb
                                                                                                                                  0x00401cd2
                                                                                                                                  0x00401cf3
                                                                                                                                  0x00401d01
                                                                                                                                  0x00401d09
                                                                                                                                  0x00401d10
                                                                                                                                  0x00401d10
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                  • Opcode ID: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                                                                  • Instruction ID: de7316f9b9f1bcc3f0c1dff9ae5dc63c91f1472c52c052d8cf8a0da7f27950be
                                                                                                                                  • Opcode Fuzzy Hash: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                                                                  • Instruction Fuzzy Hash: D5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1000198F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E1000198F(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				struct HINSTANCE__* _t34;
				intOrPtr _t38;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t50;
				intOrPtr _t53;
				signed int _t57;
				signed int _t61;
				void* _t65;
				void* _t66;
				void* _t70;
				void* _t74;

				_t74 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				 *0x10004058 = _a8;
				 *0x1000405c = _a16;
				 *0x10004060 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004038, E1000189E);
				_push(1); // executed
				_t34 = E10001D3B(); // executed
				_t50 = _t34;
				if(_t50 == 0) {
					L28:
					return _t34;
				} else {
					if( *((intOrPtr*)(_t50 + 4)) != 1) {
						E100023F6(_t50);
					}
					E10002440(_t65, _t50);
					_t53 =  *((intOrPtr*)(_t50 + 4));
					if(_t53 == 0xffffffff) {
						L14:
						if(( *(_t50 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t50 + 4)) == 0) {
								_t34 = E100025FE(_t65, _t50);
							} else {
								_push(_t74);
								_push(_t66);
								_t12 = _t50 + 0x818; // 0x818
								_t57 = 8;
								memcpy( &_v36, _t12, _t57 << 2);
								_t38 = E100018A1(_t50);
								_t15 = _t50 + 0x818; // 0x818
								_t70 = _t15;
								 *((intOrPtr*)(_t50 + 0x820)) = _t38;
								 *_t70 = 3;
								E100025FE(_t65, _t50);
								_t61 = 8;
								_t34 = memcpy(_t70,  &_v36, _t61 << 2);
							}
						} else {
							E100025FE(_t65, _t50);
							_t34 = GlobalFree(E1000159E(E100018A1(_t50)));
						}
						if( *((intOrPtr*)(_t50 + 4)) != 1) {
							_t34 = E100025C4(_t50);
							if(( *(_t50 + 0x810) & 0x00000040) != 0 &&  *_t50 == 1) {
								_t34 =  *(_t50 + 0x808);
								if(_t34 != 0) {
									_t34 = FreeLibrary(_t34);
								}
							}
							if(( *(_t50 + 0x810) & 0x00000020) != 0) {
								_t34 = E10001825( *0x10004054);
							}
						}
						if(( *(_t50 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t50);
						}
					}
					_t44 =  *_t50;
					if(_t44 == 0) {
						if(_t53 != 1) {
							goto L14;
						}
						E100014C7(_t50);
						L12:
						_t50 = _t44;
						L13:
						goto L14;
					}
					_t45 = _t44 - 1;
					if(_t45 == 0) {
						L8:
						_t44 = E1000120C(_t53, _t50);
						goto L12;
					}
					_t46 = _t45 - 1;
					if(_t46 == 0) {
						E100027CC(_t50);
						goto L13;
					}
					if(_t46 != 1) {
						goto L14;
					}
					goto L8;
				}
			}

















                                                                                                                                  0x1000198f
                                                                                                                                  0x1000198f
                                                                                                                                  0x1000198f
                                                                                                                                  0x10001999
                                                                                                                                  0x100019a1
                                                                                                                                  0x100019ae
                                                                                                                                  0x100019bc
                                                                                                                                  0x100019bf
                                                                                                                                  0x100019c1
                                                                                                                                  0x100019c6
                                                                                                                                  0x100019cb
                                                                                                                                  0x10001ade
                                                                                                                                  0x10001ade
                                                                                                                                  0x100019d1
                                                                                                                                  0x100019d5
                                                                                                                                  0x100019d8
                                                                                                                                  0x100019dd
                                                                                                                                  0x100019df
                                                                                                                                  0x100019e5
                                                                                                                                  0x100019eb
                                                                                                                                  0x10001a1b
                                                                                                                                  0x10001a22
                                                                                                                                  0x10001a46
                                                                                                                                  0x10001a85
                                                                                                                                  0x10001a48
                                                                                                                                  0x10001a48
                                                                                                                                  0x10001a49
                                                                                                                                  0x10001a4c
                                                                                                                                  0x10001a52
                                                                                                                                  0x10001a56
                                                                                                                                  0x10001a59
                                                                                                                                  0x10001a5e
                                                                                                                                  0x10001a5e
                                                                                                                                  0x10001a65
                                                                                                                                  0x10001a6b
                                                                                                                                  0x10001a71
                                                                                                                                  0x10001a7d
                                                                                                                                  0x10001a7e
                                                                                                                                  0x10001a81
                                                                                                                                  0x10001a24
                                                                                                                                  0x10001a25
                                                                                                                                  0x10001a3a
                                                                                                                                  0x10001a3a
                                                                                                                                  0x10001a8f
                                                                                                                                  0x10001a92
                                                                                                                                  0x10001a9f
                                                                                                                                  0x10001aa6
                                                                                                                                  0x10001aae
                                                                                                                                  0x10001ab1
                                                                                                                                  0x10001ab1
                                                                                                                                  0x10001aae
                                                                                                                                  0x10001abe
                                                                                                                                  0x10001ac6
                                                                                                                                  0x10001acb
                                                                                                                                  0x10001abe
                                                                                                                                  0x10001ad3
                                                                                                                                  0x00000000
                                                                                                                                  0x10001ad5
                                                                                                                                  0x00000000
                                                                                                                                  0x10001ad6
                                                                                                                                  0x10001ad3
                                                                                                                                  0x100019ef
                                                                                                                                  0x100019f2
                                                                                                                                  0x10001a10
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001a13
                                                                                                                                  0x10001a18
                                                                                                                                  0x10001a18
                                                                                                                                  0x10001a1a
                                                                                                                                  0x00000000
                                                                                                                                  0x10001a1a
                                                                                                                                  0x100019f4
                                                                                                                                  0x100019f5
                                                                                                                                  0x100019fd
                                                                                                                                  0x100019fe
                                                                                                                                  0x00000000
                                                                                                                                  0x100019fe
                                                                                                                                  0x100019f7
                                                                                                                                  0x100019f8
                                                                                                                                  0x10001a06
                                                                                                                                  0x00000000
                                                                                                                                  0x10001a06
                                                                                                                                  0x100019fb
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x100019fb

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F80
                                                                                                                                    • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F85
                                                                                                                                    • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F8A
                                                                                                                                  • GlobalFree.KERNEL32 ref: 10001A3A
                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 10001AB1
                                                                                                                                  • GlobalFree.KERNEL32 ref: 10001AD6
                                                                                                                                    • Part of subcall function 100023F6: GlobalAlloc.KERNEL32(00000040,E8002080), ref: 10002428
                                                                                                                                    • Part of subcall function 100027CC: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,?,10001A0B,00000000), ref: 1000281C
                                                                                                                                    • Part of subcall function 100018A1: lstrcpyA.KERNEL32(00000000,10004018,00000000,10001967,00000000), ref: 100018BA
                                                                                                                                    • Part of subcall function 100025FE: wsprintfA.USER32 ref: 1000265F
                                                                                                                                    • Part of subcall function 100025FE: GlobalFree.KERNEL32 ref: 10002728
                                                                                                                                    • Part of subcall function 100025FE: GlobalFree.KERNEL32 ref: 10002751
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.749338517.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.749309117.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749363604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749383020.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc$Librarylstrcpywsprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1767494692-3916222277
                                                                                                                                  • Opcode ID: 6e0759a576b18076926cce8c598bb7c3c4ce6d2cf8641f24577731197bddaade
                                                                                                                                  • Instruction ID: 73a644c0497f06cd708a10c3248ea791f84cf5318f3d9e6ca3c0cc3a1fe5f0c9
                                                                                                                                  • Opcode Fuzzy Hash: 6e0759a576b18076926cce8c598bb7c3c4ce6d2cf8641f24577731197bddaade
                                                                                                                                  • Instruction Fuzzy Hash: 8031A075601245AAFB41DF649CC5BDA3BE8FF062D0F148429F9066A09FCF749845CBA2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 004046F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 53%
                                                                                                                                  			E004046F1(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				int _t29;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405B88(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405B88(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405B88(_t34, 0, 0x4204a0, 0x4204a0, _a8);
				wsprintfA(_t26 + lstrlenA(0x4204a0), "%u.%u%s%s");
				_t29 = SetDlgItemTextA( *0x423678, _a4, 0x4204a0); // executed
				return _t29;
			}














                                                                                                                                  0x004046f9
                                                                                                                                  0x004046fd
                                                                                                                                  0x00404705
                                                                                                                                  0x00404708
                                                                                                                                  0x00404709
                                                                                                                                  0x0040470b
                                                                                                                                  0x0040470d
                                                                                                                                  0x00404710
                                                                                                                                  0x00404710
                                                                                                                                  0x00404717
                                                                                                                                  0x0040471d
                                                                                                                                  0x0040471d
                                                                                                                                  0x00404724
                                                                                                                                  0x0040472f
                                                                                                                                  0x00404730
                                                                                                                                  0x00404733
                                                                                                                                  0x00404733
                                                                                                                                  0x00404740
                                                                                                                                  0x0040474b
                                                                                                                                  0x0040474e
                                                                                                                                  0x00404760
                                                                                                                                  0x00404767
                                                                                                                                  0x00404768
                                                                                                                                  0x00404777
                                                                                                                                  0x00404787
                                                                                                                                  0x0040479a
                                                                                                                                  0x004047a3

                                                                                                                                  APIs
                                                                                                                                  • lstrlenA.KERNEL32(004204A0,004204A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404611,000000DF,0000040F,00000400,00000000), ref: 0040477F
                                                                                                                                  • wsprintfA.USER32 ref: 00404787
                                                                                                                                  • SetDlgItemTextA.USER32 ref: 0040479A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                  • String ID: %u.%u%s%s
                                                                                                                                  • API String ID: 3540041739-3551169577
                                                                                                                                  • Opcode ID: 99173bf0889fced4d8dda645ad176f9fe1007aed591e2cbd5ac374b51220c1a8
                                                                                                                                  • Instruction ID: e1128f73888b2767c9277aed1687fd20c93e739cc52df1aac9c0a45a5a8dde9d
                                                                                                                                  • Opcode Fuzzy Hash: 99173bf0889fced4d8dda645ad176f9fe1007aed591e2cbd5ac374b51220c1a8
                                                                                                                                  • Instruction Fuzzy Hash: 7311E2736001243BDB10666D9C46EEF3699DBC6335F14423BFA25F61D1E938AC5286A8
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 51%
                                                                                                                                  			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28); // executed
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8)); // executed
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405AC4();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                                                  0x00401bb6
                                                                                                                                  0x00401bc2
                                                                                                                                  0x00401bc5
                                                                                                                                  0x00401bce
                                                                                                                                  0x00401bce
                                                                                                                                  0x00401bd1
                                                                                                                                  0x00401bd5
                                                                                                                                  0x00401bde
                                                                                                                                  0x00401bde
                                                                                                                                  0x00401be1
                                                                                                                                  0x00401be5
                                                                                                                                  0x00401be7
                                                                                                                                  0x00401c34
                                                                                                                                  0x00401c36
                                                                                                                                  0x00401c3f
                                                                                                                                  0x00401c47
                                                                                                                                  0x00401c4a
                                                                                                                                  0x00401c4a
                                                                                                                                  0x00401c53
                                                                                                                                  0x00000000
                                                                                                                                  0x00401be9
                                                                                                                                  0x00401bf0
                                                                                                                                  0x00401bf2
                                                                                                                                  0x00401bfa
                                                                                                                                  0x00401bfd
                                                                                                                                  0x00401c25
                                                                                                                                  0x00401c59
                                                                                                                                  0x00401c59
                                                                                                                                  0x00401bff
                                                                                                                                  0x00401c0d
                                                                                                                                  0x00401c15
                                                                                                                                  0x00401c18
                                                                                                                                  0x00401c18
                                                                                                                                  0x00401bfd
                                                                                                                                  0x00401c5c
                                                                                                                                  0x00401c5f
                                                                                                                                  0x00401c65
                                                                                                                                  0x00402833
                                                                                                                                  0x00402833
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                  • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                                  • SendMessageA.USER32 ref: 00401C25
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                  • String ID: !
                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                  • Opcode ID: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                                                  • Instruction ID: 67abd366a37910a3fb0c7fe19d632a25016d3899897cc5a5bd850e91adcb6683
                                                                                                                                  • Opcode Fuzzy Hash: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                                                  • Instruction Fuzzy Hash: B721C4B1A44209BFEF01AFB4CE4AAAE7B75EF44344F14053EF602B60D1D6B84980E718
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A1D30 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(?,00000001,CBIOS_MAPPED_FILE_REV_200,?,?,032ABE7B,?,00286040,00000001,00000000,?,?,?,?,?,76D86490), ref: 032A1D3D
                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000,?,?,032ABE7B,?,00286040,00000001,00000000), ref: 032A1D50
                                                                                                                                  • CreateFileMappingA.KERNEL32 ref: 032A1D82
                                                                                                                                  Strings
                                                                                                                                  • CBIOS_MAPPED_FILE_REV_200, xrefs: 032A1D33
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DescriptorSecurity$CreateDaclFileInitializeMapping
                                                                                                                                  • String ID: CBIOS_MAPPED_FILE_REV_200
                                                                                                                                  • API String ID: 3020392471-2699816220
                                                                                                                                  • Opcode ID: a2f8f0a96a2e250b8bdb6ebaed7e6b2dcaa8aa7f146b6005fc5619645938e1cb
                                                                                                                                  • Instruction ID: 7ded893bb58cdd573a4574dfc966d9ca28d0e51dfc907d7eff0f76a93ff7c333
                                                                                                                                  • Opcode Fuzzy Hash: a2f8f0a96a2e250b8bdb6ebaed7e6b2dcaa8aa7f146b6005fc5619645938e1cb
                                                                                                                                  • Instruction Fuzzy Hash: A9F03C71605721AFE314EF55E848EABBBA8EB88B24F448608F564961C0D370D658CBE2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 004053C6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E004053C6(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a8,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                                  0x004053cf
                                                                                                                                  0x004053eb
                                                                                                                                  0x004053f3
                                                                                                                                  0x004053f8
                                                                                                                                  0x00000000
                                                                                                                                  0x004053fe
                                                                                                                                  0x00405402

                                                                                                                                  APIs
                                                                                                                                  • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 004053F8
                                                                                                                                  Strings
                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004053C6
                                                                                                                                  • Error launching installer, xrefs: 004053D9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                                                                  • API String ID: 3712363035-7751565
                                                                                                                                  • Opcode ID: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                                                  • Instruction ID: 069b69ca15cd8b990da55ccc95fe3be7356009797bdfa18ab8f6d6c8c96e71ef
                                                                                                                                  • Opcode Fuzzy Hash: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                                                  • Instruction Fuzzy Hash: A3E0ECB4A00219BFDB00AF64ED49AAB7BBDEB00305F90C522A911E2150D775D8118AB9
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00402303 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t30 =  *0x423f50; // 0x100
				_t31 = _t30 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a370) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a370 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F18(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a370, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a370, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey(); // executed
				}
				 *0x423f28 =  *0x423f28 +  *(_t37 - 4);
				return 0;
			}











                                                                                                                                  0x00402304
                                                                                                                                  0x00402309
                                                                                                                                  0x00402313
                                                                                                                                  0x0040231d
                                                                                                                                  0x00402320
                                                                                                                                  0x0040232a
                                                                                                                                  0x00402330
                                                                                                                                  0x0040233a
                                                                                                                                  0x00402341
                                                                                                                                  0x00402349
                                                                                                                                  0x00402357
                                                                                                                                  0x0040235b
                                                                                                                                  0x00402366
                                                                                                                                  0x00402366
                                                                                                                                  0x0040236a
                                                                                                                                  0x0040236e
                                                                                                                                  0x00402374
                                                                                                                                  0x00402379
                                                                                                                                  0x00402379
                                                                                                                                  0x0040237d
                                                                                                                                  0x00402389
                                                                                                                                  0x00402389
                                                                                                                                  0x004023a2
                                                                                                                                  0x004023a4
                                                                                                                                  0x004023a4
                                                                                                                                  0x004023a7
                                                                                                                                  0x0040247d
                                                                                                                                  0x0040247d
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                  • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 00402341
                                                                                                                                  • lstrlenA.KERNEL32(0040A370,00000023,?,?,?,00000100,?,?,?,00000011,00000002), ref: 00402361
                                                                                                                                  • RegSetValueExA.ADVAPI32(?,?,?,?,0040A370,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040239A
                                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,0040A370,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreateValuelstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1356686001-0
                                                                                                                                  • Opcode ID: 271707f578e5353a3fbe2519cc7d62c3cf42ff78cad1b3e4df9531e7eebe3039
                                                                                                                                  • Instruction ID: d7b132d9018d44432a73f3315d2b91b6aa1600c7a927e9fa70905f900517fa5a
                                                                                                                                  • Opcode Fuzzy Hash: 271707f578e5353a3fbe2519cc7d62c3cf42ff78cad1b3e4df9531e7eebe3039
                                                                                                                                  • Instruction Fuzzy Hash: BA1160B1E00209BFEB10AFA0DE49EAF767CFB54398F10413AF905B61D0D7B85D019669
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00401EC5 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                  			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30); // executed
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						__eax = GetFileVersionInfoA( *(__ebp - 0x2c), __ebx,  *(__ebp - 8), __eax); // executed
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E00405AC4(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405AC4(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *(__ebp - 4) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                                                                                  0x00401ec7
                                                                                                                                  0x00401ecf
                                                                                                                                  0x00401ed4
                                                                                                                                  0x00401ed9
                                                                                                                                  0x00401edd
                                                                                                                                  0x00401ee0
                                                                                                                                  0x00401ee2
                                                                                                                                  0x00401ee9
                                                                                                                                  0x00401ef2
                                                                                                                                  0x00401efa
                                                                                                                                  0x00401efd
                                                                                                                                  0x00401f0b
                                                                                                                                  0x00401f12
                                                                                                                                  0x00401f18
                                                                                                                                  0x00401f2b
                                                                                                                                  0x00401f34
                                                                                                                                  0x00401f40
                                                                                                                                  0x00401f45
                                                                                                                                  0x00401f45
                                                                                                                                  0x00401f2b
                                                                                                                                  0x00401f48
                                                                                                                                  0x00401b75
                                                                                                                                  0x00401b75
                                                                                                                                  0x00401efd
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                  • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                                                  • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                                                  • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                                                    • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1404258612-0
                                                                                                                                  • Opcode ID: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                                                  • Instruction ID: 178fa6cf4330108057832d0c189c0e5a27020503733a18e797ef1cc5e9d7aef6
                                                                                                                                  • Opcode Fuzzy Hash: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                                                  • Instruction Fuzzy Hash: 52113A71A00108BEDB01EFA5DD819AEBBB9EB48344B20853AF501F61E1D7389A54DB28
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A1590 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateFileA.KERNELBASE(C0000000,C0000000,00000002,00000000,00000003,00000000,00000000,?,?,?,032A19D7,00000000,00005960,032AA3A6,00000000,00285F40), ref: 032A1614
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateFile
                                                                                                                                  • String ID: \\.\CBUSB2CFG$\\.\CBUSBCFG
                                                                                                                                  • API String ID: 823142352-3436020646
                                                                                                                                  • Opcode ID: 3bfe80694d9c7f81cfb7f58a187bf185a87ca9595ce7cb398300bc806e8929c1
                                                                                                                                  • Instruction ID: 7101d4736fc8b864a080ec1b0cb4cbd0e01caae614a38fc66496fd0facf3104d
                                                                                                                                  • Opcode Fuzzy Hash: 3bfe80694d9c7f81cfb7f58a187bf185a87ca9595ce7cb398300bc806e8929c1
                                                                                                                                  • Instruction Fuzzy Hash: F5216D74A193009FD308DF24E885B6AB7E4AF9CB04F41CA1CF489DB384E334A590CB96
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00401389 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 69%
                                                                                                                                  			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423ed0; // 0x6a0a6c
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42368c =  *0x42368c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42368c, 0x7530,  *0x423674), 0); // executed
					}
				}
				return 0;
			}












                                                                                                                                  0x0040138a
                                                                                                                                  0x004013fa
                                                                                                                                  0x00401392
                                                                                                                                  0x0040139b
                                                                                                                                  0x004013a0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004013a2
                                                                                                                                  0x004013a3
                                                                                                                                  0x004013ad
                                                                                                                                  0x00000000
                                                                                                                                  0x00401404
                                                                                                                                  0x004013b0
                                                                                                                                  0x004013b7
                                                                                                                                  0x004013bd
                                                                                                                                  0x004013be
                                                                                                                                  0x004013c0
                                                                                                                                  0x004013c2
                                                                                                                                  0x004013b9
                                                                                                                                  0x004013b9
                                                                                                                                  0x004013ba
                                                                                                                                  0x004013ba
                                                                                                                                  0x004013c9
                                                                                                                                  0x004013cb
                                                                                                                                  0x004013f4
                                                                                                                                  0x004013f4
                                                                                                                                  0x004013c9
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                  • SendMessageA.USER32 ref: 004013F4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID: lj
                                                                                                                                  • API String ID: 3850602802-3909389210
                                                                                                                                  • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                                                  • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                                                                                                                                  • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                                                  • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00403208 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                  			E00403208(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\alfons\\AppData\\Local\\Temp\\";
				E00405DC8(_t6);
				_t2 = E004056C6(_t6);
				if(_t2 != 0) {
					E00405659(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040586C("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                                                                  0x00403209
                                                                                                                                  0x0040320f
                                                                                                                                  0x00403215
                                                                                                                                  0x0040321c
                                                                                                                                  0x00403221
                                                                                                                                  0x00403229
                                                                                                                                  0x00403235
                                                                                                                                  0x0040323b
                                                                                                                                  0x0040321f
                                                                                                                                  0x0040321f
                                                                                                                                  0x0040321f

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                                    • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                                    • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                                    • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                                  • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00403229
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                  • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                                  • API String ID: 4115351271-2030658151
                                                                                                                                  • Opcode ID: abd89e45c2a658b1316b3d4f01b0b3756ccb9227471bfd75c63f163c6189ffd7
                                                                                                                                  • Instruction ID: 28437e5e833f6c5712a3d87292ca06883de7807d6adf700678bf42288e0e849f
                                                                                                                                  • Opcode Fuzzy Hash: abd89e45c2a658b1316b3d4f01b0b3756ccb9227471bfd75c63f163c6189ffd7
                                                                                                                                  • Instruction Fuzzy Hash: 11D0C922656E3032C651363A3C0AFDF091C8F5271AF55847BF908B40D64B6C5A5259EF
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BD8A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 10libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNELBASE(mpiwin32.dll,032BAD92), ref: 032BD8A5
                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 032BD8B3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Library$FreeLoad
                                                                                                                                  • String ID: mpiwin32.dll
                                                                                                                                  • API String ID: 534179979-1164433464
                                                                                                                                  • Opcode ID: 4e582a97a4368e62a05ea87cd392efd3d9ecc81c60282766d122a9688355181f
                                                                                                                                  • Instruction ID: 6b1b392ba27c2f159b0f470c6d321347df9b7f0c19219a4eb84cadb7b8375fa3
                                                                                                                                  • Opcode Fuzzy Hash: 4e582a97a4368e62a05ea87cd392efd3d9ecc81c60282766d122a9688355181f
                                                                                                                                  • Instruction Fuzzy Hash: 01B0923CA253226AEE10AE75B90DBCE37687A49EC3B84D0C0E812C6609D735C096E921
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00406566 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 99%
                                                                                                                                  			E00406566() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004069D4))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                                  0x00406566
                                                                                                                                  0x00406566
                                                                                                                                  0x00406566
                                                                                                                                  0x00406566
                                                                                                                                  0x0040656c
                                                                                                                                  0x00406570
                                                                                                                                  0x00406574
                                                                                                                                  0x0040657e
                                                                                                                                  0x0040658c
                                                                                                                                  0x00406862
                                                                                                                                  0x00406862
                                                                                                                                  0x00406865
                                                                                                                                  0x0040686c
                                                                                                                                  0x00406899
                                                                                                                                  0x00406899
                                                                                                                                  0x0040689d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040689f
                                                                                                                                  0x004068a8
                                                                                                                                  0x004068ae
                                                                                                                                  0x004068b1
                                                                                                                                  0x004068b4
                                                                                                                                  0x004068b7
                                                                                                                                  0x004068ba
                                                                                                                                  0x004068c0
                                                                                                                                  0x004068d9
                                                                                                                                  0x004068dc
                                                                                                                                  0x004068e8
                                                                                                                                  0x004068e9
                                                                                                                                  0x004068ec
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068d1
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068f6
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406899
                                                                                                                                  0x0040689d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x004068f8
                                                                                                                                  0x00406871
                                                                                                                                  0x00406875
                                                                                                                                  0x004069ad
                                                                                                                                  0x004069ad
                                                                                                                                  0x004069b7
                                                                                                                                  0x004069bf
                                                                                                                                  0x004069c6
                                                                                                                                  0x004069c8
                                                                                                                                  0x004069cf
                                                                                                                                  0x004069d3
                                                                                                                                  0x004069d3
                                                                                                                                  0x0040687b
                                                                                                                                  0x00406881
                                                                                                                                  0x00406888
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406893
                                                                                                                                  0x00000000
                                                                                                                                  0x00406893
                                                                                                                                  0x004068fd
                                                                                                                                  0x0040690a
                                                                                                                                  0x0040690d
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fbe
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4
                                                                                                                                  0x00405fc4
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fcb
                                                                                                                                  0x00405fcf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fd5
                                                                                                                                  0x00405fd8
                                                                                                                                  0x00405fdb
                                                                                                                                  0x00405fde
                                                                                                                                  0x00405fe2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fe8
                                                                                                                                  0x00405fe8
                                                                                                                                  0x00405feb
                                                                                                                                  0x00405fed
                                                                                                                                  0x00405fee
                                                                                                                                  0x00405ff1
                                                                                                                                  0x00405ff3
                                                                                                                                  0x00405ff4
                                                                                                                                  0x00405ff6
                                                                                                                                  0x00405ff9
                                                                                                                                  0x00405ffe
                                                                                                                                  0x00406003
                                                                                                                                  0x0040600c
                                                                                                                                  0x0040601f
                                                                                                                                  0x00406022
                                                                                                                                  0x0040602e
                                                                                                                                  0x00406056
                                                                                                                                  0x00406058
                                                                                                                                  0x00406066
                                                                                                                                  0x00406066
                                                                                                                                  0x0040606a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605d
                                                                                                                                  0x0040605e
                                                                                                                                  0x0040605e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x00406030
                                                                                                                                  0x00406034
                                                                                                                                  0x00406039
                                                                                                                                  0x00406039
                                                                                                                                  0x00406042
                                                                                                                                  0x0040604a
                                                                                                                                  0x0040604d
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406070
                                                                                                                                  0x00406070
                                                                                                                                  0x00406074
                                                                                                                                  0x00406920
                                                                                                                                  0x00406920
                                                                                                                                  0x00000000
                                                                                                                                  0x00406920
                                                                                                                                  0x0040607a
                                                                                                                                  0x0040607d
                                                                                                                                  0x0040608d
                                                                                                                                  0x00406090
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406096
                                                                                                                                  0x0040609a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040609c
                                                                                                                                  0x0040609c
                                                                                                                                  0x004060a2
                                                                                                                                  0x004060cc
                                                                                                                                  0x004060d2
                                                                                                                                  0x004060d9
                                                                                                                                  0x00000000
                                                                                                                                  0x004060d9
                                                                                                                                  0x004060a4
                                                                                                                                  0x004060a8
                                                                                                                                  0x004060ab
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060bb
                                                                                                                                  0x004060c3
                                                                                                                                  0x004060c6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040610b
                                                                                                                                  0x00406111
                                                                                                                                  0x00406114
                                                                                                                                  0x00406121
                                                                                                                                  0x00406129
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e4
                                                                                                                                  0x0040692f
                                                                                                                                  0x0040692f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040692f
                                                                                                                                  0x004060ea
                                                                                                                                  0x004060f0
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fe
                                                                                                                                  0x00406101
                                                                                                                                  0x00406104
                                                                                                                                  0x00406109
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a6
                                                                                                                                  0x004067ac
                                                                                                                                  0x004067b2
                                                                                                                                  0x004067cc
                                                                                                                                  0x004067cf
                                                                                                                                  0x004067d5
                                                                                                                                  0x004067e0
                                                                                                                                  0x004067e0
                                                                                                                                  0x004067e2
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067c3
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067ec
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004067ee
                                                                                                                                  0x004067f2
                                                                                                                                  0x004069a1
                                                                                                                                  0x004069a1
                                                                                                                                  0x00000000
                                                                                                                                  0x004069a1
                                                                                                                                  0x004067f8
                                                                                                                                  0x004067fe
                                                                                                                                  0x00406805
                                                                                                                                  0x0040680d
                                                                                                                                  0x00406810
                                                                                                                                  0x00406813
                                                                                                                                  0x00406813
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406131
                                                                                                                                  0x00406131
                                                                                                                                  0x00406133
                                                                                                                                  0x00406136
                                                                                                                                  0x004061a7
                                                                                                                                  0x004061a7
                                                                                                                                  0x004061aa
                                                                                                                                  0x004061ad
                                                                                                                                  0x004061b4
                                                                                                                                  0x004061be
                                                                                                                                  0x00000000
                                                                                                                                  0x004061be
                                                                                                                                  0x00406138
                                                                                                                                  0x00406138
                                                                                                                                  0x0040613c
                                                                                                                                  0x0040613f
                                                                                                                                  0x00406141
                                                                                                                                  0x00406144
                                                                                                                                  0x00406147
                                                                                                                                  0x00406149
                                                                                                                                  0x0040614c
                                                                                                                                  0x0040614e
                                                                                                                                  0x00406153
                                                                                                                                  0x00406156
                                                                                                                                  0x00406159
                                                                                                                                  0x0040615d
                                                                                                                                  0x00406164
                                                                                                                                  0x00406167
                                                                                                                                  0x0040616e
                                                                                                                                  0x00406172
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x0040617e
                                                                                                                                  0x00406181
                                                                                                                                  0x0040619f
                                                                                                                                  0x0040619f
                                                                                                                                  0x004061a1
                                                                                                                                  0x00000000
                                                                                                                                  0x00406183
                                                                                                                                  0x00406183
                                                                                                                                  0x00406183
                                                                                                                                  0x00406186
                                                                                                                                  0x00406189
                                                                                                                                  0x0040618c
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x00406191
                                                                                                                                  0x00406194
                                                                                                                                  0x00406196
                                                                                                                                  0x00406197
                                                                                                                                  0x0040619a
                                                                                                                                  0x00000000
                                                                                                                                  0x0040619a
                                                                                                                                  0x00000000
                                                                                                                                  0x004063d0
                                                                                                                                  0x004063d0
                                                                                                                                  0x004063d4
                                                                                                                                  0x004063f2
                                                                                                                                  0x004063f2
                                                                                                                                  0x004063f5
                                                                                                                                  0x004063fc
                                                                                                                                  0x004063ff
                                                                                                                                  0x00406402
                                                                                                                                  0x00406405
                                                                                                                                  0x00406408
                                                                                                                                  0x0040640b
                                                                                                                                  0x0040640d
                                                                                                                                  0x00406414
                                                                                                                                  0x00406415
                                                                                                                                  0x00406417
                                                                                                                                  0x0040641a
                                                                                                                                  0x0040641d
                                                                                                                                  0x00406420
                                                                                                                                  0x00406420
                                                                                                                                  0x00406425
                                                                                                                                  0x00000000
                                                                                                                                  0x00406425
                                                                                                                                  0x004063d6
                                                                                                                                  0x004063d6
                                                                                                                                  0x004063d9
                                                                                                                                  0x004063dc
                                                                                                                                  0x004063e6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040643a
                                                                                                                                  0x0040643a
                                                                                                                                  0x0040643e
                                                                                                                                  0x00406461
                                                                                                                                  0x00406464
                                                                                                                                  0x00406467
                                                                                                                                  0x00406471
                                                                                                                                  0x00406440
                                                                                                                                  0x00406440
                                                                                                                                  0x00406443
                                                                                                                                  0x00406446
                                                                                                                                  0x00406449
                                                                                                                                  0x00406456
                                                                                                                                  0x00406459
                                                                                                                                  0x00406459
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040647d
                                                                                                                                  0x0040647d
                                                                                                                                  0x00406481
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406487
                                                                                                                                  0x00406487
                                                                                                                                  0x0040648b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406491
                                                                                                                                  0x00406491
                                                                                                                                  0x00406493
                                                                                                                                  0x00406497
                                                                                                                                  0x00406497
                                                                                                                                  0x0040649a
                                                                                                                                  0x0040649e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004064ee
                                                                                                                                  0x004064ee
                                                                                                                                  0x004064f2
                                                                                                                                  0x004064f9
                                                                                                                                  0x004064f9
                                                                                                                                  0x004064fc
                                                                                                                                  0x004064ff
                                                                                                                                  0x00406509
                                                                                                                                  0x00000000
                                                                                                                                  0x00406509
                                                                                                                                  0x004064f4
                                                                                                                                  0x004064f4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406515
                                                                                                                                  0x00406515
                                                                                                                                  0x00406519
                                                                                                                                  0x00406520
                                                                                                                                  0x00406523
                                                                                                                                  0x00406526
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x00406529
                                                                                                                                  0x0040652c
                                                                                                                                  0x0040652f
                                                                                                                                  0x0040652f
                                                                                                                                  0x00406532
                                                                                                                                  0x00406535
                                                                                                                                  0x00406538
                                                                                                                                  0x00406538
                                                                                                                                  0x0040653b
                                                                                                                                  0x00406542
                                                                                                                                  0x00406547
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d9
                                                                                                                                  0x00406977
                                                                                                                                  0x00406977
                                                                                                                                  0x00000000
                                                                                                                                  0x00406977
                                                                                                                                  0x004065df
                                                                                                                                  0x004065df
                                                                                                                                  0x004065e2
                                                                                                                                  0x004065e5
                                                                                                                                  0x004065e9
                                                                                                                                  0x004065ec
                                                                                                                                  0x004065f2
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f7
                                                                                                                                  0x004065fa
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ce
                                                                                                                                  0x0040693b
                                                                                                                                  0x0040693b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040693b
                                                                                                                                  0x004061d4
                                                                                                                                  0x004061d4
                                                                                                                                  0x004061d7
                                                                                                                                  0x004061da
                                                                                                                                  0x004061de
                                                                                                                                  0x004061e1
                                                                                                                                  0x004061e7
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061ec
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061f2
                                                                                                                                  0x004061f5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004061fb
                                                                                                                                  0x004061fb
                                                                                                                                  0x00406201
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406207
                                                                                                                                  0x00406207
                                                                                                                                  0x0040620b
                                                                                                                                  0x0040620e
                                                                                                                                  0x00406211
                                                                                                                                  0x00406214
                                                                                                                                  0x00406217
                                                                                                                                  0x00406218
                                                                                                                                  0x0040621b
                                                                                                                                  0x0040621d
                                                                                                                                  0x00406223
                                                                                                                                  0x00406226
                                                                                                                                  0x00406229
                                                                                                                                  0x0040622c
                                                                                                                                  0x0040622f
                                                                                                                                  0x00406232
                                                                                                                                  0x00406235
                                                                                                                                  0x00406251
                                                                                                                                  0x00406254
                                                                                                                                  0x00406257
                                                                                                                                  0x0040625a
                                                                                                                                  0x00406261
                                                                                                                                  0x00406265
                                                                                                                                  0x00406267
                                                                                                                                  0x0040626b
                                                                                                                                  0x00406237
                                                                                                                                  0x00406237
                                                                                                                                  0x0040623b
                                                                                                                                  0x00406243
                                                                                                                                  0x00406248
                                                                                                                                  0x0040624a
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040626e
                                                                                                                                  0x00406275
                                                                                                                                  0x00406278
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x0040627e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x00000000
                                                                                                                                  0x00406283
                                                                                                                                  0x00406283
                                                                                                                                  0x00406287
                                                                                                                                  0x00406947
                                                                                                                                  0x00406947
                                                                                                                                  0x00000000
                                                                                                                                  0x00406947
                                                                                                                                  0x0040628d
                                                                                                                                  0x0040628d
                                                                                                                                  0x00406290
                                                                                                                                  0x00406293
                                                                                                                                  0x00406297
                                                                                                                                  0x0040629a
                                                                                                                                  0x004062a0
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a5
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062ae
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004062b0
                                                                                                                                  0x004062b0
                                                                                                                                  0x004062b3
                                                                                                                                  0x004062b6
                                                                                                                                  0x004062b9
                                                                                                                                  0x004062bc
                                                                                                                                  0x004062bf
                                                                                                                                  0x004062c2
                                                                                                                                  0x004062c5
                                                                                                                                  0x004062c8
                                                                                                                                  0x004062cb
                                                                                                                                  0x004062ce
                                                                                                                                  0x004062e6
                                                                                                                                  0x004062e9
                                                                                                                                  0x004062ec
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062f2
                                                                                                                                  0x004062f6
                                                                                                                                  0x004062f8
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d8
                                                                                                                                  0x004062dd
                                                                                                                                  0x004062df
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062fb
                                                                                                                                  0x00406302
                                                                                                                                  0x00406305
                                                                                                                                  0x00000000
                                                                                                                                  0x00406307
                                                                                                                                  0x00406307
                                                                                                                                  0x00000000
                                                                                                                                  0x00406307
                                                                                                                                  0x00406305
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406347
                                                                                                                                  0x00406347
                                                                                                                                  0x0040634b
                                                                                                                                  0x00406953
                                                                                                                                  0x00406953
                                                                                                                                  0x00000000
                                                                                                                                  0x00406953
                                                                                                                                  0x00406351
                                                                                                                                  0x00406351
                                                                                                                                  0x00406354
                                                                                                                                  0x00406357
                                                                                                                                  0x0040635b
                                                                                                                                  0x0040635e
                                                                                                                                  0x00406364
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406369
                                                                                                                                  0x0040636c
                                                                                                                                  0x0040636c
                                                                                                                                  0x00406372
                                                                                                                                  0x00406310
                                                                                                                                  0x00406310
                                                                                                                                  0x00406313
                                                                                                                                  0x00000000
                                                                                                                                  0x00406313
                                                                                                                                  0x00406374
                                                                                                                                  0x00406374
                                                                                                                                  0x00406377
                                                                                                                                  0x0040637a
                                                                                                                                  0x0040637d
                                                                                                                                  0x00406380
                                                                                                                                  0x00406383
                                                                                                                                  0x00406386
                                                                                                                                  0x00406389
                                                                                                                                  0x0040638c
                                                                                                                                  0x0040638f
                                                                                                                                  0x00406392
                                                                                                                                  0x004063aa
                                                                                                                                  0x004063ad
                                                                                                                                  0x004063b0
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b6
                                                                                                                                  0x004063ba
                                                                                                                                  0x004063bc
                                                                                                                                  0x00406394
                                                                                                                                  0x00406394
                                                                                                                                  0x0040639c
                                                                                                                                  0x004063a1
                                                                                                                                  0x004063a3
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063bf
                                                                                                                                  0x004063c6
                                                                                                                                  0x004063c9
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x004063cb
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x00000000
                                                                                                                                  0x00406658
                                                                                                                                  0x00406658
                                                                                                                                  0x0040665c
                                                                                                                                  0x00406983
                                                                                                                                  0x00406983
                                                                                                                                  0x00000000
                                                                                                                                  0x00406983
                                                                                                                                  0x00406662
                                                                                                                                  0x00406662
                                                                                                                                  0x00406665
                                                                                                                                  0x00406668
                                                                                                                                  0x0040666c
                                                                                                                                  0x0040666f
                                                                                                                                  0x00406675
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x0040667a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406428
                                                                                                                                  0x00406428
                                                                                                                                  0x0040642b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406767
                                                                                                                                  0x00406767
                                                                                                                                  0x0040676b
                                                                                                                                  0x0040678d
                                                                                                                                  0x0040678d
                                                                                                                                  0x00406790
                                                                                                                                  0x0040679a
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040676d
                                                                                                                                  0x0040676d
                                                                                                                                  0x00406770
                                                                                                                                  0x00406774
                                                                                                                                  0x00406777
                                                                                                                                  0x00406777
                                                                                                                                  0x0040677a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406824
                                                                                                                                  0x00406824
                                                                                                                                  0x00406828
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x0040684d
                                                                                                                                  0x00406854
                                                                                                                                  0x0040685b
                                                                                                                                  0x0040685b
                                                                                                                                  0x00406862
                                                                                                                                  0x00406865
                                                                                                                                  0x0040686c
                                                                                                                                  0x00000000
                                                                                                                                  0x0040686f
                                                                                                                                  0x0040682a
                                                                                                                                  0x0040682a
                                                                                                                                  0x0040682d
                                                                                                                                  0x00406830
                                                                                                                                  0x00406833
                                                                                                                                  0x0040683a
                                                                                                                                  0x0040677e
                                                                                                                                  0x0040677e
                                                                                                                                  0x00406781
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406915
                                                                                                                                  0x00406915
                                                                                                                                  0x00406918
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00000000
                                                                                                                                  0x0040681f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040654f
                                                                                                                                  0x0040654f
                                                                                                                                  0x00406551
                                                                                                                                  0x00406558
                                                                                                                                  0x00406559
                                                                                                                                  0x0040655b
                                                                                                                                  0x0040655e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406862
                                                                                                                                  0x00406862
                                                                                                                                  0x00406865
                                                                                                                                  0x0040686c
                                                                                                                                  0x00000000
                                                                                                                                  0x0040686f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406594
                                                                                                                                  0x00406594
                                                                                                                                  0x00406597
                                                                                                                                  0x004065cd
                                                                                                                                  0x004065cd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x00406700
                                                                                                                                  0x00406700
                                                                                                                                  0x00406703
                                                                                                                                  0x00406705
                                                                                                                                  0x0040698f
                                                                                                                                  0x0040698f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040698f
                                                                                                                                  0x0040670b
                                                                                                                                  0x0040670b
                                                                                                                                  0x0040670e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406714
                                                                                                                                  0x00406714
                                                                                                                                  0x00406718
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671b
                                                                                                                                  0x00406599
                                                                                                                                  0x00406599
                                                                                                                                  0x0040659b
                                                                                                                                  0x0040659d
                                                                                                                                  0x0040659f
                                                                                                                                  0x004065a2
                                                                                                                                  0x004065a3
                                                                                                                                  0x004065a5
                                                                                                                                  0x004065a7
                                                                                                                                  0x004065aa
                                                                                                                                  0x004065ad
                                                                                                                                  0x004065c3
                                                                                                                                  0x004065c3
                                                                                                                                  0x004065c8
                                                                                                                                  0x00406600
                                                                                                                                  0x00406600
                                                                                                                                  0x00406604
                                                                                                                                  0x0040662d
                                                                                                                                  0x00406630
                                                                                                                                  0x00406632
                                                                                                                                  0x00406639
                                                                                                                                  0x0040663c
                                                                                                                                  0x0040663f
                                                                                                                                  0x0040663f
                                                                                                                                  0x00406644
                                                                                                                                  0x00406644
                                                                                                                                  0x00406646
                                                                                                                                  0x00406649
                                                                                                                                  0x00406650
                                                                                                                                  0x00406653
                                                                                                                                  0x00406680
                                                                                                                                  0x00406680
                                                                                                                                  0x00406683
                                                                                                                                  0x00406686
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x00000000
                                                                                                                                  0x004066fa
                                                                                                                                  0x00406688
                                                                                                                                  0x00406688
                                                                                                                                  0x0040668e
                                                                                                                                  0x00406691
                                                                                                                                  0x00406694
                                                                                                                                  0x00406697
                                                                                                                                  0x0040669a
                                                                                                                                  0x0040669d
                                                                                                                                  0x004066a0
                                                                                                                                  0x004066a3
                                                                                                                                  0x004066a6
                                                                                                                                  0x004066a9
                                                                                                                                  0x004066c2
                                                                                                                                  0x004066c4
                                                                                                                                  0x004066c7
                                                                                                                                  0x004066c8
                                                                                                                                  0x004066cb
                                                                                                                                  0x004066cd
                                                                                                                                  0x004066d0
                                                                                                                                  0x004066d2
                                                                                                                                  0x004066d4
                                                                                                                                  0x004066d7
                                                                                                                                  0x004066d9
                                                                                                                                  0x004066dc
                                                                                                                                  0x004066e0
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e3
                                                                                                                                  0x004066e6
                                                                                                                                  0x004066e9
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066b3
                                                                                                                                  0x004066b8
                                                                                                                                  0x004066ba
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066ec
                                                                                                                                  0x004066f3
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x004066f5
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x004066f3
                                                                                                                                  0x00406606
                                                                                                                                  0x00406606
                                                                                                                                  0x00406609
                                                                                                                                  0x0040660b
                                                                                                                                  0x0040660e
                                                                                                                                  0x00406611
                                                                                                                                  0x00406614
                                                                                                                                  0x00406616
                                                                                                                                  0x00406619
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661f
                                                                                                                                  0x0040661f
                                                                                                                                  0x00406622
                                                                                                                                  0x00406629
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x0040662b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00406629
                                                                                                                                  0x004065af
                                                                                                                                  0x004065af
                                                                                                                                  0x004065b2
                                                                                                                                  0x004065b4
                                                                                                                                  0x004065b7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406316
                                                                                                                                  0x00406316
                                                                                                                                  0x0040631a
                                                                                                                                  0x0040695f
                                                                                                                                  0x0040695f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040695f
                                                                                                                                  0x00406320
                                                                                                                                  0x00406320
                                                                                                                                  0x00406323
                                                                                                                                  0x00406326
                                                                                                                                  0x00406329
                                                                                                                                  0x0040632c
                                                                                                                                  0x0040632f
                                                                                                                                  0x00406332
                                                                                                                                  0x00406334
                                                                                                                                  0x00406337
                                                                                                                                  0x0040633a
                                                                                                                                  0x0040633d
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a5
                                                                                                                                  0x0040696b
                                                                                                                                  0x0040696b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040696b
                                                                                                                                  0x004064ab
                                                                                                                                  0x004064ab
                                                                                                                                  0x004064ae
                                                                                                                                  0x004064b1
                                                                                                                                  0x004064b4
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b9
                                                                                                                                  0x004064bc
                                                                                                                                  0x004064bf
                                                                                                                                  0x004064c2
                                                                                                                                  0x004064c5
                                                                                                                                  0x004064c8
                                                                                                                                  0x004064c9
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064ce
                                                                                                                                  0x004064d1
                                                                                                                                  0x004064d4
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064da
                                                                                                                                  0x004064dc
                                                                                                                                  0x004064dc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x00406722
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406728
                                                                                                                                  0x00406728
                                                                                                                                  0x0040672b
                                                                                                                                  0x0040672e
                                                                                                                                  0x00406731
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406736
                                                                                                                                  0x00406739
                                                                                                                                  0x0040673c
                                                                                                                                  0x0040673f
                                                                                                                                  0x00406742
                                                                                                                                  0x00406745
                                                                                                                                  0x00406746
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x0040674b
                                                                                                                                  0x0040674e
                                                                                                                                  0x00406751
                                                                                                                                  0x00406754
                                                                                                                                  0x00406757
                                                                                                                                  0x0040675b
                                                                                                                                  0x0040675d
                                                                                                                                  0x00406760
                                                                                                                                  0x00000000
                                                                                                                                  0x00406762
                                                                                                                                  0x00406762
                                                                                                                                  0x004064df
                                                                                                                                  0x004064df
                                                                                                                                  0x00000000
                                                                                                                                  0x004064df
                                                                                                                                  0x00406760
                                                                                                                                  0x00406995
                                                                                                                                  0x00406995
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4
                                                                                                                                  0x004069cc
                                                                                                                                  0x004069cc
                                                                                                                                  0x00000000
                                                                                                                                  0x004069cc
                                                                                                                                  0x00406819
                                                                                                                                  0x00406899
                                                                                                                                  0x00406862

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                                                  • Instruction ID: 319d18918fa2cc3741333e20ed782d5c303dd2f769888eebbc994f2124d7c2e6
                                                                                                                                  • Opcode Fuzzy Hash: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                                                  • Instruction Fuzzy Hash: 29A15171E00229CBDF28CFA8C8547ADBBB1FF44305F15812AD856BB281D7789A96DF44
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00406767 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                  			E00406767() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                                  0x00000000
                                                                                                                                  0x00406767
                                                                                                                                  0x00406767
                                                                                                                                  0x0040676b
                                                                                                                                  0x00406790
                                                                                                                                  0x0040679a
                                                                                                                                  0x00000000
                                                                                                                                  0x0040676d
                                                                                                                                  0x0040676d
                                                                                                                                  0x00406770
                                                                                                                                  0x00406774
                                                                                                                                  0x00406777
                                                                                                                                  0x0040677a
                                                                                                                                  0x0040677e
                                                                                                                                  0x0040677e
                                                                                                                                  0x00406781
                                                                                                                                  0x0040685b
                                                                                                                                  0x0040685b
                                                                                                                                  0x00406862
                                                                                                                                  0x00406862
                                                                                                                                  0x00406865
                                                                                                                                  0x0040686c
                                                                                                                                  0x00406899
                                                                                                                                  0x0040689d
                                                                                                                                  0x004068fd
                                                                                                                                  0x00406900
                                                                                                                                  0x00406905
                                                                                                                                  0x00406906
                                                                                                                                  0x00406908
                                                                                                                                  0x0040690a
                                                                                                                                  0x0040690d
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fbe
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fcf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fd8
                                                                                                                                  0x00405fdb
                                                                                                                                  0x00405fde
                                                                                                                                  0x00405fe2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fe8
                                                                                                                                  0x00405feb
                                                                                                                                  0x00405fed
                                                                                                                                  0x00405fee
                                                                                                                                  0x00405ff1
                                                                                                                                  0x00405ff3
                                                                                                                                  0x00405ff4
                                                                                                                                  0x00405ff6
                                                                                                                                  0x00405ff9
                                                                                                                                  0x00405ffe
                                                                                                                                  0x00406003
                                                                                                                                  0x0040600c
                                                                                                                                  0x0040601f
                                                                                                                                  0x00406022
                                                                                                                                  0x0040602e
                                                                                                                                  0x00406056
                                                                                                                                  0x00406058
                                                                                                                                  0x00406066
                                                                                                                                  0x00406066
                                                                                                                                  0x0040606a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605d
                                                                                                                                  0x0040605e
                                                                                                                                  0x0040605e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x00406034
                                                                                                                                  0x00406039
                                                                                                                                  0x00406039
                                                                                                                                  0x00406042
                                                                                                                                  0x0040604a
                                                                                                                                  0x0040604d
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406070
                                                                                                                                  0x00406070
                                                                                                                                  0x00406074
                                                                                                                                  0x00406920
                                                                                                                                  0x00000000
                                                                                                                                  0x00406920
                                                                                                                                  0x0040607d
                                                                                                                                  0x0040608d
                                                                                                                                  0x00406090
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406096
                                                                                                                                  0x0040609a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040609c
                                                                                                                                  0x004060a2
                                                                                                                                  0x004060cc
                                                                                                                                  0x004060d2
                                                                                                                                  0x004060d9
                                                                                                                                  0x00000000
                                                                                                                                  0x004060d9
                                                                                                                                  0x004060a8
                                                                                                                                  0x004060ab
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060bb
                                                                                                                                  0x004060c3
                                                                                                                                  0x004060c6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040610b
                                                                                                                                  0x00406111
                                                                                                                                  0x00406114
                                                                                                                                  0x00406121
                                                                                                                                  0x00406129
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e4
                                                                                                                                  0x0040692f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040692f
                                                                                                                                  0x004060f0
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fe
                                                                                                                                  0x00406101
                                                                                                                                  0x00406104
                                                                                                                                  0x00406109
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a6
                                                                                                                                  0x004067ac
                                                                                                                                  0x004067b2
                                                                                                                                  0x004067cc
                                                                                                                                  0x004067cf
                                                                                                                                  0x004067d5
                                                                                                                                  0x004067e0
                                                                                                                                  0x004067e0
                                                                                                                                  0x004067e2
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067c3
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067ec
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004067ee
                                                                                                                                  0x004067f2
                                                                                                                                  0x004069a1
                                                                                                                                  0x00000000
                                                                                                                                  0x004069a1
                                                                                                                                  0x004067fe
                                                                                                                                  0x00406805
                                                                                                                                  0x0040680d
                                                                                                                                  0x00406810
                                                                                                                                  0x00406813
                                                                                                                                  0x00406813
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406131
                                                                                                                                  0x00406133
                                                                                                                                  0x00406136
                                                                                                                                  0x004061a7
                                                                                                                                  0x004061aa
                                                                                                                                  0x004061ad
                                                                                                                                  0x004061b4
                                                                                                                                  0x004061be
                                                                                                                                  0x00000000
                                                                                                                                  0x004061be
                                                                                                                                  0x00406138
                                                                                                                                  0x0040613c
                                                                                                                                  0x0040613f
                                                                                                                                  0x00406141
                                                                                                                                  0x00406144
                                                                                                                                  0x00406147
                                                                                                                                  0x00406149
                                                                                                                                  0x0040614c
                                                                                                                                  0x0040614e
                                                                                                                                  0x00406153
                                                                                                                                  0x00406156
                                                                                                                                  0x00406159
                                                                                                                                  0x0040615d
                                                                                                                                  0x00406164
                                                                                                                                  0x00406167
                                                                                                                                  0x0040616e
                                                                                                                                  0x00406172
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x0040617e
                                                                                                                                  0x00406181
                                                                                                                                  0x0040619f
                                                                                                                                  0x004061a1
                                                                                                                                  0x00000000
                                                                                                                                  0x00406183
                                                                                                                                  0x00406183
                                                                                                                                  0x00406186
                                                                                                                                  0x00406189
                                                                                                                                  0x0040618c
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x00406191
                                                                                                                                  0x00406194
                                                                                                                                  0x00406196
                                                                                                                                  0x00406197
                                                                                                                                  0x0040619a
                                                                                                                                  0x00000000
                                                                                                                                  0x0040619a
                                                                                                                                  0x00000000
                                                                                                                                  0x004063d0
                                                                                                                                  0x004063d4
                                                                                                                                  0x004063f2
                                                                                                                                  0x004063f5
                                                                                                                                  0x004063fc
                                                                                                                                  0x004063ff
                                                                                                                                  0x00406402
                                                                                                                                  0x00406405
                                                                                                                                  0x00406408
                                                                                                                                  0x0040640b
                                                                                                                                  0x0040640d
                                                                                                                                  0x00406414
                                                                                                                                  0x00406415
                                                                                                                                  0x00406417
                                                                                                                                  0x0040641a
                                                                                                                                  0x0040641d
                                                                                                                                  0x00406420
                                                                                                                                  0x00406420
                                                                                                                                  0x00406425
                                                                                                                                  0x00000000
                                                                                                                                  0x00406425
                                                                                                                                  0x004063d6
                                                                                                                                  0x004063d9
                                                                                                                                  0x004063dc
                                                                                                                                  0x004063e6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040643a
                                                                                                                                  0x0040643e
                                                                                                                                  0x00406461
                                                                                                                                  0x00406464
                                                                                                                                  0x00406467
                                                                                                                                  0x00406471
                                                                                                                                  0x00406440
                                                                                                                                  0x00406440
                                                                                                                                  0x00406443
                                                                                                                                  0x00406446
                                                                                                                                  0x00406449
                                                                                                                                  0x00406456
                                                                                                                                  0x00406459
                                                                                                                                  0x00406459
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040647d
                                                                                                                                  0x00406481
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406487
                                                                                                                                  0x0040648b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406491
                                                                                                                                  0x00406493
                                                                                                                                  0x00406497
                                                                                                                                  0x00406497
                                                                                                                                  0x0040649a
                                                                                                                                  0x0040649e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004064ee
                                                                                                                                  0x004064f2
                                                                                                                                  0x004064f9
                                                                                                                                  0x004064fc
                                                                                                                                  0x004064ff
                                                                                                                                  0x00406509
                                                                                                                                  0x00000000
                                                                                                                                  0x00406509
                                                                                                                                  0x004064f4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406515
                                                                                                                                  0x00406519
                                                                                                                                  0x00406520
                                                                                                                                  0x00406523
                                                                                                                                  0x00406526
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x00406529
                                                                                                                                  0x0040652c
                                                                                                                                  0x0040652f
                                                                                                                                  0x0040652f
                                                                                                                                  0x00406532
                                                                                                                                  0x00406535
                                                                                                                                  0x00406538
                                                                                                                                  0x00406538
                                                                                                                                  0x0040653b
                                                                                                                                  0x00406542
                                                                                                                                  0x00406547
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d9
                                                                                                                                  0x00406977
                                                                                                                                  0x00000000
                                                                                                                                  0x00406977
                                                                                                                                  0x004065df
                                                                                                                                  0x004065e2
                                                                                                                                  0x004065e5
                                                                                                                                  0x004065e9
                                                                                                                                  0x004065ec
                                                                                                                                  0x004065f2
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f7
                                                                                                                                  0x004065fa
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ce
                                                                                                                                  0x0040693b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040693b
                                                                                                                                  0x004061d4
                                                                                                                                  0x004061d7
                                                                                                                                  0x004061da
                                                                                                                                  0x004061de
                                                                                                                                  0x004061e1
                                                                                                                                  0x004061e7
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061ec
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061f2
                                                                                                                                  0x004061f5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004061fb
                                                                                                                                  0x00406201
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406207
                                                                                                                                  0x00406207
                                                                                                                                  0x0040620b
                                                                                                                                  0x0040620e
                                                                                                                                  0x00406211
                                                                                                                                  0x00406214
                                                                                                                                  0x00406217
                                                                                                                                  0x00406218
                                                                                                                                  0x0040621b
                                                                                                                                  0x0040621d
                                                                                                                                  0x00406223
                                                                                                                                  0x00406226
                                                                                                                                  0x00406229
                                                                                                                                  0x0040622c
                                                                                                                                  0x0040622f
                                                                                                                                  0x00406232
                                                                                                                                  0x00406235
                                                                                                                                  0x00406251
                                                                                                                                  0x00406254
                                                                                                                                  0x00406257
                                                                                                                                  0x0040625a
                                                                                                                                  0x00406261
                                                                                                                                  0x00406265
                                                                                                                                  0x00406267
                                                                                                                                  0x0040626b
                                                                                                                                  0x00406237
                                                                                                                                  0x00406237
                                                                                                                                  0x0040623b
                                                                                                                                  0x00406243
                                                                                                                                  0x00406248
                                                                                                                                  0x0040624a
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040626e
                                                                                                                                  0x00406275
                                                                                                                                  0x00406278
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x00000000
                                                                                                                                  0x00406283
                                                                                                                                  0x00406283
                                                                                                                                  0x00406287
                                                                                                                                  0x00406947
                                                                                                                                  0x00000000
                                                                                                                                  0x00406947
                                                                                                                                  0x0040628d
                                                                                                                                  0x00406290
                                                                                                                                  0x00406293
                                                                                                                                  0x00406297
                                                                                                                                  0x0040629a
                                                                                                                                  0x004062a0
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a5
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062ae
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004062b0
                                                                                                                                  0x004062b3
                                                                                                                                  0x004062b6
                                                                                                                                  0x004062b9
                                                                                                                                  0x004062bc
                                                                                                                                  0x004062bf
                                                                                                                                  0x004062c2
                                                                                                                                  0x004062c5
                                                                                                                                  0x004062c8
                                                                                                                                  0x004062cb
                                                                                                                                  0x004062ce
                                                                                                                                  0x004062e6
                                                                                                                                  0x004062e9
                                                                                                                                  0x004062ec
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062f2
                                                                                                                                  0x004062f6
                                                                                                                                  0x004062f8
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d8
                                                                                                                                  0x004062dd
                                                                                                                                  0x004062df
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062fb
                                                                                                                                  0x00406302
                                                                                                                                  0x00406305
                                                                                                                                  0x00000000
                                                                                                                                  0x00406307
                                                                                                                                  0x00000000
                                                                                                                                  0x00406307
                                                                                                                                  0x00406305
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406347
                                                                                                                                  0x00406347
                                                                                                                                  0x0040634b
                                                                                                                                  0x00406953
                                                                                                                                  0x00000000
                                                                                                                                  0x00406953
                                                                                                                                  0x00406351
                                                                                                                                  0x00406354
                                                                                                                                  0x00406357
                                                                                                                                  0x0040635b
                                                                                                                                  0x0040635e
                                                                                                                                  0x00406364
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406369
                                                                                                                                  0x0040636c
                                                                                                                                  0x0040636c
                                                                                                                                  0x00406372
                                                                                                                                  0x00406310
                                                                                                                                  0x00406310
                                                                                                                                  0x00406313
                                                                                                                                  0x00000000
                                                                                                                                  0x00406313
                                                                                                                                  0x00406374
                                                                                                                                  0x00406374
                                                                                                                                  0x00406377
                                                                                                                                  0x0040637a
                                                                                                                                  0x0040637d
                                                                                                                                  0x00406380
                                                                                                                                  0x00406383
                                                                                                                                  0x00406386
                                                                                                                                  0x00406389
                                                                                                                                  0x0040638c
                                                                                                                                  0x0040638f
                                                                                                                                  0x00406392
                                                                                                                                  0x004063aa
                                                                                                                                  0x004063ad
                                                                                                                                  0x004063b0
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b6
                                                                                                                                  0x004063ba
                                                                                                                                  0x004063bc
                                                                                                                                  0x00406394
                                                                                                                                  0x00406394
                                                                                                                                  0x0040639c
                                                                                                                                  0x004063a1
                                                                                                                                  0x004063a3
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063bf
                                                                                                                                  0x004063c6
                                                                                                                                  0x004063c9
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x00000000
                                                                                                                                  0x00406658
                                                                                                                                  0x00406658
                                                                                                                                  0x0040665c
                                                                                                                                  0x00406983
                                                                                                                                  0x00000000
                                                                                                                                  0x00406983
                                                                                                                                  0x00406662
                                                                                                                                  0x00406665
                                                                                                                                  0x00406668
                                                                                                                                  0x0040666c
                                                                                                                                  0x0040666f
                                                                                                                                  0x00406675
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x0040667a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406428
                                                                                                                                  0x00406428
                                                                                                                                  0x0040642b
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406824
                                                                                                                                  0x00406828
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x0040684d
                                                                                                                                  0x00406854
                                                                                                                                  0x00000000
                                                                                                                                  0x00406854
                                                                                                                                  0x0040682a
                                                                                                                                  0x0040682d
                                                                                                                                  0x00406830
                                                                                                                                  0x00406833
                                                                                                                                  0x0040683a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406915
                                                                                                                                  0x00406918
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040654f
                                                                                                                                  0x00406551
                                                                                                                                  0x00406558
                                                                                                                                  0x00406559
                                                                                                                                  0x0040655b
                                                                                                                                  0x0040655e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406566
                                                                                                                                  0x00406569
                                                                                                                                  0x0040656c
                                                                                                                                  0x0040656e
                                                                                                                                  0x00406570
                                                                                                                                  0x00406570
                                                                                                                                  0x00406571
                                                                                                                                  0x00406574
                                                                                                                                  0x0040657b
                                                                                                                                  0x0040657e
                                                                                                                                  0x0040658c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406871
                                                                                                                                  0x00406871
                                                                                                                                  0x00406875
                                                                                                                                  0x004069ad
                                                                                                                                  0x00000000
                                                                                                                                  0x004069ad
                                                                                                                                  0x0040687b
                                                                                                                                  0x0040687e
                                                                                                                                  0x00406881
                                                                                                                                  0x00406885
                                                                                                                                  0x00406888
                                                                                                                                  0x0040688e
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406893
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406594
                                                                                                                                  0x00406597
                                                                                                                                  0x004065cd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x00406700
                                                                                                                                  0x00406700
                                                                                                                                  0x00406703
                                                                                                                                  0x00406705
                                                                                                                                  0x0040698f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040698f
                                                                                                                                  0x0040670b
                                                                                                                                  0x0040670e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406714
                                                                                                                                  0x00406718
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671b
                                                                                                                                  0x00406599
                                                                                                                                  0x0040659b
                                                                                                                                  0x0040659d
                                                                                                                                  0x0040659f
                                                                                                                                  0x004065a2
                                                                                                                                  0x004065a3
                                                                                                                                  0x004065a5
                                                                                                                                  0x004065a7
                                                                                                                                  0x004065aa
                                                                                                                                  0x004065ad
                                                                                                                                  0x004065c3
                                                                                                                                  0x004065c8
                                                                                                                                  0x00406600
                                                                                                                                  0x00406600
                                                                                                                                  0x00406604
                                                                                                                                  0x00406630
                                                                                                                                  0x00406632
                                                                                                                                  0x00406639
                                                                                                                                  0x0040663c
                                                                                                                                  0x0040663f
                                                                                                                                  0x0040663f
                                                                                                                                  0x00406644
                                                                                                                                  0x00406644
                                                                                                                                  0x00406646
                                                                                                                                  0x00406649
                                                                                                                                  0x00406650
                                                                                                                                  0x00406653
                                                                                                                                  0x00406680
                                                                                                                                  0x00406680
                                                                                                                                  0x00406683
                                                                                                                                  0x00406686
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x00000000
                                                                                                                                  0x004066fa
                                                                                                                                  0x00406688
                                                                                                                                  0x0040668e
                                                                                                                                  0x00406691
                                                                                                                                  0x00406694
                                                                                                                                  0x00406697
                                                                                                                                  0x0040669a
                                                                                                                                  0x0040669d
                                                                                                                                  0x004066a0
                                                                                                                                  0x004066a3
                                                                                                                                  0x004066a6
                                                                                                                                  0x004066a9
                                                                                                                                  0x004066c2
                                                                                                                                  0x004066c4
                                                                                                                                  0x004066c7
                                                                                                                                  0x004066c8
                                                                                                                                  0x004066cb
                                                                                                                                  0x004066cd
                                                                                                                                  0x004066d0
                                                                                                                                  0x004066d2
                                                                                                                                  0x004066d4
                                                                                                                                  0x004066d7
                                                                                                                                  0x004066d9
                                                                                                                                  0x004066dc
                                                                                                                                  0x004066e0
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e3
                                                                                                                                  0x004066e6
                                                                                                                                  0x004066e9
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066b3
                                                                                                                                  0x004066b8
                                                                                                                                  0x004066ba
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066ec
                                                                                                                                  0x004066f3
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x004066f3
                                                                                                                                  0x00406606
                                                                                                                                  0x00406609
                                                                                                                                  0x0040660b
                                                                                                                                  0x0040660e
                                                                                                                                  0x00406611
                                                                                                                                  0x00406614
                                                                                                                                  0x00406616
                                                                                                                                  0x00406619
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661f
                                                                                                                                  0x0040661f
                                                                                                                                  0x00406622
                                                                                                                                  0x00406629
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00406629
                                                                                                                                  0x004065af
                                                                                                                                  0x004065b2
                                                                                                                                  0x004065b4
                                                                                                                                  0x004065b7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406316
                                                                                                                                  0x00406316
                                                                                                                                  0x0040631a
                                                                                                                                  0x0040695f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040695f
                                                                                                                                  0x00406320
                                                                                                                                  0x00406323
                                                                                                                                  0x00406326
                                                                                                                                  0x00406329
                                                                                                                                  0x0040632c
                                                                                                                                  0x0040632f
                                                                                                                                  0x00406332
                                                                                                                                  0x00406334
                                                                                                                                  0x00406337
                                                                                                                                  0x0040633a
                                                                                                                                  0x0040633d
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a5
                                                                                                                                  0x0040696b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040696b
                                                                                                                                  0x004064ab
                                                                                                                                  0x004064ae
                                                                                                                                  0x004064b1
                                                                                                                                  0x004064b4
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b9
                                                                                                                                  0x004064bc
                                                                                                                                  0x004064bf
                                                                                                                                  0x004064c2
                                                                                                                                  0x004064c5
                                                                                                                                  0x004064c8
                                                                                                                                  0x004064c9
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064ce
                                                                                                                                  0x004064d1
                                                                                                                                  0x004064d4
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064da
                                                                                                                                  0x004064dc
                                                                                                                                  0x004064dc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x00406722
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406728
                                                                                                                                  0x0040672b
                                                                                                                                  0x0040672e
                                                                                                                                  0x00406731
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406736
                                                                                                                                  0x00406739
                                                                                                                                  0x0040673c
                                                                                                                                  0x0040673f
                                                                                                                                  0x00406742
                                                                                                                                  0x00406745
                                                                                                                                  0x00406746
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x0040674b
                                                                                                                                  0x0040674e
                                                                                                                                  0x00406751
                                                                                                                                  0x00406754
                                                                                                                                  0x00406757
                                                                                                                                  0x0040675b
                                                                                                                                  0x0040675d
                                                                                                                                  0x00406760
                                                                                                                                  0x00000000
                                                                                                                                  0x00406762
                                                                                                                                  0x004064df
                                                                                                                                  0x004064df
                                                                                                                                  0x00000000
                                                                                                                                  0x004064df
                                                                                                                                  0x00406760
                                                                                                                                  0x00406995
                                                                                                                                  0x004069b7
                                                                                                                                  0x004069bd
                                                                                                                                  0x004069bf
                                                                                                                                  0x004069c6
                                                                                                                                  0x004069c8
                                                                                                                                  0x004069cf
                                                                                                                                  0x004069d3
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4
                                                                                                                                  0x004069cc
                                                                                                                                  0x004069cc
                                                                                                                                  0x00000000
                                                                                                                                  0x004069cc
                                                                                                                                  0x00406819
                                                                                                                                  0x0040689f
                                                                                                                                  0x004068a5
                                                                                                                                  0x004068a8
                                                                                                                                  0x004068ab
                                                                                                                                  0x004068ae
                                                                                                                                  0x004068b1
                                                                                                                                  0x004068b4
                                                                                                                                  0x004068b7
                                                                                                                                  0x004068ba
                                                                                                                                  0x004068c0
                                                                                                                                  0x004068d9
                                                                                                                                  0x004068dc
                                                                                                                                  0x004068df
                                                                                                                                  0x004068e2
                                                                                                                                  0x004068e6
                                                                                                                                  0x004068e8
                                                                                                                                  0x004068e9
                                                                                                                                  0x004068ec
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068ca
                                                                                                                                  0x004068cf
                                                                                                                                  0x004068d1
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068f6
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x004068f6
                                                                                                                                  0x00000000
                                                                                                                                  0x0040676b

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                                                  • Instruction ID: 868f2ec1f3ea74d7de1394d818727f69d5aca31e92bf34b5737afca42cfaef71
                                                                                                                                  • Opcode Fuzzy Hash: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                                                  • Instruction Fuzzy Hash: 6E913171D00229CBEF28CF98C8547ADBBB1FF44305F15812AD856BB281C7789A9ADF44
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0040647D Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                  			E0040647D() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                                  0x00000000
                                                                                                                                  0x0040647d
                                                                                                                                  0x0040647d
                                                                                                                                  0x00406481
                                                                                                                                  0x00406538
                                                                                                                                  0x0040653b
                                                                                                                                  0x00406547
                                                                                                                                  0x00406428
                                                                                                                                  0x00406428
                                                                                                                                  0x0040642b
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a6
                                                                                                                                  0x004067ac
                                                                                                                                  0x004067b2
                                                                                                                                  0x004067cc
                                                                                                                                  0x004067cf
                                                                                                                                  0x004067d5
                                                                                                                                  0x004067e0
                                                                                                                                  0x004067e2
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067c3
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067ec
                                                                                                                                  0x00406813
                                                                                                                                  0x00406813
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00000000
                                                                                                                                  0x004067ee
                                                                                                                                  0x004067ee
                                                                                                                                  0x004067f2
                                                                                                                                  0x004069a1
                                                                                                                                  0x00000000
                                                                                                                                  0x004069a1
                                                                                                                                  0x004067fe
                                                                                                                                  0x00406805
                                                                                                                                  0x0040680d
                                                                                                                                  0x00406810
                                                                                                                                  0x00000000
                                                                                                                                  0x00406810
                                                                                                                                  0x00406487
                                                                                                                                  0x0040648b
                                                                                                                                  0x004069cc
                                                                                                                                  0x004069cc
                                                                                                                                  0x004069cf
                                                                                                                                  0x004069d3
                                                                                                                                  0x004069d3
                                                                                                                                  0x00406491
                                                                                                                                  0x00406497
                                                                                                                                  0x0040649a
                                                                                                                                  0x0040649e
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a5
                                                                                                                                  0x0040696b
                                                                                                                                  0x004069b7
                                                                                                                                  0x004069bf
                                                                                                                                  0x004069c6
                                                                                                                                  0x004069c8
                                                                                                                                  0x00000000
                                                                                                                                  0x004069c8
                                                                                                                                  0x004064ab
                                                                                                                                  0x004064ae
                                                                                                                                  0x004064b4
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b9
                                                                                                                                  0x004064bc
                                                                                                                                  0x004064bf
                                                                                                                                  0x004064c2
                                                                                                                                  0x004064c5
                                                                                                                                  0x004064c8
                                                                                                                                  0x004064c9
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064ce
                                                                                                                                  0x004064d1
                                                                                                                                  0x004064d4
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064da
                                                                                                                                  0x004064dc
                                                                                                                                  0x004064dc
                                                                                                                                  0x004064df
                                                                                                                                  0x004064df
                                                                                                                                  0x004064df
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fbe
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fcf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fd8
                                                                                                                                  0x00405fdb
                                                                                                                                  0x00405fde
                                                                                                                                  0x00405fe2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fe8
                                                                                                                                  0x00405feb
                                                                                                                                  0x00405fed
                                                                                                                                  0x00405fee
                                                                                                                                  0x00405ff1
                                                                                                                                  0x00405ff3
                                                                                                                                  0x00405ff4
                                                                                                                                  0x00405ff6
                                                                                                                                  0x00405ff9
                                                                                                                                  0x00405ffe
                                                                                                                                  0x00406003
                                                                                                                                  0x0040600c
                                                                                                                                  0x0040601f
                                                                                                                                  0x00406022
                                                                                                                                  0x0040602e
                                                                                                                                  0x00406056
                                                                                                                                  0x00406058
                                                                                                                                  0x00406066
                                                                                                                                  0x00406066
                                                                                                                                  0x0040606a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605d
                                                                                                                                  0x0040605e
                                                                                                                                  0x0040605e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x00406034
                                                                                                                                  0x00406039
                                                                                                                                  0x00406039
                                                                                                                                  0x00406042
                                                                                                                                  0x0040604a
                                                                                                                                  0x0040604d
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406070
                                                                                                                                  0x00406070
                                                                                                                                  0x00406074
                                                                                                                                  0x00406920
                                                                                                                                  0x00000000
                                                                                                                                  0x00406920
                                                                                                                                  0x0040607d
                                                                                                                                  0x0040608d
                                                                                                                                  0x00406090
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406096
                                                                                                                                  0x0040609a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040609c
                                                                                                                                  0x004060a2
                                                                                                                                  0x004060cc
                                                                                                                                  0x004060d2
                                                                                                                                  0x004060d9
                                                                                                                                  0x00000000
                                                                                                                                  0x004060d9
                                                                                                                                  0x004060a8
                                                                                                                                  0x004060ab
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060bb
                                                                                                                                  0x004060c3
                                                                                                                                  0x004060c6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040610b
                                                                                                                                  0x00406111
                                                                                                                                  0x00406114
                                                                                                                                  0x00406121
                                                                                                                                  0x00406129
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e4
                                                                                                                                  0x0040692f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040692f
                                                                                                                                  0x004060f0
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fe
                                                                                                                                  0x00406101
                                                                                                                                  0x00406104
                                                                                                                                  0x00406109
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406131
                                                                                                                                  0x00406133
                                                                                                                                  0x00406136
                                                                                                                                  0x004061a7
                                                                                                                                  0x004061aa
                                                                                                                                  0x004061ad
                                                                                                                                  0x004061b4
                                                                                                                                  0x004061be
                                                                                                                                  0x00000000
                                                                                                                                  0x004061be
                                                                                                                                  0x00406138
                                                                                                                                  0x0040613c
                                                                                                                                  0x0040613f
                                                                                                                                  0x00406141
                                                                                                                                  0x00406144
                                                                                                                                  0x00406147
                                                                                                                                  0x00406149
                                                                                                                                  0x0040614c
                                                                                                                                  0x0040614e
                                                                                                                                  0x00406153
                                                                                                                                  0x00406156
                                                                                                                                  0x00406159
                                                                                                                                  0x0040615d
                                                                                                                                  0x00406164
                                                                                                                                  0x00406167
                                                                                                                                  0x0040616e
                                                                                                                                  0x00406172
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x0040617e
                                                                                                                                  0x00406181
                                                                                                                                  0x0040619f
                                                                                                                                  0x004061a1
                                                                                                                                  0x00000000
                                                                                                                                  0x00406183
                                                                                                                                  0x00406183
                                                                                                                                  0x00406186
                                                                                                                                  0x00406189
                                                                                                                                  0x0040618c
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x00406191
                                                                                                                                  0x00406194
                                                                                                                                  0x00406196
                                                                                                                                  0x00406197
                                                                                                                                  0x0040619a
                                                                                                                                  0x00000000
                                                                                                                                  0x0040619a
                                                                                                                                  0x00000000
                                                                                                                                  0x004063d0
                                                                                                                                  0x004063d4
                                                                                                                                  0x004063f2
                                                                                                                                  0x004063f5
                                                                                                                                  0x004063fc
                                                                                                                                  0x004063ff
                                                                                                                                  0x00406402
                                                                                                                                  0x00406405
                                                                                                                                  0x00406408
                                                                                                                                  0x0040640b
                                                                                                                                  0x0040640d
                                                                                                                                  0x00406414
                                                                                                                                  0x00406415
                                                                                                                                  0x00406417
                                                                                                                                  0x0040641a
                                                                                                                                  0x0040641d
                                                                                                                                  0x00406420
                                                                                                                                  0x00406420
                                                                                                                                  0x00406425
                                                                                                                                  0x00000000
                                                                                                                                  0x00406425
                                                                                                                                  0x004063d6
                                                                                                                                  0x004063d9
                                                                                                                                  0x004063dc
                                                                                                                                  0x004063e6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040643a
                                                                                                                                  0x0040643e
                                                                                                                                  0x00406461
                                                                                                                                  0x00406464
                                                                                                                                  0x00406467
                                                                                                                                  0x00406471
                                                                                                                                  0x00406440
                                                                                                                                  0x00406440
                                                                                                                                  0x00406443
                                                                                                                                  0x00406446
                                                                                                                                  0x00406449
                                                                                                                                  0x00406456
                                                                                                                                  0x00406459
                                                                                                                                  0x00406459
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004064ee
                                                                                                                                  0x004064f2
                                                                                                                                  0x004064f9
                                                                                                                                  0x004064fc
                                                                                                                                  0x004064ff
                                                                                                                                  0x00406509
                                                                                                                                  0x00000000
                                                                                                                                  0x00406509
                                                                                                                                  0x004064f4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406515
                                                                                                                                  0x00406519
                                                                                                                                  0x00406520
                                                                                                                                  0x00406523
                                                                                                                                  0x00406526
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x00406529
                                                                                                                                  0x0040652c
                                                                                                                                  0x0040652f
                                                                                                                                  0x0040652f
                                                                                                                                  0x00406532
                                                                                                                                  0x00406535
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d9
                                                                                                                                  0x00406977
                                                                                                                                  0x00000000
                                                                                                                                  0x00406977
                                                                                                                                  0x004065df
                                                                                                                                  0x004065e2
                                                                                                                                  0x004065e5
                                                                                                                                  0x004065e9
                                                                                                                                  0x004065ec
                                                                                                                                  0x004065f2
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f7
                                                                                                                                  0x004065fa
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ce
                                                                                                                                  0x0040693b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040693b
                                                                                                                                  0x004061d4
                                                                                                                                  0x004061d7
                                                                                                                                  0x004061da
                                                                                                                                  0x004061de
                                                                                                                                  0x004061e1
                                                                                                                                  0x004061e7
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061ec
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061f2
                                                                                                                                  0x004061f5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004061fb
                                                                                                                                  0x00406201
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406207
                                                                                                                                  0x00406207
                                                                                                                                  0x0040620b
                                                                                                                                  0x0040620e
                                                                                                                                  0x00406211
                                                                                                                                  0x00406214
                                                                                                                                  0x00406217
                                                                                                                                  0x00406218
                                                                                                                                  0x0040621b
                                                                                                                                  0x0040621d
                                                                                                                                  0x00406223
                                                                                                                                  0x00406226
                                                                                                                                  0x00406229
                                                                                                                                  0x0040622c
                                                                                                                                  0x0040622f
                                                                                                                                  0x00406232
                                                                                                                                  0x00406235
                                                                                                                                  0x00406251
                                                                                                                                  0x00406254
                                                                                                                                  0x00406257
                                                                                                                                  0x0040625a
                                                                                                                                  0x00406261
                                                                                                                                  0x00406265
                                                                                                                                  0x00406267
                                                                                                                                  0x0040626b
                                                                                                                                  0x00406237
                                                                                                                                  0x00406237
                                                                                                                                  0x0040623b
                                                                                                                                  0x00406243
                                                                                                                                  0x00406248
                                                                                                                                  0x0040624a
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040626e
                                                                                                                                  0x00406275
                                                                                                                                  0x00406278
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x00000000
                                                                                                                                  0x00406283
                                                                                                                                  0x00406283
                                                                                                                                  0x00406287
                                                                                                                                  0x00406947
                                                                                                                                  0x00000000
                                                                                                                                  0x00406947
                                                                                                                                  0x0040628d
                                                                                                                                  0x00406290
                                                                                                                                  0x00406293
                                                                                                                                  0x00406297
                                                                                                                                  0x0040629a
                                                                                                                                  0x004062a0
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a5
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062ae
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004062b0
                                                                                                                                  0x004062b3
                                                                                                                                  0x004062b6
                                                                                                                                  0x004062b9
                                                                                                                                  0x004062bc
                                                                                                                                  0x004062bf
                                                                                                                                  0x004062c2
                                                                                                                                  0x004062c5
                                                                                                                                  0x004062c8
                                                                                                                                  0x004062cb
                                                                                                                                  0x004062ce
                                                                                                                                  0x004062e6
                                                                                                                                  0x004062e9
                                                                                                                                  0x004062ec
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062f2
                                                                                                                                  0x004062f6
                                                                                                                                  0x004062f8
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d8
                                                                                                                                  0x004062dd
                                                                                                                                  0x004062df
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062fb
                                                                                                                                  0x00406302
                                                                                                                                  0x00406305
                                                                                                                                  0x00000000
                                                                                                                                  0x00406307
                                                                                                                                  0x00000000
                                                                                                                                  0x00406307
                                                                                                                                  0x00406305
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406347
                                                                                                                                  0x00406347
                                                                                                                                  0x0040634b
                                                                                                                                  0x00406953
                                                                                                                                  0x00000000
                                                                                                                                  0x00406953
                                                                                                                                  0x00406351
                                                                                                                                  0x00406354
                                                                                                                                  0x00406357
                                                                                                                                  0x0040635b
                                                                                                                                  0x0040635e
                                                                                                                                  0x00406364
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406369
                                                                                                                                  0x0040636c
                                                                                                                                  0x0040636c
                                                                                                                                  0x00406372
                                                                                                                                  0x00406310
                                                                                                                                  0x00406310
                                                                                                                                  0x00406313
                                                                                                                                  0x00000000
                                                                                                                                  0x00406313
                                                                                                                                  0x00406374
                                                                                                                                  0x00406374
                                                                                                                                  0x00406377
                                                                                                                                  0x0040637a
                                                                                                                                  0x0040637d
                                                                                                                                  0x00406380
                                                                                                                                  0x00406383
                                                                                                                                  0x00406386
                                                                                                                                  0x00406389
                                                                                                                                  0x0040638c
                                                                                                                                  0x0040638f
                                                                                                                                  0x00406392
                                                                                                                                  0x004063aa
                                                                                                                                  0x004063ad
                                                                                                                                  0x004063b0
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b6
                                                                                                                                  0x004063ba
                                                                                                                                  0x004063bc
                                                                                                                                  0x00406394
                                                                                                                                  0x00406394
                                                                                                                                  0x0040639c
                                                                                                                                  0x004063a1
                                                                                                                                  0x004063a3
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063bf
                                                                                                                                  0x004063c6
                                                                                                                                  0x004063c9
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x00000000
                                                                                                                                  0x00406658
                                                                                                                                  0x00406658
                                                                                                                                  0x0040665c
                                                                                                                                  0x00406983
                                                                                                                                  0x00000000
                                                                                                                                  0x00406983
                                                                                                                                  0x00406662
                                                                                                                                  0x00406665
                                                                                                                                  0x00406668
                                                                                                                                  0x0040666c
                                                                                                                                  0x0040666f
                                                                                                                                  0x00406675
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x0040667a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406767
                                                                                                                                  0x0040676b
                                                                                                                                  0x0040678d
                                                                                                                                  0x00406790
                                                                                                                                  0x0040679a
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679a
                                                                                                                                  0x0040676d
                                                                                                                                  0x00406770
                                                                                                                                  0x00406774
                                                                                                                                  0x00406777
                                                                                                                                  0x00406777
                                                                                                                                  0x0040677a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406824
                                                                                                                                  0x00406828
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x0040684d
                                                                                                                                  0x00406854
                                                                                                                                  0x0040685b
                                                                                                                                  0x0040685b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040685b
                                                                                                                                  0x0040682a
                                                                                                                                  0x0040682d
                                                                                                                                  0x00406830
                                                                                                                                  0x00406833
                                                                                                                                  0x0040683a
                                                                                                                                  0x0040677e
                                                                                                                                  0x0040677e
                                                                                                                                  0x00406781
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406915
                                                                                                                                  0x00406918
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040654f
                                                                                                                                  0x00406551
                                                                                                                                  0x00406558
                                                                                                                                  0x00406559
                                                                                                                                  0x0040655b
                                                                                                                                  0x0040655e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406566
                                                                                                                                  0x00406569
                                                                                                                                  0x0040656c
                                                                                                                                  0x0040656e
                                                                                                                                  0x00406570
                                                                                                                                  0x00406570
                                                                                                                                  0x00406571
                                                                                                                                  0x00406574
                                                                                                                                  0x0040657b
                                                                                                                                  0x0040657e
                                                                                                                                  0x0040658c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406862
                                                                                                                                  0x00406862
                                                                                                                                  0x00406865
                                                                                                                                  0x0040686c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406871
                                                                                                                                  0x00406871
                                                                                                                                  0x00406875
                                                                                                                                  0x004069ad
                                                                                                                                  0x00000000
                                                                                                                                  0x004069ad
                                                                                                                                  0x0040687b
                                                                                                                                  0x0040687e
                                                                                                                                  0x00406881
                                                                                                                                  0x00406885
                                                                                                                                  0x00406888
                                                                                                                                  0x0040688e
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406893
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406899
                                                                                                                                  0x00406899
                                                                                                                                  0x0040689d
                                                                                                                                  0x004068fd
                                                                                                                                  0x00406900
                                                                                                                                  0x00406905
                                                                                                                                  0x00406906
                                                                                                                                  0x00406908
                                                                                                                                  0x0040690a
                                                                                                                                  0x0040690d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040690d
                                                                                                                                  0x0040689f
                                                                                                                                  0x004068a5
                                                                                                                                  0x004068a8
                                                                                                                                  0x004068ab
                                                                                                                                  0x004068ae
                                                                                                                                  0x004068b1
                                                                                                                                  0x004068b4
                                                                                                                                  0x004068b7
                                                                                                                                  0x004068ba
                                                                                                                                  0x004068bd
                                                                                                                                  0x004068c0
                                                                                                                                  0x004068d9
                                                                                                                                  0x004068dc
                                                                                                                                  0x004068df
                                                                                                                                  0x004068e2
                                                                                                                                  0x004068e6
                                                                                                                                  0x004068e8
                                                                                                                                  0x004068e8
                                                                                                                                  0x004068e9
                                                                                                                                  0x004068ec
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068ca
                                                                                                                                  0x004068cf
                                                                                                                                  0x004068d1
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068ef
                                                                                                                                  0x004068f6
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x00000000
                                                                                                                                  0x00406594
                                                                                                                                  0x00406597
                                                                                                                                  0x004065cd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x00406700
                                                                                                                                  0x00406700
                                                                                                                                  0x00406703
                                                                                                                                  0x00406705
                                                                                                                                  0x0040698f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040698f
                                                                                                                                  0x0040670b
                                                                                                                                  0x0040670e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406714
                                                                                                                                  0x00406718
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671b
                                                                                                                                  0x00406599
                                                                                                                                  0x0040659b
                                                                                                                                  0x0040659d
                                                                                                                                  0x0040659f
                                                                                                                                  0x004065a2
                                                                                                                                  0x004065a3
                                                                                                                                  0x004065a5
                                                                                                                                  0x004065a7
                                                                                                                                  0x004065aa
                                                                                                                                  0x004065ad
                                                                                                                                  0x004065c3
                                                                                                                                  0x004065c8
                                                                                                                                  0x00406600
                                                                                                                                  0x00406600
                                                                                                                                  0x00406604
                                                                                                                                  0x00406630
                                                                                                                                  0x00406632
                                                                                                                                  0x00406639
                                                                                                                                  0x0040663c
                                                                                                                                  0x0040663f
                                                                                                                                  0x0040663f
                                                                                                                                  0x00406644
                                                                                                                                  0x00406644
                                                                                                                                  0x00406646
                                                                                                                                  0x00406649
                                                                                                                                  0x00406650
                                                                                                                                  0x00406653
                                                                                                                                  0x00406680
                                                                                                                                  0x00406680
                                                                                                                                  0x00406683
                                                                                                                                  0x00406686
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x00000000
                                                                                                                                  0x004066fa
                                                                                                                                  0x00406688
                                                                                                                                  0x0040668e
                                                                                                                                  0x00406691
                                                                                                                                  0x00406694
                                                                                                                                  0x00406697
                                                                                                                                  0x0040669a
                                                                                                                                  0x0040669d
                                                                                                                                  0x004066a0
                                                                                                                                  0x004066a3
                                                                                                                                  0x004066a6
                                                                                                                                  0x004066a9
                                                                                                                                  0x004066c2
                                                                                                                                  0x004066c4
                                                                                                                                  0x004066c7
                                                                                                                                  0x004066c8
                                                                                                                                  0x004066cb
                                                                                                                                  0x004066cd
                                                                                                                                  0x004066d0
                                                                                                                                  0x004066d2
                                                                                                                                  0x004066d4
                                                                                                                                  0x004066d7
                                                                                                                                  0x004066d9
                                                                                                                                  0x004066dc
                                                                                                                                  0x004066e0
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e3
                                                                                                                                  0x004066e6
                                                                                                                                  0x004066e9
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066b3
                                                                                                                                  0x004066b8
                                                                                                                                  0x004066ba
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066ec
                                                                                                                                  0x004066f3
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x004066f3
                                                                                                                                  0x00406606
                                                                                                                                  0x00406609
                                                                                                                                  0x0040660b
                                                                                                                                  0x0040660e
                                                                                                                                  0x00406611
                                                                                                                                  0x00406614
                                                                                                                                  0x00406616
                                                                                                                                  0x00406619
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661f
                                                                                                                                  0x0040661f
                                                                                                                                  0x00406622
                                                                                                                                  0x00406629
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00406629
                                                                                                                                  0x004065af
                                                                                                                                  0x004065b2
                                                                                                                                  0x004065b4
                                                                                                                                  0x004065b7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406316
                                                                                                                                  0x00406316
                                                                                                                                  0x0040631a
                                                                                                                                  0x0040695f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040695f
                                                                                                                                  0x00406320
                                                                                                                                  0x00406323
                                                                                                                                  0x00406326
                                                                                                                                  0x00406329
                                                                                                                                  0x0040632c
                                                                                                                                  0x0040632f
                                                                                                                                  0x00406332
                                                                                                                                  0x00406334
                                                                                                                                  0x00406337
                                                                                                                                  0x0040633a
                                                                                                                                  0x0040633d
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x00406722
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406728
                                                                                                                                  0x0040672b
                                                                                                                                  0x0040672e
                                                                                                                                  0x00406731
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406736
                                                                                                                                  0x00406739
                                                                                                                                  0x0040673c
                                                                                                                                  0x0040673f
                                                                                                                                  0x00406742
                                                                                                                                  0x00406745
                                                                                                                                  0x00406746
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x0040674b
                                                                                                                                  0x0040674e
                                                                                                                                  0x00406751
                                                                                                                                  0x00406754
                                                                                                                                  0x00406757
                                                                                                                                  0x0040675b
                                                                                                                                  0x0040675d
                                                                                                                                  0x00406760
                                                                                                                                  0x00000000
                                                                                                                                  0x00406762
                                                                                                                                  0x00000000
                                                                                                                                  0x00406762
                                                                                                                                  0x00406760
                                                                                                                                  0x00406995
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                                                  • Instruction ID: e06b97397237a54a8f7c6fae7a0c48c933f493286525731b7b3672fa0d973436
                                                                                                                                  • Opcode Fuzzy Hash: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                                                  • Instruction Fuzzy Hash: 678155B1D00229CFDF24CFA8C8447ADBBB1FB44305F25816AD456BB281D7789A96CF54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00405F82 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                  			E00405F82(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004069D4))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                                  0x00405f92
                                                                                                                                  0x00405f99
                                                                                                                                  0x00405f9f
                                                                                                                                  0x00405fa5
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fa9
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fbe
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fcb
                                                                                                                                  0x00405fcf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fd8
                                                                                                                                  0x00405fdb
                                                                                                                                  0x00405fde
                                                                                                                                  0x00405fe0
                                                                                                                                  0x00405fe2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fe8
                                                                                                                                  0x00405feb
                                                                                                                                  0x00405fed
                                                                                                                                  0x00405fee
                                                                                                                                  0x00405ff1
                                                                                                                                  0x00405ff3
                                                                                                                                  0x00405ff4
                                                                                                                                  0x00405ff6
                                                                                                                                  0x00405ff9
                                                                                                                                  0x00405ffe
                                                                                                                                  0x00406003
                                                                                                                                  0x0040600c
                                                                                                                                  0x0040601f
                                                                                                                                  0x00406022
                                                                                                                                  0x0040602b
                                                                                                                                  0x0040602e
                                                                                                                                  0x00406056
                                                                                                                                  0x00406056
                                                                                                                                  0x00406058
                                                                                                                                  0x00406066
                                                                                                                                  0x00406066
                                                                                                                                  0x0040606a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605d
                                                                                                                                  0x0040605d
                                                                                                                                  0x0040605e
                                                                                                                                  0x0040605e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x00406030
                                                                                                                                  0x00406034
                                                                                                                                  0x00406039
                                                                                                                                  0x00406039
                                                                                                                                  0x00406042
                                                                                                                                  0x00406048
                                                                                                                                  0x0040604a
                                                                                                                                  0x0040604d
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406070
                                                                                                                                  0x00406070
                                                                                                                                  0x00406074
                                                                                                                                  0x00406920
                                                                                                                                  0x00000000
                                                                                                                                  0x00406920
                                                                                                                                  0x0040607d
                                                                                                                                  0x0040608d
                                                                                                                                  0x00406090
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406096
                                                                                                                                  0x00406096
                                                                                                                                  0x0040609a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040609c
                                                                                                                                  0x0040609f
                                                                                                                                  0x004060a2
                                                                                                                                  0x004060cc
                                                                                                                                  0x004060d2
                                                                                                                                  0x004060d9
                                                                                                                                  0x00000000
                                                                                                                                  0x004060d9
                                                                                                                                  0x004060a4
                                                                                                                                  0x004060a8
                                                                                                                                  0x004060ab
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060bb
                                                                                                                                  0x004060c1
                                                                                                                                  0x004060c3
                                                                                                                                  0x004060c6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040610b
                                                                                                                                  0x00406111
                                                                                                                                  0x00406114
                                                                                                                                  0x00406121
                                                                                                                                  0x00406129
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e4
                                                                                                                                  0x0040692f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040692f
                                                                                                                                  0x004060f0
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fe
                                                                                                                                  0x00406101
                                                                                                                                  0x00406104
                                                                                                                                  0x00406107
                                                                                                                                  0x00406109
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a6
                                                                                                                                  0x004067ac
                                                                                                                                  0x004067af
                                                                                                                                  0x004067b2
                                                                                                                                  0x004067cc
                                                                                                                                  0x004067cf
                                                                                                                                  0x004067d5
                                                                                                                                  0x004067e0
                                                                                                                                  0x004067e0
                                                                                                                                  0x004067e2
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067c3
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067e5
                                                                                                                                  0x004067ec
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004067ee
                                                                                                                                  0x004067ee
                                                                                                                                  0x004067f2
                                                                                                                                  0x004069a1
                                                                                                                                  0x00000000
                                                                                                                                  0x004069a1
                                                                                                                                  0x004067fe
                                                                                                                                  0x00406805
                                                                                                                                  0x0040680d
                                                                                                                                  0x0040680d
                                                                                                                                  0x0040680d
                                                                                                                                  0x00406810
                                                                                                                                  0x00406813
                                                                                                                                  0x00406813
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406131
                                                                                                                                  0x00406133
                                                                                                                                  0x00406136
                                                                                                                                  0x004061a7
                                                                                                                                  0x004061aa
                                                                                                                                  0x004061ad
                                                                                                                                  0x004061b4
                                                                                                                                  0x004061be
                                                                                                                                  0x00000000
                                                                                                                                  0x004061be
                                                                                                                                  0x00406138
                                                                                                                                  0x0040613c
                                                                                                                                  0x0040613f
                                                                                                                                  0x00406141
                                                                                                                                  0x00406144
                                                                                                                                  0x00406147
                                                                                                                                  0x00406149
                                                                                                                                  0x0040614c
                                                                                                                                  0x0040614e
                                                                                                                                  0x00406153
                                                                                                                                  0x00406156
                                                                                                                                  0x00406159
                                                                                                                                  0x0040615d
                                                                                                                                  0x00406164
                                                                                                                                  0x00406167
                                                                                                                                  0x0040616e
                                                                                                                                  0x00406172
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x0040617e
                                                                                                                                  0x00406181
                                                                                                                                  0x0040619f
                                                                                                                                  0x004061a1
                                                                                                                                  0x00000000
                                                                                                                                  0x004061a1
                                                                                                                                  0x00406183
                                                                                                                                  0x00406186
                                                                                                                                  0x00406189
                                                                                                                                  0x0040618c
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x00406191
                                                                                                                                  0x00406194
                                                                                                                                  0x00406196
                                                                                                                                  0x00406197
                                                                                                                                  0x0040619a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004063d0
                                                                                                                                  0x004063d4
                                                                                                                                  0x004063f2
                                                                                                                                  0x004063f5
                                                                                                                                  0x004063fc
                                                                                                                                  0x004063ff
                                                                                                                                  0x00406402
                                                                                                                                  0x00406405
                                                                                                                                  0x00406408
                                                                                                                                  0x0040640b
                                                                                                                                  0x0040640d
                                                                                                                                  0x00406414
                                                                                                                                  0x00406415
                                                                                                                                  0x00406417
                                                                                                                                  0x0040641a
                                                                                                                                  0x0040641d
                                                                                                                                  0x00406420
                                                                                                                                  0x00406420
                                                                                                                                  0x00406425
                                                                                                                                  0x00000000
                                                                                                                                  0x00406425
                                                                                                                                  0x004063d6
                                                                                                                                  0x004063d9
                                                                                                                                  0x004063dc
                                                                                                                                  0x004063e6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040643a
                                                                                                                                  0x0040643e
                                                                                                                                  0x00406461
                                                                                                                                  0x00406464
                                                                                                                                  0x00406467
                                                                                                                                  0x00406471
                                                                                                                                  0x00406440
                                                                                                                                  0x00406440
                                                                                                                                  0x00406443
                                                                                                                                  0x00406446
                                                                                                                                  0x00406449
                                                                                                                                  0x00406456
                                                                                                                                  0x00406459
                                                                                                                                  0x00406459
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040647d
                                                                                                                                  0x00406481
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406487
                                                                                                                                  0x0040648b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406491
                                                                                                                                  0x00406493
                                                                                                                                  0x00406497
                                                                                                                                  0x00406497
                                                                                                                                  0x0040649a
                                                                                                                                  0x0040649e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004064ee
                                                                                                                                  0x004064f2
                                                                                                                                  0x004064f9
                                                                                                                                  0x004064fc
                                                                                                                                  0x004064ff
                                                                                                                                  0x00406509
                                                                                                                                  0x00000000
                                                                                                                                  0x00406509
                                                                                                                                  0x004064f4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406515
                                                                                                                                  0x00406519
                                                                                                                                  0x00406520
                                                                                                                                  0x00406523
                                                                                                                                  0x00406526
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x00406529
                                                                                                                                  0x0040652c
                                                                                                                                  0x0040652f
                                                                                                                                  0x0040652f
                                                                                                                                  0x00406532
                                                                                                                                  0x00406535
                                                                                                                                  0x00406538
                                                                                                                                  0x00406538
                                                                                                                                  0x0040653b
                                                                                                                                  0x00406542
                                                                                                                                  0x00406547
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d9
                                                                                                                                  0x00406977
                                                                                                                                  0x00000000
                                                                                                                                  0x00406977
                                                                                                                                  0x004065df
                                                                                                                                  0x004065e2
                                                                                                                                  0x004065e5
                                                                                                                                  0x004065e9
                                                                                                                                  0x004065ec
                                                                                                                                  0x004065f2
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f7
                                                                                                                                  0x004065fa
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ce
                                                                                                                                  0x0040693b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040693b
                                                                                                                                  0x004061d4
                                                                                                                                  0x004061d7
                                                                                                                                  0x004061da
                                                                                                                                  0x004061de
                                                                                                                                  0x004061e1
                                                                                                                                  0x004061e7
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061ec
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061f2
                                                                                                                                  0x004061f5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004061fb
                                                                                                                                  0x00406201
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406207
                                                                                                                                  0x00406207
                                                                                                                                  0x0040620b
                                                                                                                                  0x0040620e
                                                                                                                                  0x00406211
                                                                                                                                  0x00406214
                                                                                                                                  0x00406217
                                                                                                                                  0x00406218
                                                                                                                                  0x0040621b
                                                                                                                                  0x0040621d
                                                                                                                                  0x00406223
                                                                                                                                  0x00406226
                                                                                                                                  0x00406229
                                                                                                                                  0x0040622c
                                                                                                                                  0x0040622f
                                                                                                                                  0x00406232
                                                                                                                                  0x00406235
                                                                                                                                  0x00406251
                                                                                                                                  0x00406254
                                                                                                                                  0x00406257
                                                                                                                                  0x0040625a
                                                                                                                                  0x00406261
                                                                                                                                  0x00406265
                                                                                                                                  0x00406267
                                                                                                                                  0x0040626b
                                                                                                                                  0x00406237
                                                                                                                                  0x00406237
                                                                                                                                  0x0040623b
                                                                                                                                  0x00406243
                                                                                                                                  0x00406248
                                                                                                                                  0x0040624a
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040626e
                                                                                                                                  0x00406275
                                                                                                                                  0x00406278
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x00000000
                                                                                                                                  0x00406283
                                                                                                                                  0x00406283
                                                                                                                                  0x00406287
                                                                                                                                  0x00406947
                                                                                                                                  0x00000000
                                                                                                                                  0x00406947
                                                                                                                                  0x0040628d
                                                                                                                                  0x00406290
                                                                                                                                  0x00406293
                                                                                                                                  0x00406297
                                                                                                                                  0x0040629a
                                                                                                                                  0x004062a0
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a5
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062ae
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004062b0
                                                                                                                                  0x004062b3
                                                                                                                                  0x004062b6
                                                                                                                                  0x004062b9
                                                                                                                                  0x004062bc
                                                                                                                                  0x004062bf
                                                                                                                                  0x004062c2
                                                                                                                                  0x004062c5
                                                                                                                                  0x004062c8
                                                                                                                                  0x004062cb
                                                                                                                                  0x004062ce
                                                                                                                                  0x004062e6
                                                                                                                                  0x004062e9
                                                                                                                                  0x004062ec
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062f2
                                                                                                                                  0x004062f6
                                                                                                                                  0x004062f8
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d8
                                                                                                                                  0x004062dd
                                                                                                                                  0x004062df
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062fb
                                                                                                                                  0x00406302
                                                                                                                                  0x00406305
                                                                                                                                  0x00000000
                                                                                                                                  0x00406307
                                                                                                                                  0x00000000
                                                                                                                                  0x00406307
                                                                                                                                  0x00406305
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406347
                                                                                                                                  0x00406347
                                                                                                                                  0x0040634b
                                                                                                                                  0x00406953
                                                                                                                                  0x00000000
                                                                                                                                  0x00406953
                                                                                                                                  0x00406351
                                                                                                                                  0x00406354
                                                                                                                                  0x00406357
                                                                                                                                  0x0040635b
                                                                                                                                  0x0040635e
                                                                                                                                  0x00406364
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406369
                                                                                                                                  0x0040636c
                                                                                                                                  0x0040636c
                                                                                                                                  0x00406372
                                                                                                                                  0x00406310
                                                                                                                                  0x00406310
                                                                                                                                  0x00406313
                                                                                                                                  0x00000000
                                                                                                                                  0x00406313
                                                                                                                                  0x00406374
                                                                                                                                  0x00406374
                                                                                                                                  0x00406377
                                                                                                                                  0x0040637a
                                                                                                                                  0x0040637d
                                                                                                                                  0x00406380
                                                                                                                                  0x00406383
                                                                                                                                  0x00406386
                                                                                                                                  0x00406389
                                                                                                                                  0x0040638c
                                                                                                                                  0x0040638f
                                                                                                                                  0x00406392
                                                                                                                                  0x004063aa
                                                                                                                                  0x004063ad
                                                                                                                                  0x004063b0
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b6
                                                                                                                                  0x004063ba
                                                                                                                                  0x004063bc
                                                                                                                                  0x00406394
                                                                                                                                  0x00406394
                                                                                                                                  0x0040639c
                                                                                                                                  0x004063a1
                                                                                                                                  0x004063a3
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063bf
                                                                                                                                  0x004063c6
                                                                                                                                  0x004063c9
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x00000000
                                                                                                                                  0x00406658
                                                                                                                                  0x00406658
                                                                                                                                  0x0040665c
                                                                                                                                  0x00406983
                                                                                                                                  0x00000000
                                                                                                                                  0x00406983
                                                                                                                                  0x00406662
                                                                                                                                  0x00406665
                                                                                                                                  0x00406668
                                                                                                                                  0x0040666c
                                                                                                                                  0x0040666f
                                                                                                                                  0x00406675
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x0040667a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406428
                                                                                                                                  0x00406428
                                                                                                                                  0x0040642b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406767
                                                                                                                                  0x0040676b
                                                                                                                                  0x0040678d
                                                                                                                                  0x00406790
                                                                                                                                  0x0040679a
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040676d
                                                                                                                                  0x00406770
                                                                                                                                  0x00406774
                                                                                                                                  0x00406777
                                                                                                                                  0x00406777
                                                                                                                                  0x0040677a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406824
                                                                                                                                  0x00406828
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x0040684d
                                                                                                                                  0x00406854
                                                                                                                                  0x0040685b
                                                                                                                                  0x0040685b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040685b
                                                                                                                                  0x0040682a
                                                                                                                                  0x0040682d
                                                                                                                                  0x00406830
                                                                                                                                  0x00406833
                                                                                                                                  0x0040683a
                                                                                                                                  0x0040677e
                                                                                                                                  0x0040677e
                                                                                                                                  0x00406781
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406915
                                                                                                                                  0x00406918
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040654f
                                                                                                                                  0x00406551
                                                                                                                                  0x00406558
                                                                                                                                  0x00406559
                                                                                                                                  0x0040655b
                                                                                                                                  0x0040655e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406566
                                                                                                                                  0x00406569
                                                                                                                                  0x0040656c
                                                                                                                                  0x0040656e
                                                                                                                                  0x00406570
                                                                                                                                  0x00406570
                                                                                                                                  0x00406571
                                                                                                                                  0x00406574
                                                                                                                                  0x0040657b
                                                                                                                                  0x0040657e
                                                                                                                                  0x0040658c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406862
                                                                                                                                  0x00406862
                                                                                                                                  0x00406865
                                                                                                                                  0x0040686c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406871
                                                                                                                                  0x00406871
                                                                                                                                  0x00406875
                                                                                                                                  0x004069ad
                                                                                                                                  0x00000000
                                                                                                                                  0x004069ad
                                                                                                                                  0x0040687b
                                                                                                                                  0x0040687e
                                                                                                                                  0x00406881
                                                                                                                                  0x00406885
                                                                                                                                  0x00406888
                                                                                                                                  0x0040688e
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406893
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406899
                                                                                                                                  0x00406899
                                                                                                                                  0x0040689d
                                                                                                                                  0x004068fd
                                                                                                                                  0x00406900
                                                                                                                                  0x00406905
                                                                                                                                  0x00406906
                                                                                                                                  0x00406908
                                                                                                                                  0x0040690a
                                                                                                                                  0x0040690d
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00000000
                                                                                                                                  0x00406819
                                                                                                                                  0x0040689f
                                                                                                                                  0x004068a5
                                                                                                                                  0x004068a8
                                                                                                                                  0x004068ab
                                                                                                                                  0x004068ae
                                                                                                                                  0x004068b1
                                                                                                                                  0x004068b4
                                                                                                                                  0x004068b7
                                                                                                                                  0x004068ba
                                                                                                                                  0x004068bd
                                                                                                                                  0x004068c0
                                                                                                                                  0x004068d9
                                                                                                                                  0x004068dc
                                                                                                                                  0x004068df
                                                                                                                                  0x004068e2
                                                                                                                                  0x004068e6
                                                                                                                                  0x004068e8
                                                                                                                                  0x004068e8
                                                                                                                                  0x004068e9
                                                                                                                                  0x004068ec
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068ca
                                                                                                                                  0x004068cf
                                                                                                                                  0x004068d1
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068ef
                                                                                                                                  0x004068f6
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x00000000
                                                                                                                                  0x00406594
                                                                                                                                  0x00406597
                                                                                                                                  0x004065cd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x00406700
                                                                                                                                  0x00406700
                                                                                                                                  0x00406703
                                                                                                                                  0x00406705
                                                                                                                                  0x0040698f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040698f
                                                                                                                                  0x0040670b
                                                                                                                                  0x0040670e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406714
                                                                                                                                  0x00406718
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671b
                                                                                                                                  0x00406599
                                                                                                                                  0x0040659b
                                                                                                                                  0x0040659d
                                                                                                                                  0x0040659f
                                                                                                                                  0x004065a2
                                                                                                                                  0x004065a3
                                                                                                                                  0x004065a5
                                                                                                                                  0x004065a7
                                                                                                                                  0x004065aa
                                                                                                                                  0x004065ad
                                                                                                                                  0x004065c3
                                                                                                                                  0x004065c8
                                                                                                                                  0x00406600
                                                                                                                                  0x00406600
                                                                                                                                  0x00406604
                                                                                                                                  0x00406630
                                                                                                                                  0x00406632
                                                                                                                                  0x00406639
                                                                                                                                  0x0040663c
                                                                                                                                  0x0040663f
                                                                                                                                  0x0040663f
                                                                                                                                  0x00406644
                                                                                                                                  0x00406644
                                                                                                                                  0x00406646
                                                                                                                                  0x00406649
                                                                                                                                  0x00406650
                                                                                                                                  0x00406653
                                                                                                                                  0x00406680
                                                                                                                                  0x00406680
                                                                                                                                  0x00406683
                                                                                                                                  0x00406686
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x00000000
                                                                                                                                  0x004066fa
                                                                                                                                  0x00406688
                                                                                                                                  0x0040668e
                                                                                                                                  0x00406691
                                                                                                                                  0x00406694
                                                                                                                                  0x00406697
                                                                                                                                  0x0040669a
                                                                                                                                  0x0040669d
                                                                                                                                  0x004066a0
                                                                                                                                  0x004066a3
                                                                                                                                  0x004066a6
                                                                                                                                  0x004066a9
                                                                                                                                  0x004066c2
                                                                                                                                  0x004066c4
                                                                                                                                  0x004066c7
                                                                                                                                  0x004066c8
                                                                                                                                  0x004066cb
                                                                                                                                  0x004066cd
                                                                                                                                  0x004066d0
                                                                                                                                  0x004066d2
                                                                                                                                  0x004066d4
                                                                                                                                  0x004066d7
                                                                                                                                  0x004066d9
                                                                                                                                  0x004066dc
                                                                                                                                  0x004066e0
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e3
                                                                                                                                  0x004066e6
                                                                                                                                  0x004066e9
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066b3
                                                                                                                                  0x004066b8
                                                                                                                                  0x004066ba
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066ec
                                                                                                                                  0x004066f3
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x004066f3
                                                                                                                                  0x00406606
                                                                                                                                  0x00406609
                                                                                                                                  0x0040660b
                                                                                                                                  0x0040660e
                                                                                                                                  0x00406611
                                                                                                                                  0x00406614
                                                                                                                                  0x00406616
                                                                                                                                  0x00406619
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661f
                                                                                                                                  0x0040661f
                                                                                                                                  0x00406622
                                                                                                                                  0x00406629
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00406629
                                                                                                                                  0x004065af
                                                                                                                                  0x004065b2
                                                                                                                                  0x004065b4
                                                                                                                                  0x004065b7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406316
                                                                                                                                  0x00406316
                                                                                                                                  0x0040631a
                                                                                                                                  0x0040695f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040695f
                                                                                                                                  0x00406320
                                                                                                                                  0x00406323
                                                                                                                                  0x00406326
                                                                                                                                  0x00406329
                                                                                                                                  0x0040632c
                                                                                                                                  0x0040632f
                                                                                                                                  0x00406332
                                                                                                                                  0x00406334
                                                                                                                                  0x00406337
                                                                                                                                  0x0040633a
                                                                                                                                  0x0040633d
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a5
                                                                                                                                  0x0040696b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040696b
                                                                                                                                  0x004064ab
                                                                                                                                  0x004064ae
                                                                                                                                  0x004064b1
                                                                                                                                  0x004064b4
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b9
                                                                                                                                  0x004064bc
                                                                                                                                  0x004064bf
                                                                                                                                  0x004064c2
                                                                                                                                  0x004064c5
                                                                                                                                  0x004064c8
                                                                                                                                  0x004064c9
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064ce
                                                                                                                                  0x004064d1
                                                                                                                                  0x004064d4
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064da
                                                                                                                                  0x004064dc
                                                                                                                                  0x004064dc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x00406722
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406728
                                                                                                                                  0x0040672b
                                                                                                                                  0x0040672e
                                                                                                                                  0x00406731
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406736
                                                                                                                                  0x00406739
                                                                                                                                  0x0040673c
                                                                                                                                  0x0040673f
                                                                                                                                  0x00406742
                                                                                                                                  0x00406745
                                                                                                                                  0x00406746
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x0040674b
                                                                                                                                  0x0040674e
                                                                                                                                  0x00406751
                                                                                                                                  0x00406754
                                                                                                                                  0x00406757
                                                                                                                                  0x0040675b
                                                                                                                                  0x0040675d
                                                                                                                                  0x00406760
                                                                                                                                  0x00000000
                                                                                                                                  0x00406762
                                                                                                                                  0x004064df
                                                                                                                                  0x004064df
                                                                                                                                  0x00000000
                                                                                                                                  0x004064df
                                                                                                                                  0x00406760
                                                                                                                                  0x00406995
                                                                                                                                  0x004069b7
                                                                                                                                  0x004069bd
                                                                                                                                  0x004069bf
                                                                                                                                  0x004069c6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4
                                                                                                                                  0x004069cc
                                                                                                                                  0x004069cc
                                                                                                                                  0x00000000

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                                                  • Instruction ID: 3ccfc7c80e99de65fa6db0e0edc8679980b1d0ea62cd2807200041591328ae3c
                                                                                                                                  • Opcode Fuzzy Hash: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                                                  • Instruction Fuzzy Hash: D98187B1D00229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1C7785A96CF44
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 004063D0 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                  			E004063D0() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                                  0x00000000
                                                                                                                                  0x004063d0
                                                                                                                                  0x004063d0
                                                                                                                                  0x004063d4
                                                                                                                                  0x004063f5
                                                                                                                                  0x004063fc
                                                                                                                                  0x00406402
                                                                                                                                  0x00406408
                                                                                                                                  0x0040641a
                                                                                                                                  0x00406420
                                                                                                                                  0x00406425
                                                                                                                                  0x00000000
                                                                                                                                  0x004063d6
                                                                                                                                  0x004063dc
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a6
                                                                                                                                  0x004067ac
                                                                                                                                  0x004067b2
                                                                                                                                  0x004067cc
                                                                                                                                  0x004067cf
                                                                                                                                  0x004067d5
                                                                                                                                  0x004067e0
                                                                                                                                  0x004067e2
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067c3
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067ec
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004067ee
                                                                                                                                  0x004067f2
                                                                                                                                  0x004069a1
                                                                                                                                  0x004069b7
                                                                                                                                  0x004069bf
                                                                                                                                  0x004069c6
                                                                                                                                  0x004069c8
                                                                                                                                  0x004069cf
                                                                                                                                  0x004069d3
                                                                                                                                  0x004069d3
                                                                                                                                  0x004067fe
                                                                                                                                  0x00406805
                                                                                                                                  0x0040680d
                                                                                                                                  0x00406810
                                                                                                                                  0x00406813
                                                                                                                                  0x00406813
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fbe
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fcf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fd8
                                                                                                                                  0x00405fdb
                                                                                                                                  0x00405fde
                                                                                                                                  0x00405fe2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fe8
                                                                                                                                  0x00405feb
                                                                                                                                  0x00405fed
                                                                                                                                  0x00405fee
                                                                                                                                  0x00405ff1
                                                                                                                                  0x00405ff3
                                                                                                                                  0x00405ff4
                                                                                                                                  0x00405ff6
                                                                                                                                  0x00405ff9
                                                                                                                                  0x00405ffe
                                                                                                                                  0x00406003
                                                                                                                                  0x0040600c
                                                                                                                                  0x0040601f
                                                                                                                                  0x00406022
                                                                                                                                  0x0040602e
                                                                                                                                  0x00406056
                                                                                                                                  0x00406058
                                                                                                                                  0x00406066
                                                                                                                                  0x00406066
                                                                                                                                  0x0040606a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605d
                                                                                                                                  0x0040605e
                                                                                                                                  0x0040605e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x00406034
                                                                                                                                  0x00406039
                                                                                                                                  0x00406039
                                                                                                                                  0x00406042
                                                                                                                                  0x0040604a
                                                                                                                                  0x0040604d
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406070
                                                                                                                                  0x00406070
                                                                                                                                  0x00406074
                                                                                                                                  0x00406920
                                                                                                                                  0x00000000
                                                                                                                                  0x00406920
                                                                                                                                  0x0040607d
                                                                                                                                  0x0040608d
                                                                                                                                  0x00406090
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406096
                                                                                                                                  0x0040609a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040609c
                                                                                                                                  0x004060a2
                                                                                                                                  0x004060cc
                                                                                                                                  0x004060d2
                                                                                                                                  0x004060d9
                                                                                                                                  0x00000000
                                                                                                                                  0x004060d9
                                                                                                                                  0x004060a8
                                                                                                                                  0x004060ab
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060bb
                                                                                                                                  0x004060c3
                                                                                                                                  0x004060c6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040610b
                                                                                                                                  0x00406111
                                                                                                                                  0x00406114
                                                                                                                                  0x00406121
                                                                                                                                  0x00406129
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e4
                                                                                                                                  0x0040692f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040692f
                                                                                                                                  0x004060f0
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fe
                                                                                                                                  0x00406101
                                                                                                                                  0x00406104
                                                                                                                                  0x00406109
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a6
                                                                                                                                  0x004067ac
                                                                                                                                  0x004067b2
                                                                                                                                  0x004067cc
                                                                                                                                  0x004067cf
                                                                                                                                  0x004067d5
                                                                                                                                  0x004067e0
                                                                                                                                  0x004067e2
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067c3
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067ec
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406131
                                                                                                                                  0x00406133
                                                                                                                                  0x00406136
                                                                                                                                  0x004061a7
                                                                                                                                  0x004061aa
                                                                                                                                  0x004061ad
                                                                                                                                  0x004061b4
                                                                                                                                  0x004061be
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x00406138
                                                                                                                                  0x0040613c
                                                                                                                                  0x0040613f
                                                                                                                                  0x00406141
                                                                                                                                  0x00406144
                                                                                                                                  0x00406147
                                                                                                                                  0x00406149
                                                                                                                                  0x0040614c
                                                                                                                                  0x0040614e
                                                                                                                                  0x00406153
                                                                                                                                  0x00406156
                                                                                                                                  0x00406159
                                                                                                                                  0x0040615d
                                                                                                                                  0x00406164
                                                                                                                                  0x00406167
                                                                                                                                  0x0040616e
                                                                                                                                  0x00406172
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x0040617e
                                                                                                                                  0x00406181
                                                                                                                                  0x0040619f
                                                                                                                                  0x004061a1
                                                                                                                                  0x00000000
                                                                                                                                  0x00406183
                                                                                                                                  0x00406183
                                                                                                                                  0x00406186
                                                                                                                                  0x00406189
                                                                                                                                  0x0040618c
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x00406191
                                                                                                                                  0x00406194
                                                                                                                                  0x00406196
                                                                                                                                  0x00406197
                                                                                                                                  0x0040619a
                                                                                                                                  0x00000000
                                                                                                                                  0x0040619a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040643a
                                                                                                                                  0x0040643e
                                                                                                                                  0x00406461
                                                                                                                                  0x00406464
                                                                                                                                  0x00406467
                                                                                                                                  0x00406471
                                                                                                                                  0x00406440
                                                                                                                                  0x00406440
                                                                                                                                  0x00406443
                                                                                                                                  0x00406446
                                                                                                                                  0x00406449
                                                                                                                                  0x00406456
                                                                                                                                  0x00406459
                                                                                                                                  0x00406459
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040647d
                                                                                                                                  0x00406481
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406487
                                                                                                                                  0x0040648b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406491
                                                                                                                                  0x00406493
                                                                                                                                  0x00406497
                                                                                                                                  0x00406497
                                                                                                                                  0x0040649a
                                                                                                                                  0x0040649e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004064ee
                                                                                                                                  0x004064f2
                                                                                                                                  0x004064f9
                                                                                                                                  0x004064fc
                                                                                                                                  0x004064ff
                                                                                                                                  0x00406509
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x004064f4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406515
                                                                                                                                  0x00406519
                                                                                                                                  0x00406520
                                                                                                                                  0x00406523
                                                                                                                                  0x00406526
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x00406529
                                                                                                                                  0x0040652c
                                                                                                                                  0x0040652f
                                                                                                                                  0x0040652f
                                                                                                                                  0x00406532
                                                                                                                                  0x00406535
                                                                                                                                  0x00406538
                                                                                                                                  0x00406538
                                                                                                                                  0x0040653b
                                                                                                                                  0x00406542
                                                                                                                                  0x00406547
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d9
                                                                                                                                  0x00406977
                                                                                                                                  0x00000000
                                                                                                                                  0x00406977
                                                                                                                                  0x004065df
                                                                                                                                  0x004065e2
                                                                                                                                  0x004065e5
                                                                                                                                  0x004065e9
                                                                                                                                  0x004065ec
                                                                                                                                  0x004065f2
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f7
                                                                                                                                  0x004065fa
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ce
                                                                                                                                  0x0040693b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040693b
                                                                                                                                  0x004061d4
                                                                                                                                  0x004061d7
                                                                                                                                  0x004061da
                                                                                                                                  0x004061de
                                                                                                                                  0x004061e1
                                                                                                                                  0x004061e7
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061ec
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061f2
                                                                                                                                  0x004061f5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004061fb
                                                                                                                                  0x00406201
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406207
                                                                                                                                  0x00406207
                                                                                                                                  0x0040620b
                                                                                                                                  0x0040620e
                                                                                                                                  0x00406211
                                                                                                                                  0x00406214
                                                                                                                                  0x00406217
                                                                                                                                  0x00406218
                                                                                                                                  0x0040621b
                                                                                                                                  0x0040621d
                                                                                                                                  0x00406223
                                                                                                                                  0x00406226
                                                                                                                                  0x00406229
                                                                                                                                  0x0040622c
                                                                                                                                  0x0040622f
                                                                                                                                  0x00406232
                                                                                                                                  0x00406235
                                                                                                                                  0x00406251
                                                                                                                                  0x00406254
                                                                                                                                  0x00406257
                                                                                                                                  0x0040625a
                                                                                                                                  0x00406261
                                                                                                                                  0x00406265
                                                                                                                                  0x00406267
                                                                                                                                  0x0040626b
                                                                                                                                  0x00406237
                                                                                                                                  0x00406237
                                                                                                                                  0x0040623b
                                                                                                                                  0x00406243
                                                                                                                                  0x00406248
                                                                                                                                  0x0040624a
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040626e
                                                                                                                                  0x00406275
                                                                                                                                  0x00406278
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x00000000
                                                                                                                                  0x00406283
                                                                                                                                  0x00406283
                                                                                                                                  0x00406287
                                                                                                                                  0x00406947
                                                                                                                                  0x00000000
                                                                                                                                  0x00406947
                                                                                                                                  0x0040628d
                                                                                                                                  0x00406290
                                                                                                                                  0x00406293
                                                                                                                                  0x00406297
                                                                                                                                  0x0040629a
                                                                                                                                  0x004062a0
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a5
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062ae
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004062b0
                                                                                                                                  0x004062b3
                                                                                                                                  0x004062b6
                                                                                                                                  0x004062b9
                                                                                                                                  0x004062bc
                                                                                                                                  0x004062bf
                                                                                                                                  0x004062c2
                                                                                                                                  0x004062c5
                                                                                                                                  0x004062c8
                                                                                                                                  0x004062cb
                                                                                                                                  0x004062ce
                                                                                                                                  0x004062e6
                                                                                                                                  0x004062e9
                                                                                                                                  0x004062ec
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062f2
                                                                                                                                  0x004062f6
                                                                                                                                  0x004062f8
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d8
                                                                                                                                  0x004062dd
                                                                                                                                  0x004062df
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062fb
                                                                                                                                  0x00406302
                                                                                                                                  0x00406305
                                                                                                                                  0x00000000
                                                                                                                                  0x00406307
                                                                                                                                  0x00000000
                                                                                                                                  0x00406307
                                                                                                                                  0x00406305
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406347
                                                                                                                                  0x00406347
                                                                                                                                  0x0040634b
                                                                                                                                  0x00406953
                                                                                                                                  0x00000000
                                                                                                                                  0x00406953
                                                                                                                                  0x00406351
                                                                                                                                  0x00406354
                                                                                                                                  0x00406357
                                                                                                                                  0x0040635b
                                                                                                                                  0x0040635e
                                                                                                                                  0x00406364
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406369
                                                                                                                                  0x0040636c
                                                                                                                                  0x0040636c
                                                                                                                                  0x00406372
                                                                                                                                  0x00406310
                                                                                                                                  0x00406310
                                                                                                                                  0x00406313
                                                                                                                                  0x00000000
                                                                                                                                  0x00406313
                                                                                                                                  0x00406374
                                                                                                                                  0x00406374
                                                                                                                                  0x00406377
                                                                                                                                  0x0040637a
                                                                                                                                  0x0040637d
                                                                                                                                  0x00406380
                                                                                                                                  0x00406383
                                                                                                                                  0x00406386
                                                                                                                                  0x00406389
                                                                                                                                  0x0040638c
                                                                                                                                  0x0040638f
                                                                                                                                  0x00406392
                                                                                                                                  0x004063aa
                                                                                                                                  0x004063ad
                                                                                                                                  0x004063b0
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b6
                                                                                                                                  0x004063ba
                                                                                                                                  0x004063bc
                                                                                                                                  0x00406394
                                                                                                                                  0x00406394
                                                                                                                                  0x0040639c
                                                                                                                                  0x004063a1
                                                                                                                                  0x004063a3
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063bf
                                                                                                                                  0x004063c6
                                                                                                                                  0x004063c9
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x00000000
                                                                                                                                  0x00406658
                                                                                                                                  0x00406658
                                                                                                                                  0x0040665c
                                                                                                                                  0x00406983
                                                                                                                                  0x00000000
                                                                                                                                  0x00406983
                                                                                                                                  0x00406662
                                                                                                                                  0x00406665
                                                                                                                                  0x00406668
                                                                                                                                  0x0040666c
                                                                                                                                  0x0040666f
                                                                                                                                  0x00406675
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x0040667a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406428
                                                                                                                                  0x00406428
                                                                                                                                  0x0040642b
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x00406767
                                                                                                                                  0x0040676b
                                                                                                                                  0x0040678d
                                                                                                                                  0x00406790
                                                                                                                                  0x0040679a
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040676d
                                                                                                                                  0x00406770
                                                                                                                                  0x00406774
                                                                                                                                  0x00406777
                                                                                                                                  0x00406777
                                                                                                                                  0x0040677a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406824
                                                                                                                                  0x00406828
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x0040684d
                                                                                                                                  0x00406854
                                                                                                                                  0x0040685b
                                                                                                                                  0x0040685b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040685b
                                                                                                                                  0x0040682a
                                                                                                                                  0x0040682d
                                                                                                                                  0x00406830
                                                                                                                                  0x00406833
                                                                                                                                  0x0040683a
                                                                                                                                  0x0040677e
                                                                                                                                  0x0040677e
                                                                                                                                  0x00406781
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406915
                                                                                                                                  0x00406918
                                                                                                                                  0x00406819
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040654f
                                                                                                                                  0x00406551
                                                                                                                                  0x00406558
                                                                                                                                  0x00406559
                                                                                                                                  0x0040655b
                                                                                                                                  0x0040655e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406566
                                                                                                                                  0x00406569
                                                                                                                                  0x0040656c
                                                                                                                                  0x0040656e
                                                                                                                                  0x00406570
                                                                                                                                  0x00406570
                                                                                                                                  0x00406571
                                                                                                                                  0x00406574
                                                                                                                                  0x0040657b
                                                                                                                                  0x0040657e
                                                                                                                                  0x0040658c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406862
                                                                                                                                  0x00406862
                                                                                                                                  0x00406865
                                                                                                                                  0x0040686c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406871
                                                                                                                                  0x00406871
                                                                                                                                  0x00406875
                                                                                                                                  0x004069ad
                                                                                                                                  0x00000000
                                                                                                                                  0x004069ad
                                                                                                                                  0x0040687b
                                                                                                                                  0x0040687e
                                                                                                                                  0x00406881
                                                                                                                                  0x00406885
                                                                                                                                  0x00406888
                                                                                                                                  0x0040688e
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406893
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406899
                                                                                                                                  0x00406899
                                                                                                                                  0x0040689d
                                                                                                                                  0x004068fd
                                                                                                                                  0x00406900
                                                                                                                                  0x00406905
                                                                                                                                  0x00406906
                                                                                                                                  0x00406908
                                                                                                                                  0x0040690a
                                                                                                                                  0x0040690d
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00000000
                                                                                                                                  0x0040681f
                                                                                                                                  0x00406819
                                                                                                                                  0x0040689f
                                                                                                                                  0x004068a5
                                                                                                                                  0x004068a8
                                                                                                                                  0x004068ab
                                                                                                                                  0x004068ae
                                                                                                                                  0x004068b1
                                                                                                                                  0x004068b4
                                                                                                                                  0x004068b7
                                                                                                                                  0x004068ba
                                                                                                                                  0x004068bd
                                                                                                                                  0x004068c0
                                                                                                                                  0x004068d9
                                                                                                                                  0x004068dc
                                                                                                                                  0x004068df
                                                                                                                                  0x004068e2
                                                                                                                                  0x004068e6
                                                                                                                                  0x004068e8
                                                                                                                                  0x004068e8
                                                                                                                                  0x004068e9
                                                                                                                                  0x004068ec
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068ca
                                                                                                                                  0x004068cf
                                                                                                                                  0x004068d1
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068ef
                                                                                                                                  0x004068f6
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x00000000
                                                                                                                                  0x00406594
                                                                                                                                  0x00406597
                                                                                                                                  0x004065cd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x00406700
                                                                                                                                  0x00406700
                                                                                                                                  0x00406703
                                                                                                                                  0x00406705
                                                                                                                                  0x0040698f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040698f
                                                                                                                                  0x0040670b
                                                                                                                                  0x0040670e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406714
                                                                                                                                  0x00406718
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671b
                                                                                                                                  0x00406599
                                                                                                                                  0x0040659b
                                                                                                                                  0x0040659d
                                                                                                                                  0x0040659f
                                                                                                                                  0x004065a2
                                                                                                                                  0x004065a3
                                                                                                                                  0x004065a5
                                                                                                                                  0x004065a7
                                                                                                                                  0x004065aa
                                                                                                                                  0x004065ad
                                                                                                                                  0x004065c3
                                                                                                                                  0x004065c8
                                                                                                                                  0x00406600
                                                                                                                                  0x00406600
                                                                                                                                  0x00406604
                                                                                                                                  0x00406630
                                                                                                                                  0x00406632
                                                                                                                                  0x00406639
                                                                                                                                  0x0040663c
                                                                                                                                  0x0040663f
                                                                                                                                  0x0040663f
                                                                                                                                  0x00406644
                                                                                                                                  0x00406644
                                                                                                                                  0x00406646
                                                                                                                                  0x00406649
                                                                                                                                  0x00406650
                                                                                                                                  0x00406653
                                                                                                                                  0x00406680
                                                                                                                                  0x00406680
                                                                                                                                  0x00406683
                                                                                                                                  0x00406686
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x00000000
                                                                                                                                  0x004066fa
                                                                                                                                  0x00406688
                                                                                                                                  0x0040668e
                                                                                                                                  0x00406691
                                                                                                                                  0x00406694
                                                                                                                                  0x00406697
                                                                                                                                  0x0040669a
                                                                                                                                  0x0040669d
                                                                                                                                  0x004066a0
                                                                                                                                  0x004066a3
                                                                                                                                  0x004066a6
                                                                                                                                  0x004066a9
                                                                                                                                  0x004066c2
                                                                                                                                  0x004066c4
                                                                                                                                  0x004066c7
                                                                                                                                  0x004066c8
                                                                                                                                  0x004066cb
                                                                                                                                  0x004066cd
                                                                                                                                  0x004066d0
                                                                                                                                  0x004066d2
                                                                                                                                  0x004066d4
                                                                                                                                  0x004066d7
                                                                                                                                  0x004066d9
                                                                                                                                  0x004066dc
                                                                                                                                  0x004066e0
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e3
                                                                                                                                  0x004066e6
                                                                                                                                  0x004066e9
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066b3
                                                                                                                                  0x004066b8
                                                                                                                                  0x004066ba
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066ec
                                                                                                                                  0x004066f3
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x004066f3
                                                                                                                                  0x00406606
                                                                                                                                  0x00406609
                                                                                                                                  0x0040660b
                                                                                                                                  0x0040660e
                                                                                                                                  0x00406611
                                                                                                                                  0x00406614
                                                                                                                                  0x00406616
                                                                                                                                  0x00406619
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661f
                                                                                                                                  0x0040661f
                                                                                                                                  0x00406622
                                                                                                                                  0x00406629
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00406629
                                                                                                                                  0x004065af
                                                                                                                                  0x004065b2
                                                                                                                                  0x004065b4
                                                                                                                                  0x004065b7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406316
                                                                                                                                  0x00406316
                                                                                                                                  0x0040631a
                                                                                                                                  0x0040695f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040695f
                                                                                                                                  0x00406320
                                                                                                                                  0x00406323
                                                                                                                                  0x00406326
                                                                                                                                  0x00406329
                                                                                                                                  0x0040632c
                                                                                                                                  0x0040632f
                                                                                                                                  0x00406332
                                                                                                                                  0x00406334
                                                                                                                                  0x00406337
                                                                                                                                  0x0040633a
                                                                                                                                  0x0040633d
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a5
                                                                                                                                  0x0040696b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040696b
                                                                                                                                  0x004064ab
                                                                                                                                  0x004064ae
                                                                                                                                  0x004064b1
                                                                                                                                  0x004064b4
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b9
                                                                                                                                  0x004064bc
                                                                                                                                  0x004064bf
                                                                                                                                  0x004064c2
                                                                                                                                  0x004064c5
                                                                                                                                  0x004064c8
                                                                                                                                  0x004064c9
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064ce
                                                                                                                                  0x004064d1
                                                                                                                                  0x004064d4
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064da
                                                                                                                                  0x004064dc
                                                                                                                                  0x004064dc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x00406722
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406728
                                                                                                                                  0x0040672b
                                                                                                                                  0x0040672e
                                                                                                                                  0x00406731
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406736
                                                                                                                                  0x00406739
                                                                                                                                  0x0040673c
                                                                                                                                  0x0040673f
                                                                                                                                  0x00406742
                                                                                                                                  0x00406745
                                                                                                                                  0x00406746
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x0040674b
                                                                                                                                  0x0040674e
                                                                                                                                  0x00406751
                                                                                                                                  0x00406754
                                                                                                                                  0x00406757
                                                                                                                                  0x0040675b
                                                                                                                                  0x0040675d
                                                                                                                                  0x00406760
                                                                                                                                  0x00000000
                                                                                                                                  0x00406762
                                                                                                                                  0x004064df
                                                                                                                                  0x004064df
                                                                                                                                  0x00000000
                                                                                                                                  0x004064df
                                                                                                                                  0x00406760
                                                                                                                                  0x00406995
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4
                                                                                                                                  0x004069cc
                                                                                                                                  0x004069cc
                                                                                                                                  0x00000000
                                                                                                                                  0x004069cc
                                                                                                                                  0x00406819
                                                                                                                                  0x004067a0
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x004063d4

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                                                  • Instruction ID: 235c9a1f152390887c8e3346b3cf8cf745e7d176c25095dba4735a56a8f4339d
                                                                                                                                  • Opcode Fuzzy Hash: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                                                  • Instruction Fuzzy Hash: 80714371D00229CBDF28CFA8C8447ADBBF1FB48305F15806AD846BB281D7395A96DF54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 004064EE Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                  			E004064EE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                                  0x00000000
                                                                                                                                  0x004064ee
                                                                                                                                  0x004064ee
                                                                                                                                  0x004064f2
                                                                                                                                  0x004064ff
                                                                                                                                  0x00406509
                                                                                                                                  0x00000000
                                                                                                                                  0x004064f4
                                                                                                                                  0x004064f4
                                                                                                                                  0x0040652f
                                                                                                                                  0x00406532
                                                                                                                                  0x00406535
                                                                                                                                  0x00406538
                                                                                                                                  0x00406538
                                                                                                                                  0x0040653b
                                                                                                                                  0x00406542
                                                                                                                                  0x00406547
                                                                                                                                  0x00406428
                                                                                                                                  0x0040642b
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a6
                                                                                                                                  0x004067ac
                                                                                                                                  0x004067b2
                                                                                                                                  0x004067cc
                                                                                                                                  0x004067cf
                                                                                                                                  0x004067d5
                                                                                                                                  0x004067e0
                                                                                                                                  0x004067e2
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067c3
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067ec
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004067ee
                                                                                                                                  0x004067f2
                                                                                                                                  0x004069a1
                                                                                                                                  0x004069b7
                                                                                                                                  0x004069bf
                                                                                                                                  0x004069c6
                                                                                                                                  0x004069c8
                                                                                                                                  0x004069cf
                                                                                                                                  0x004069d3
                                                                                                                                  0x004069d3
                                                                                                                                  0x004067fe
                                                                                                                                  0x00406805
                                                                                                                                  0x0040680d
                                                                                                                                  0x00406810
                                                                                                                                  0x00406813
                                                                                                                                  0x00406813
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fbe
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fcf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fd8
                                                                                                                                  0x00405fdb
                                                                                                                                  0x00405fde
                                                                                                                                  0x00405fe2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fe8
                                                                                                                                  0x00405feb
                                                                                                                                  0x00405fed
                                                                                                                                  0x00405fee
                                                                                                                                  0x00405ff1
                                                                                                                                  0x00405ff3
                                                                                                                                  0x00405ff4
                                                                                                                                  0x00405ff6
                                                                                                                                  0x00405ff9
                                                                                                                                  0x00405ffe
                                                                                                                                  0x00406003
                                                                                                                                  0x0040600c
                                                                                                                                  0x0040601f
                                                                                                                                  0x00406022
                                                                                                                                  0x0040602e
                                                                                                                                  0x00406056
                                                                                                                                  0x00406058
                                                                                                                                  0x00406066
                                                                                                                                  0x00406066
                                                                                                                                  0x0040606a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605d
                                                                                                                                  0x0040605e
                                                                                                                                  0x0040605e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x00406034
                                                                                                                                  0x00406039
                                                                                                                                  0x00406039
                                                                                                                                  0x00406042
                                                                                                                                  0x0040604a
                                                                                                                                  0x0040604d
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406070
                                                                                                                                  0x00406070
                                                                                                                                  0x00406074
                                                                                                                                  0x00406920
                                                                                                                                  0x00000000
                                                                                                                                  0x00406920
                                                                                                                                  0x0040607d
                                                                                                                                  0x0040608d
                                                                                                                                  0x00406090
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406096
                                                                                                                                  0x0040609a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040609c
                                                                                                                                  0x004060a2
                                                                                                                                  0x004060cc
                                                                                                                                  0x004060d2
                                                                                                                                  0x004060d9
                                                                                                                                  0x00000000
                                                                                                                                  0x004060d9
                                                                                                                                  0x004060a8
                                                                                                                                  0x004060ab
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060bb
                                                                                                                                  0x004060c3
                                                                                                                                  0x004060c6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040610b
                                                                                                                                  0x00406111
                                                                                                                                  0x00406114
                                                                                                                                  0x00406121
                                                                                                                                  0x00406129
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e4
                                                                                                                                  0x0040692f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040692f
                                                                                                                                  0x004060f0
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fe
                                                                                                                                  0x00406101
                                                                                                                                  0x00406104
                                                                                                                                  0x00406109
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a6
                                                                                                                                  0x004067ac
                                                                                                                                  0x004067b2
                                                                                                                                  0x004067cc
                                                                                                                                  0x004067cf
                                                                                                                                  0x004067d5
                                                                                                                                  0x004067e0
                                                                                                                                  0x004067e2
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067c3
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067ec
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406131
                                                                                                                                  0x00406133
                                                                                                                                  0x00406136
                                                                                                                                  0x004061a7
                                                                                                                                  0x004061aa
                                                                                                                                  0x004061ad
                                                                                                                                  0x004061b4
                                                                                                                                  0x004061be
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00406138
                                                                                                                                  0x0040613c
                                                                                                                                  0x0040613f
                                                                                                                                  0x00406141
                                                                                                                                  0x00406144
                                                                                                                                  0x00406147
                                                                                                                                  0x00406149
                                                                                                                                  0x0040614c
                                                                                                                                  0x0040614e
                                                                                                                                  0x00406153
                                                                                                                                  0x00406156
                                                                                                                                  0x00406159
                                                                                                                                  0x0040615d
                                                                                                                                  0x00406164
                                                                                                                                  0x00406167
                                                                                                                                  0x0040616e
                                                                                                                                  0x00406172
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x0040617e
                                                                                                                                  0x00406181
                                                                                                                                  0x0040619f
                                                                                                                                  0x004061a1
                                                                                                                                  0x00000000
                                                                                                                                  0x00406183
                                                                                                                                  0x00406183
                                                                                                                                  0x00406186
                                                                                                                                  0x00406189
                                                                                                                                  0x0040618c
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x00406191
                                                                                                                                  0x00406194
                                                                                                                                  0x00406196
                                                                                                                                  0x00406197
                                                                                                                                  0x0040619a
                                                                                                                                  0x00000000
                                                                                                                                  0x0040619a
                                                                                                                                  0x00000000
                                                                                                                                  0x004063d0
                                                                                                                                  0x004063d4
                                                                                                                                  0x004063f2
                                                                                                                                  0x004063f5
                                                                                                                                  0x004063fc
                                                                                                                                  0x004063ff
                                                                                                                                  0x00406402
                                                                                                                                  0x00406405
                                                                                                                                  0x00406408
                                                                                                                                  0x0040640b
                                                                                                                                  0x0040640d
                                                                                                                                  0x00406414
                                                                                                                                  0x00406415
                                                                                                                                  0x00406417
                                                                                                                                  0x0040641a
                                                                                                                                  0x0040641d
                                                                                                                                  0x00406420
                                                                                                                                  0x00406420
                                                                                                                                  0x00406425
                                                                                                                                  0x00000000
                                                                                                                                  0x00406425
                                                                                                                                  0x004063d6
                                                                                                                                  0x004063d9
                                                                                                                                  0x004063dc
                                                                                                                                  0x004063e6
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040643a
                                                                                                                                  0x0040643e
                                                                                                                                  0x00406461
                                                                                                                                  0x00406464
                                                                                                                                  0x00406467
                                                                                                                                  0x00406471
                                                                                                                                  0x00406440
                                                                                                                                  0x00406440
                                                                                                                                  0x00406443
                                                                                                                                  0x00406446
                                                                                                                                  0x00406449
                                                                                                                                  0x00406456
                                                                                                                                  0x00406459
                                                                                                                                  0x00406459
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040647d
                                                                                                                                  0x00406481
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406487
                                                                                                                                  0x0040648b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406491
                                                                                                                                  0x00406493
                                                                                                                                  0x00406497
                                                                                                                                  0x00406497
                                                                                                                                  0x0040649a
                                                                                                                                  0x0040649e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406515
                                                                                                                                  0x00406519
                                                                                                                                  0x00406520
                                                                                                                                  0x00406523
                                                                                                                                  0x00406526
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x00406529
                                                                                                                                  0x0040652c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d9
                                                                                                                                  0x00406977
                                                                                                                                  0x00000000
                                                                                                                                  0x00406977
                                                                                                                                  0x004065df
                                                                                                                                  0x004065e2
                                                                                                                                  0x004065e5
                                                                                                                                  0x004065e9
                                                                                                                                  0x004065ec
                                                                                                                                  0x004065f2
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f7
                                                                                                                                  0x004065fa
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ce
                                                                                                                                  0x0040693b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040693b
                                                                                                                                  0x004061d4
                                                                                                                                  0x004061d7
                                                                                                                                  0x004061da
                                                                                                                                  0x004061de
                                                                                                                                  0x004061e1
                                                                                                                                  0x004061e7
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061ec
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061f2
                                                                                                                                  0x004061f5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004061fb
                                                                                                                                  0x00406201
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406207
                                                                                                                                  0x00406207
                                                                                                                                  0x0040620b
                                                                                                                                  0x0040620e
                                                                                                                                  0x00406211
                                                                                                                                  0x00406214
                                                                                                                                  0x00406217
                                                                                                                                  0x00406218
                                                                                                                                  0x0040621b
                                                                                                                                  0x0040621d
                                                                                                                                  0x00406223
                                                                                                                                  0x00406226
                                                                                                                                  0x00406229
                                                                                                                                  0x0040622c
                                                                                                                                  0x0040622f
                                                                                                                                  0x00406232
                                                                                                                                  0x00406235
                                                                                                                                  0x00406251
                                                                                                                                  0x00406254
                                                                                                                                  0x00406257
                                                                                                                                  0x0040625a
                                                                                                                                  0x00406261
                                                                                                                                  0x00406265
                                                                                                                                  0x00406267
                                                                                                                                  0x0040626b
                                                                                                                                  0x00406237
                                                                                                                                  0x00406237
                                                                                                                                  0x0040623b
                                                                                                                                  0x00406243
                                                                                                                                  0x00406248
                                                                                                                                  0x0040624a
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040626e
                                                                                                                                  0x00406275
                                                                                                                                  0x00406278
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x00000000
                                                                                                                                  0x00406283
                                                                                                                                  0x00406283
                                                                                                                                  0x00406287
                                                                                                                                  0x00406947
                                                                                                                                  0x00000000
                                                                                                                                  0x00406947
                                                                                                                                  0x0040628d
                                                                                                                                  0x00406290
                                                                                                                                  0x00406293
                                                                                                                                  0x00406297
                                                                                                                                  0x0040629a
                                                                                                                                  0x004062a0
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a5
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062ae
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004062b0
                                                                                                                                  0x004062b3
                                                                                                                                  0x004062b6
                                                                                                                                  0x004062b9
                                                                                                                                  0x004062bc
                                                                                                                                  0x004062bf
                                                                                                                                  0x004062c2
                                                                                                                                  0x004062c5
                                                                                                                                  0x004062c8
                                                                                                                                  0x004062cb
                                                                                                                                  0x004062ce
                                                                                                                                  0x004062e6
                                                                                                                                  0x004062e9
                                                                                                                                  0x004062ec
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062f2
                                                                                                                                  0x004062f6
                                                                                                                                  0x004062f8
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d8
                                                                                                                                  0x004062dd
                                                                                                                                  0x004062df
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062fb
                                                                                                                                  0x00406302
                                                                                                                                  0x00406305
                                                                                                                                  0x00000000
                                                                                                                                  0x00406307
                                                                                                                                  0x00000000
                                                                                                                                  0x00406307
                                                                                                                                  0x00406305
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406347
                                                                                                                                  0x00406347
                                                                                                                                  0x0040634b
                                                                                                                                  0x00406953
                                                                                                                                  0x00000000
                                                                                                                                  0x00406953
                                                                                                                                  0x00406351
                                                                                                                                  0x00406354
                                                                                                                                  0x00406357
                                                                                                                                  0x0040635b
                                                                                                                                  0x0040635e
                                                                                                                                  0x00406364
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406369
                                                                                                                                  0x0040636c
                                                                                                                                  0x0040636c
                                                                                                                                  0x00406372
                                                                                                                                  0x00406310
                                                                                                                                  0x00406310
                                                                                                                                  0x00406313
                                                                                                                                  0x00000000
                                                                                                                                  0x00406313
                                                                                                                                  0x00406374
                                                                                                                                  0x00406374
                                                                                                                                  0x00406377
                                                                                                                                  0x0040637a
                                                                                                                                  0x0040637d
                                                                                                                                  0x00406380
                                                                                                                                  0x00406383
                                                                                                                                  0x00406386
                                                                                                                                  0x00406389
                                                                                                                                  0x0040638c
                                                                                                                                  0x0040638f
                                                                                                                                  0x00406392
                                                                                                                                  0x004063aa
                                                                                                                                  0x004063ad
                                                                                                                                  0x004063b0
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b6
                                                                                                                                  0x004063ba
                                                                                                                                  0x004063bc
                                                                                                                                  0x00406394
                                                                                                                                  0x00406394
                                                                                                                                  0x0040639c
                                                                                                                                  0x004063a1
                                                                                                                                  0x004063a3
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063bf
                                                                                                                                  0x004063c6
                                                                                                                                  0x004063c9
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x00000000
                                                                                                                                  0x00406658
                                                                                                                                  0x00406658
                                                                                                                                  0x0040665c
                                                                                                                                  0x00406983
                                                                                                                                  0x00000000
                                                                                                                                  0x00406983
                                                                                                                                  0x00406662
                                                                                                                                  0x00406665
                                                                                                                                  0x00406668
                                                                                                                                  0x0040666c
                                                                                                                                  0x0040666f
                                                                                                                                  0x00406675
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x0040667a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406767
                                                                                                                                  0x0040676b
                                                                                                                                  0x0040678d
                                                                                                                                  0x00406790
                                                                                                                                  0x0040679a
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040676d
                                                                                                                                  0x00406770
                                                                                                                                  0x00406774
                                                                                                                                  0x00406777
                                                                                                                                  0x00406777
                                                                                                                                  0x0040677a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406824
                                                                                                                                  0x00406828
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x0040684d
                                                                                                                                  0x00406854
                                                                                                                                  0x0040685b
                                                                                                                                  0x0040685b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040685b
                                                                                                                                  0x0040682a
                                                                                                                                  0x0040682d
                                                                                                                                  0x00406830
                                                                                                                                  0x00406833
                                                                                                                                  0x0040683a
                                                                                                                                  0x0040677e
                                                                                                                                  0x0040677e
                                                                                                                                  0x00406781
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406915
                                                                                                                                  0x00406918
                                                                                                                                  0x00406819
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040654f
                                                                                                                                  0x00406551
                                                                                                                                  0x00406558
                                                                                                                                  0x00406559
                                                                                                                                  0x0040655b
                                                                                                                                  0x0040655e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406566
                                                                                                                                  0x00406569
                                                                                                                                  0x0040656c
                                                                                                                                  0x0040656e
                                                                                                                                  0x00406570
                                                                                                                                  0x00406570
                                                                                                                                  0x00406571
                                                                                                                                  0x00406574
                                                                                                                                  0x0040657b
                                                                                                                                  0x0040657e
                                                                                                                                  0x0040658c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406862
                                                                                                                                  0x00406862
                                                                                                                                  0x00406865
                                                                                                                                  0x0040686c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406871
                                                                                                                                  0x00406871
                                                                                                                                  0x00406875
                                                                                                                                  0x004069ad
                                                                                                                                  0x00000000
                                                                                                                                  0x004069ad
                                                                                                                                  0x0040687b
                                                                                                                                  0x0040687e
                                                                                                                                  0x00406881
                                                                                                                                  0x00406885
                                                                                                                                  0x00406888
                                                                                                                                  0x0040688e
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406893
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406899
                                                                                                                                  0x00406899
                                                                                                                                  0x0040689d
                                                                                                                                  0x004068fd
                                                                                                                                  0x00406900
                                                                                                                                  0x00406905
                                                                                                                                  0x00406906
                                                                                                                                  0x00406908
                                                                                                                                  0x0040690a
                                                                                                                                  0x0040690d
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00000000
                                                                                                                                  0x0040681f
                                                                                                                                  0x00406819
                                                                                                                                  0x0040689f
                                                                                                                                  0x004068a5
                                                                                                                                  0x004068a8
                                                                                                                                  0x004068ab
                                                                                                                                  0x004068ae
                                                                                                                                  0x004068b1
                                                                                                                                  0x004068b4
                                                                                                                                  0x004068b7
                                                                                                                                  0x004068ba
                                                                                                                                  0x004068bd
                                                                                                                                  0x004068c0
                                                                                                                                  0x004068d9
                                                                                                                                  0x004068dc
                                                                                                                                  0x004068df
                                                                                                                                  0x004068e2
                                                                                                                                  0x004068e6
                                                                                                                                  0x004068e8
                                                                                                                                  0x004068e8
                                                                                                                                  0x004068e9
                                                                                                                                  0x004068ec
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068ca
                                                                                                                                  0x004068cf
                                                                                                                                  0x004068d1
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068ef
                                                                                                                                  0x004068f6
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x00000000
                                                                                                                                  0x00406594
                                                                                                                                  0x00406597
                                                                                                                                  0x004065cd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x00406700
                                                                                                                                  0x00406700
                                                                                                                                  0x00406703
                                                                                                                                  0x00406705
                                                                                                                                  0x0040698f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040698f
                                                                                                                                  0x0040670b
                                                                                                                                  0x0040670e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406714
                                                                                                                                  0x00406718
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671b
                                                                                                                                  0x00406599
                                                                                                                                  0x0040659b
                                                                                                                                  0x0040659d
                                                                                                                                  0x0040659f
                                                                                                                                  0x004065a2
                                                                                                                                  0x004065a3
                                                                                                                                  0x004065a5
                                                                                                                                  0x004065a7
                                                                                                                                  0x004065aa
                                                                                                                                  0x004065ad
                                                                                                                                  0x004065c3
                                                                                                                                  0x004065c8
                                                                                                                                  0x00406600
                                                                                                                                  0x00406600
                                                                                                                                  0x00406604
                                                                                                                                  0x00406630
                                                                                                                                  0x00406632
                                                                                                                                  0x00406639
                                                                                                                                  0x0040663c
                                                                                                                                  0x0040663f
                                                                                                                                  0x0040663f
                                                                                                                                  0x00406644
                                                                                                                                  0x00406644
                                                                                                                                  0x00406646
                                                                                                                                  0x00406649
                                                                                                                                  0x00406650
                                                                                                                                  0x00406653
                                                                                                                                  0x00406680
                                                                                                                                  0x00406680
                                                                                                                                  0x00406683
                                                                                                                                  0x00406686
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x00000000
                                                                                                                                  0x004066fa
                                                                                                                                  0x00406688
                                                                                                                                  0x0040668e
                                                                                                                                  0x00406691
                                                                                                                                  0x00406694
                                                                                                                                  0x00406697
                                                                                                                                  0x0040669a
                                                                                                                                  0x0040669d
                                                                                                                                  0x004066a0
                                                                                                                                  0x004066a3
                                                                                                                                  0x004066a6
                                                                                                                                  0x004066a9
                                                                                                                                  0x004066c2
                                                                                                                                  0x004066c4
                                                                                                                                  0x004066c7
                                                                                                                                  0x004066c8
                                                                                                                                  0x004066cb
                                                                                                                                  0x004066cd
                                                                                                                                  0x004066d0
                                                                                                                                  0x004066d2
                                                                                                                                  0x004066d4
                                                                                                                                  0x004066d7
                                                                                                                                  0x004066d9
                                                                                                                                  0x004066dc
                                                                                                                                  0x004066e0
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e3
                                                                                                                                  0x004066e6
                                                                                                                                  0x004066e9
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066b3
                                                                                                                                  0x004066b8
                                                                                                                                  0x004066ba
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066ec
                                                                                                                                  0x004066f3
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x004066f3
                                                                                                                                  0x00406606
                                                                                                                                  0x00406609
                                                                                                                                  0x0040660b
                                                                                                                                  0x0040660e
                                                                                                                                  0x00406611
                                                                                                                                  0x00406614
                                                                                                                                  0x00406616
                                                                                                                                  0x00406619
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661f
                                                                                                                                  0x0040661f
                                                                                                                                  0x00406622
                                                                                                                                  0x00406629
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00406629
                                                                                                                                  0x004065af
                                                                                                                                  0x004065b2
                                                                                                                                  0x004065b4
                                                                                                                                  0x004065b7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406316
                                                                                                                                  0x00406316
                                                                                                                                  0x0040631a
                                                                                                                                  0x0040695f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040695f
                                                                                                                                  0x00406320
                                                                                                                                  0x00406323
                                                                                                                                  0x00406326
                                                                                                                                  0x00406329
                                                                                                                                  0x0040632c
                                                                                                                                  0x0040632f
                                                                                                                                  0x00406332
                                                                                                                                  0x00406334
                                                                                                                                  0x00406337
                                                                                                                                  0x0040633a
                                                                                                                                  0x0040633d
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a5
                                                                                                                                  0x0040696b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040696b
                                                                                                                                  0x004064ab
                                                                                                                                  0x004064ae
                                                                                                                                  0x004064b1
                                                                                                                                  0x004064b4
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b9
                                                                                                                                  0x004064bc
                                                                                                                                  0x004064bf
                                                                                                                                  0x004064c2
                                                                                                                                  0x004064c5
                                                                                                                                  0x004064c8
                                                                                                                                  0x004064c9
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064ce
                                                                                                                                  0x004064d1
                                                                                                                                  0x004064d4
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064da
                                                                                                                                  0x004064dc
                                                                                                                                  0x004064dc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x00406722
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406728
                                                                                                                                  0x0040672b
                                                                                                                                  0x0040672e
                                                                                                                                  0x00406731
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406736
                                                                                                                                  0x00406739
                                                                                                                                  0x0040673c
                                                                                                                                  0x0040673f
                                                                                                                                  0x00406742
                                                                                                                                  0x00406745
                                                                                                                                  0x00406746
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x0040674b
                                                                                                                                  0x0040674e
                                                                                                                                  0x00406751
                                                                                                                                  0x00406754
                                                                                                                                  0x00406757
                                                                                                                                  0x0040675b
                                                                                                                                  0x0040675d
                                                                                                                                  0x00406760
                                                                                                                                  0x00000000
                                                                                                                                  0x00406762
                                                                                                                                  0x004064df
                                                                                                                                  0x004064df
                                                                                                                                  0x00000000
                                                                                                                                  0x004064df
                                                                                                                                  0x00406760
                                                                                                                                  0x00406995
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4
                                                                                                                                  0x004069cc
                                                                                                                                  0x004069cc
                                                                                                                                  0x00000000
                                                                                                                                  0x004069cc
                                                                                                                                  0x00406819
                                                                                                                                  0x004067a0
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x004064f2

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                                                  • Instruction ID: 067b91939e33353516387f96afd3df60e22fb0a2a23546be1218d687de4ca84d
                                                                                                                                  • Opcode Fuzzy Hash: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                                                  • Instruction Fuzzy Hash: 14715371E00229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7799996DF54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0040643A Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                  			E0040643A() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                                  0x00000000
                                                                                                                                  0x0040643a
                                                                                                                                  0x0040643a
                                                                                                                                  0x0040643e
                                                                                                                                  0x00406467
                                                                                                                                  0x00406471
                                                                                                                                  0x00406440
                                                                                                                                  0x00406449
                                                                                                                                  0x00406456
                                                                                                                                  0x00406459
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a6
                                                                                                                                  0x004067ac
                                                                                                                                  0x004067b2
                                                                                                                                  0x004067cc
                                                                                                                                  0x004067cf
                                                                                                                                  0x004067d5
                                                                                                                                  0x004067e0
                                                                                                                                  0x004067e2
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067c3
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067ec
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004067ee
                                                                                                                                  0x004067f2
                                                                                                                                  0x004069a1
                                                                                                                                  0x004069b7
                                                                                                                                  0x004069bf
                                                                                                                                  0x004069c6
                                                                                                                                  0x004069c8
                                                                                                                                  0x004069cf
                                                                                                                                  0x004069d3
                                                                                                                                  0x004069d3
                                                                                                                                  0x004067fe
                                                                                                                                  0x00406805
                                                                                                                                  0x0040680d
                                                                                                                                  0x00406810
                                                                                                                                  0x00406813
                                                                                                                                  0x00406813
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fb5
                                                                                                                                  0x00405fbe
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fcf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fd8
                                                                                                                                  0x00405fdb
                                                                                                                                  0x00405fde
                                                                                                                                  0x00405fe2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fe8
                                                                                                                                  0x00405feb
                                                                                                                                  0x00405fed
                                                                                                                                  0x00405fee
                                                                                                                                  0x00405ff1
                                                                                                                                  0x00405ff3
                                                                                                                                  0x00405ff4
                                                                                                                                  0x00405ff6
                                                                                                                                  0x00405ff9
                                                                                                                                  0x00405ffe
                                                                                                                                  0x00406003
                                                                                                                                  0x0040600c
                                                                                                                                  0x0040601f
                                                                                                                                  0x00406022
                                                                                                                                  0x0040602e
                                                                                                                                  0x00406056
                                                                                                                                  0x00406058
                                                                                                                                  0x00406066
                                                                                                                                  0x00406066
                                                                                                                                  0x0040606a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605a
                                                                                                                                  0x0040605d
                                                                                                                                  0x0040605e
                                                                                                                                  0x0040605e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040605a
                                                                                                                                  0x00406034
                                                                                                                                  0x00406039
                                                                                                                                  0x00406039
                                                                                                                                  0x00406042
                                                                                                                                  0x0040604a
                                                                                                                                  0x0040604d
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406053
                                                                                                                                  0x00000000
                                                                                                                                  0x00406070
                                                                                                                                  0x00406070
                                                                                                                                  0x00406074
                                                                                                                                  0x00406920
                                                                                                                                  0x00000000
                                                                                                                                  0x00406920
                                                                                                                                  0x0040607d
                                                                                                                                  0x0040608d
                                                                                                                                  0x00406090
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406093
                                                                                                                                  0x00406096
                                                                                                                                  0x0040609a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040609c
                                                                                                                                  0x004060a2
                                                                                                                                  0x004060cc
                                                                                                                                  0x004060d2
                                                                                                                                  0x004060d9
                                                                                                                                  0x00000000
                                                                                                                                  0x004060d9
                                                                                                                                  0x004060a8
                                                                                                                                  0x004060ab
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060b0
                                                                                                                                  0x004060bb
                                                                                                                                  0x004060c3
                                                                                                                                  0x004060c6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040610b
                                                                                                                                  0x00406111
                                                                                                                                  0x00406114
                                                                                                                                  0x00406121
                                                                                                                                  0x00406129
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e0
                                                                                                                                  0x004060e4
                                                                                                                                  0x0040692f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040692f
                                                                                                                                  0x004060f0
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fb
                                                                                                                                  0x004060fe
                                                                                                                                  0x00406101
                                                                                                                                  0x00406104
                                                                                                                                  0x00406109
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a0
                                                                                                                                  0x004067a6
                                                                                                                                  0x004067ac
                                                                                                                                  0x004067b2
                                                                                                                                  0x004067cc
                                                                                                                                  0x004067cf
                                                                                                                                  0x004067d5
                                                                                                                                  0x004067e0
                                                                                                                                  0x004067e2
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067b4
                                                                                                                                  0x004067c3
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067c7
                                                                                                                                  0x004067ec
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406131
                                                                                                                                  0x00406133
                                                                                                                                  0x00406136
                                                                                                                                  0x004061a7
                                                                                                                                  0x004061aa
                                                                                                                                  0x004061ad
                                                                                                                                  0x004061b4
                                                                                                                                  0x004061be
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00406138
                                                                                                                                  0x0040613c
                                                                                                                                  0x0040613f
                                                                                                                                  0x00406141
                                                                                                                                  0x00406144
                                                                                                                                  0x00406147
                                                                                                                                  0x00406149
                                                                                                                                  0x0040614c
                                                                                                                                  0x0040614e
                                                                                                                                  0x00406153
                                                                                                                                  0x00406156
                                                                                                                                  0x00406159
                                                                                                                                  0x0040615d
                                                                                                                                  0x00406164
                                                                                                                                  0x00406167
                                                                                                                                  0x0040616e
                                                                                                                                  0x00406172
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x0040617a
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406174
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x00406169
                                                                                                                                  0x0040617e
                                                                                                                                  0x00406181
                                                                                                                                  0x0040619f
                                                                                                                                  0x004061a1
                                                                                                                                  0x00000000
                                                                                                                                  0x00406183
                                                                                                                                  0x00406183
                                                                                                                                  0x00406186
                                                                                                                                  0x00406189
                                                                                                                                  0x0040618c
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x0040618e
                                                                                                                                  0x00406191
                                                                                                                                  0x00406194
                                                                                                                                  0x00406196
                                                                                                                                  0x00406197
                                                                                                                                  0x0040619a
                                                                                                                                  0x00000000
                                                                                                                                  0x0040619a
                                                                                                                                  0x00000000
                                                                                                                                  0x004063d0
                                                                                                                                  0x004063d4
                                                                                                                                  0x004063f2
                                                                                                                                  0x004063f5
                                                                                                                                  0x004063fc
                                                                                                                                  0x004063ff
                                                                                                                                  0x00406402
                                                                                                                                  0x00406405
                                                                                                                                  0x00406408
                                                                                                                                  0x0040640b
                                                                                                                                  0x0040640d
                                                                                                                                  0x00406414
                                                                                                                                  0x00406415
                                                                                                                                  0x00406417
                                                                                                                                  0x0040641a
                                                                                                                                  0x0040641d
                                                                                                                                  0x00406420
                                                                                                                                  0x00406420
                                                                                                                                  0x00406425
                                                                                                                                  0x00000000
                                                                                                                                  0x00406425
                                                                                                                                  0x004063d6
                                                                                                                                  0x004063d9
                                                                                                                                  0x004063dc
                                                                                                                                  0x004063e6
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040647d
                                                                                                                                  0x00406481
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406487
                                                                                                                                  0x0040648b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406491
                                                                                                                                  0x00406493
                                                                                                                                  0x00406497
                                                                                                                                  0x00406497
                                                                                                                                  0x0040649a
                                                                                                                                  0x0040649e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004064ee
                                                                                                                                  0x004064f2
                                                                                                                                  0x004064f9
                                                                                                                                  0x004064fc
                                                                                                                                  0x004064ff
                                                                                                                                  0x00406509
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x004064f4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406515
                                                                                                                                  0x00406519
                                                                                                                                  0x00406520
                                                                                                                                  0x00406523
                                                                                                                                  0x00406526
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x0040651b
                                                                                                                                  0x00406529
                                                                                                                                  0x0040652c
                                                                                                                                  0x0040652f
                                                                                                                                  0x0040652f
                                                                                                                                  0x00406532
                                                                                                                                  0x00406535
                                                                                                                                  0x00406538
                                                                                                                                  0x00406538
                                                                                                                                  0x0040653b
                                                                                                                                  0x00406542
                                                                                                                                  0x00406547
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d5
                                                                                                                                  0x004065d9
                                                                                                                                  0x00406977
                                                                                                                                  0x00000000
                                                                                                                                  0x00406977
                                                                                                                                  0x004065df
                                                                                                                                  0x004065e2
                                                                                                                                  0x004065e5
                                                                                                                                  0x004065e9
                                                                                                                                  0x004065ec
                                                                                                                                  0x004065f2
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f4
                                                                                                                                  0x004065f7
                                                                                                                                  0x004065fa
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ca
                                                                                                                                  0x004061ce
                                                                                                                                  0x0040693b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040693b
                                                                                                                                  0x004061d4
                                                                                                                                  0x004061d7
                                                                                                                                  0x004061da
                                                                                                                                  0x004061de
                                                                                                                                  0x004061e1
                                                                                                                                  0x004061e7
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061e9
                                                                                                                                  0x004061ec
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061ef
                                                                                                                                  0x004061f2
                                                                                                                                  0x004061f5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004061fb
                                                                                                                                  0x00406201
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406207
                                                                                                                                  0x00406207
                                                                                                                                  0x0040620b
                                                                                                                                  0x0040620e
                                                                                                                                  0x00406211
                                                                                                                                  0x00406214
                                                                                                                                  0x00406217
                                                                                                                                  0x00406218
                                                                                                                                  0x0040621b
                                                                                                                                  0x0040621d
                                                                                                                                  0x00406223
                                                                                                                                  0x00406226
                                                                                                                                  0x00406229
                                                                                                                                  0x0040622c
                                                                                                                                  0x0040622f
                                                                                                                                  0x00406232
                                                                                                                                  0x00406235
                                                                                                                                  0x00406251
                                                                                                                                  0x00406254
                                                                                                                                  0x00406257
                                                                                                                                  0x0040625a
                                                                                                                                  0x00406261
                                                                                                                                  0x00406265
                                                                                                                                  0x00406267
                                                                                                                                  0x0040626b
                                                                                                                                  0x00406237
                                                                                                                                  0x00406237
                                                                                                                                  0x0040623b
                                                                                                                                  0x00406243
                                                                                                                                  0x00406248
                                                                                                                                  0x0040624a
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040624c
                                                                                                                                  0x0040626e
                                                                                                                                  0x00406275
                                                                                                                                  0x00406278
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x00000000
                                                                                                                                  0x0040627e
                                                                                                                                  0x00000000
                                                                                                                                  0x00406283
                                                                                                                                  0x00406283
                                                                                                                                  0x00406287
                                                                                                                                  0x00406947
                                                                                                                                  0x00000000
                                                                                                                                  0x00406947
                                                                                                                                  0x0040628d
                                                                                                                                  0x00406290
                                                                                                                                  0x00406293
                                                                                                                                  0x00406297
                                                                                                                                  0x0040629a
                                                                                                                                  0x004062a0
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a2
                                                                                                                                  0x004062a5
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062a8
                                                                                                                                  0x004062ae
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004062b0
                                                                                                                                  0x004062b3
                                                                                                                                  0x004062b6
                                                                                                                                  0x004062b9
                                                                                                                                  0x004062bc
                                                                                                                                  0x004062bf
                                                                                                                                  0x004062c2
                                                                                                                                  0x004062c5
                                                                                                                                  0x004062c8
                                                                                                                                  0x004062cb
                                                                                                                                  0x004062ce
                                                                                                                                  0x004062e6
                                                                                                                                  0x004062e9
                                                                                                                                  0x004062ec
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062ef
                                                                                                                                  0x004062f2
                                                                                                                                  0x004062f6
                                                                                                                                  0x004062f8
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d0
                                                                                                                                  0x004062d8
                                                                                                                                  0x004062dd
                                                                                                                                  0x004062df
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062e1
                                                                                                                                  0x004062fb
                                                                                                                                  0x00406302
                                                                                                                                  0x00406305
                                                                                                                                  0x00000000
                                                                                                                                  0x00406307
                                                                                                                                  0x00000000
                                                                                                                                  0x00406307
                                                                                                                                  0x00406305
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x0040630c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406347
                                                                                                                                  0x00406347
                                                                                                                                  0x0040634b
                                                                                                                                  0x00406953
                                                                                                                                  0x00000000
                                                                                                                                  0x00406953
                                                                                                                                  0x00406351
                                                                                                                                  0x00406354
                                                                                                                                  0x00406357
                                                                                                                                  0x0040635b
                                                                                                                                  0x0040635e
                                                                                                                                  0x00406364
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406366
                                                                                                                                  0x00406369
                                                                                                                                  0x0040636c
                                                                                                                                  0x0040636c
                                                                                                                                  0x00406372
                                                                                                                                  0x00406310
                                                                                                                                  0x00406310
                                                                                                                                  0x00406313
                                                                                                                                  0x00000000
                                                                                                                                  0x00406313
                                                                                                                                  0x00406374
                                                                                                                                  0x00406374
                                                                                                                                  0x00406377
                                                                                                                                  0x0040637a
                                                                                                                                  0x0040637d
                                                                                                                                  0x00406380
                                                                                                                                  0x00406383
                                                                                                                                  0x00406386
                                                                                                                                  0x00406389
                                                                                                                                  0x0040638c
                                                                                                                                  0x0040638f
                                                                                                                                  0x00406392
                                                                                                                                  0x004063aa
                                                                                                                                  0x004063ad
                                                                                                                                  0x004063b0
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b3
                                                                                                                                  0x004063b6
                                                                                                                                  0x004063ba
                                                                                                                                  0x004063bc
                                                                                                                                  0x00406394
                                                                                                                                  0x00406394
                                                                                                                                  0x0040639c
                                                                                                                                  0x004063a1
                                                                                                                                  0x004063a3
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063a5
                                                                                                                                  0x004063bf
                                                                                                                                  0x004063c6
                                                                                                                                  0x004063c9
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x00000000
                                                                                                                                  0x004063cb
                                                                                                                                  0x00000000
                                                                                                                                  0x00406658
                                                                                                                                  0x00406658
                                                                                                                                  0x0040665c
                                                                                                                                  0x00406983
                                                                                                                                  0x00000000
                                                                                                                                  0x00406983
                                                                                                                                  0x00406662
                                                                                                                                  0x00406665
                                                                                                                                  0x00406668
                                                                                                                                  0x0040666c
                                                                                                                                  0x0040666f
                                                                                                                                  0x00406675
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x00406677
                                                                                                                                  0x0040667a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406428
                                                                                                                                  0x00406428
                                                                                                                                  0x0040642b
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x00406767
                                                                                                                                  0x0040676b
                                                                                                                                  0x0040678d
                                                                                                                                  0x00406790
                                                                                                                                  0x0040679a
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x00000000
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040679d
                                                                                                                                  0x0040676d
                                                                                                                                  0x00406770
                                                                                                                                  0x00406774
                                                                                                                                  0x00406777
                                                                                                                                  0x00406777
                                                                                                                                  0x0040677a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406824
                                                                                                                                  0x00406828
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x00406846
                                                                                                                                  0x0040684d
                                                                                                                                  0x00406854
                                                                                                                                  0x0040685b
                                                                                                                                  0x0040685b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040685b
                                                                                                                                  0x0040682a
                                                                                                                                  0x0040682d
                                                                                                                                  0x00406830
                                                                                                                                  0x00406833
                                                                                                                                  0x0040683a
                                                                                                                                  0x0040677e
                                                                                                                                  0x0040677e
                                                                                                                                  0x00406781
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406915
                                                                                                                                  0x00406918
                                                                                                                                  0x00406819
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040654f
                                                                                                                                  0x00406551
                                                                                                                                  0x00406558
                                                                                                                                  0x00406559
                                                                                                                                  0x0040655b
                                                                                                                                  0x0040655e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406566
                                                                                                                                  0x00406569
                                                                                                                                  0x0040656c
                                                                                                                                  0x0040656e
                                                                                                                                  0x00406570
                                                                                                                                  0x00406570
                                                                                                                                  0x00406571
                                                                                                                                  0x00406574
                                                                                                                                  0x0040657b
                                                                                                                                  0x0040657e
                                                                                                                                  0x0040658c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406862
                                                                                                                                  0x00406862
                                                                                                                                  0x00406865
                                                                                                                                  0x0040686c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406871
                                                                                                                                  0x00406871
                                                                                                                                  0x00406875
                                                                                                                                  0x004069ad
                                                                                                                                  0x00000000
                                                                                                                                  0x004069ad
                                                                                                                                  0x0040687b
                                                                                                                                  0x0040687e
                                                                                                                                  0x00406881
                                                                                                                                  0x00406885
                                                                                                                                  0x00406888
                                                                                                                                  0x0040688e
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406890
                                                                                                                                  0x00406893
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406896
                                                                                                                                  0x00406899
                                                                                                                                  0x00406899
                                                                                                                                  0x0040689d
                                                                                                                                  0x004068fd
                                                                                                                                  0x00406900
                                                                                                                                  0x00406905
                                                                                                                                  0x00406906
                                                                                                                                  0x00406908
                                                                                                                                  0x0040690a
                                                                                                                                  0x0040690d
                                                                                                                                  0x00406819
                                                                                                                                  0x00406819
                                                                                                                                  0x00000000
                                                                                                                                  0x0040681f
                                                                                                                                  0x00406819
                                                                                                                                  0x0040689f
                                                                                                                                  0x004068a5
                                                                                                                                  0x004068a8
                                                                                                                                  0x004068ab
                                                                                                                                  0x004068ae
                                                                                                                                  0x004068b1
                                                                                                                                  0x004068b4
                                                                                                                                  0x004068b7
                                                                                                                                  0x004068ba
                                                                                                                                  0x004068bd
                                                                                                                                  0x004068c0
                                                                                                                                  0x004068d9
                                                                                                                                  0x004068dc
                                                                                                                                  0x004068df
                                                                                                                                  0x004068e2
                                                                                                                                  0x004068e6
                                                                                                                                  0x004068e8
                                                                                                                                  0x004068e8
                                                                                                                                  0x004068e9
                                                                                                                                  0x004068ec
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068c2
                                                                                                                                  0x004068ca
                                                                                                                                  0x004068cf
                                                                                                                                  0x004068d1
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068d4
                                                                                                                                  0x004068ef
                                                                                                                                  0x004068f6
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x00000000
                                                                                                                                  0x004068f8
                                                                                                                                  0x00000000
                                                                                                                                  0x00406594
                                                                                                                                  0x00406597
                                                                                                                                  0x004065cd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x004066fd
                                                                                                                                  0x00406700
                                                                                                                                  0x00406700
                                                                                                                                  0x00406703
                                                                                                                                  0x00406705
                                                                                                                                  0x0040698f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040698f
                                                                                                                                  0x0040670b
                                                                                                                                  0x0040670e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406714
                                                                                                                                  0x00406718
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x0040671b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671b
                                                                                                                                  0x00406599
                                                                                                                                  0x0040659b
                                                                                                                                  0x0040659d
                                                                                                                                  0x0040659f
                                                                                                                                  0x004065a2
                                                                                                                                  0x004065a3
                                                                                                                                  0x004065a5
                                                                                                                                  0x004065a7
                                                                                                                                  0x004065aa
                                                                                                                                  0x004065ad
                                                                                                                                  0x004065c3
                                                                                                                                  0x004065c8
                                                                                                                                  0x00406600
                                                                                                                                  0x00406600
                                                                                                                                  0x00406604
                                                                                                                                  0x00406630
                                                                                                                                  0x00406632
                                                                                                                                  0x00406639
                                                                                                                                  0x0040663c
                                                                                                                                  0x0040663f
                                                                                                                                  0x0040663f
                                                                                                                                  0x00406644
                                                                                                                                  0x00406644
                                                                                                                                  0x00406646
                                                                                                                                  0x00406649
                                                                                                                                  0x00406650
                                                                                                                                  0x00406653
                                                                                                                                  0x00406680
                                                                                                                                  0x00406680
                                                                                                                                  0x00406683
                                                                                                                                  0x00406686
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x004066fa
                                                                                                                                  0x00000000
                                                                                                                                  0x004066fa
                                                                                                                                  0x00406688
                                                                                                                                  0x0040668e
                                                                                                                                  0x00406691
                                                                                                                                  0x00406694
                                                                                                                                  0x00406697
                                                                                                                                  0x0040669a
                                                                                                                                  0x0040669d
                                                                                                                                  0x004066a0
                                                                                                                                  0x004066a3
                                                                                                                                  0x004066a6
                                                                                                                                  0x004066a9
                                                                                                                                  0x004066c2
                                                                                                                                  0x004066c4
                                                                                                                                  0x004066c7
                                                                                                                                  0x004066c8
                                                                                                                                  0x004066cb
                                                                                                                                  0x004066cd
                                                                                                                                  0x004066d0
                                                                                                                                  0x004066d2
                                                                                                                                  0x004066d4
                                                                                                                                  0x004066d7
                                                                                                                                  0x004066d9
                                                                                                                                  0x004066dc
                                                                                                                                  0x004066e0
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e2
                                                                                                                                  0x004066e3
                                                                                                                                  0x004066e6
                                                                                                                                  0x004066e9
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066ab
                                                                                                                                  0x004066b3
                                                                                                                                  0x004066b8
                                                                                                                                  0x004066ba
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066bd
                                                                                                                                  0x004066ec
                                                                                                                                  0x004066f3
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x0040667d
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x00000000
                                                                                                                                  0x004066f5
                                                                                                                                  0x004066f3
                                                                                                                                  0x00406606
                                                                                                                                  0x00406609
                                                                                                                                  0x0040660b
                                                                                                                                  0x0040660e
                                                                                                                                  0x00406611
                                                                                                                                  0x00406614
                                                                                                                                  0x00406616
                                                                                                                                  0x00406619
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661c
                                                                                                                                  0x0040661f
                                                                                                                                  0x0040661f
                                                                                                                                  0x00406622
                                                                                                                                  0x00406629
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x004065fd
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040662b
                                                                                                                                  0x00406629
                                                                                                                                  0x004065af
                                                                                                                                  0x004065b2
                                                                                                                                  0x004065b4
                                                                                                                                  0x004065b7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406316
                                                                                                                                  0x00406316
                                                                                                                                  0x0040631a
                                                                                                                                  0x0040695f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040695f
                                                                                                                                  0x00406320
                                                                                                                                  0x00406323
                                                                                                                                  0x00406326
                                                                                                                                  0x00406329
                                                                                                                                  0x0040632c
                                                                                                                                  0x0040632f
                                                                                                                                  0x00406332
                                                                                                                                  0x00406334
                                                                                                                                  0x00406337
                                                                                                                                  0x0040633a
                                                                                                                                  0x0040633d
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x0040633f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a1
                                                                                                                                  0x004064a5
                                                                                                                                  0x0040696b
                                                                                                                                  0x00000000
                                                                                                                                  0x0040696b
                                                                                                                                  0x004064ab
                                                                                                                                  0x004064ae
                                                                                                                                  0x004064b1
                                                                                                                                  0x004064b4
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b6
                                                                                                                                  0x004064b9
                                                                                                                                  0x004064bc
                                                                                                                                  0x004064bf
                                                                                                                                  0x004064c2
                                                                                                                                  0x004064c5
                                                                                                                                  0x004064c8
                                                                                                                                  0x004064c9
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064cb
                                                                                                                                  0x004064ce
                                                                                                                                  0x004064d1
                                                                                                                                  0x004064d4
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064d7
                                                                                                                                  0x004064da
                                                                                                                                  0x004064dc
                                                                                                                                  0x004064dc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x0040671e
                                                                                                                                  0x00406722
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00406728
                                                                                                                                  0x0040672b
                                                                                                                                  0x0040672e
                                                                                                                                  0x00406731
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406733
                                                                                                                                  0x00406736
                                                                                                                                  0x00406739
                                                                                                                                  0x0040673c
                                                                                                                                  0x0040673f
                                                                                                                                  0x00406742
                                                                                                                                  0x00406745
                                                                                                                                  0x00406746
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x00406748
                                                                                                                                  0x0040674b
                                                                                                                                  0x0040674e
                                                                                                                                  0x00406751
                                                                                                                                  0x00406754
                                                                                                                                  0x00406757
                                                                                                                                  0x0040675b
                                                                                                                                  0x0040675d
                                                                                                                                  0x00406760
                                                                                                                                  0x00000000
                                                                                                                                  0x00406762
                                                                                                                                  0x004064df
                                                                                                                                  0x004064df
                                                                                                                                  0x00000000
                                                                                                                                  0x004064df
                                                                                                                                  0x00406760
                                                                                                                                  0x00406995
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405fc4
                                                                                                                                  0x004069cc
                                                                                                                                  0x004069cc
                                                                                                                                  0x00000000
                                                                                                                                  0x004069cc
                                                                                                                                  0x00406819
                                                                                                                                  0x004067a0
                                                                                                                                  0x0040679d

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                                                  • Instruction ID: fa01dbb36adddbb747bc37ce8d7c8691094d52a97b4972d7f98645f49a39bfe1
                                                                                                                                  • Opcode Fuzzy Hash: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                                                  • Instruction Fuzzy Hash: B3715671D00229CBEF28CF98C844BADBBB1FF44305F11816AD856BB281C7795A56DF54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00401B06 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 59%
                                                                                                                                  			E00401B06(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x1c));
				_t30 =  *0x40af70; // 0x6ffd80
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E00405B88(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x24)));
						_t11 =  *0x40af70; // 0x6ffd80
						 *_t34 = _t11;
						 *0x40af70 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x6ffd84
							E00405B66(_t33, _t2);
							_push(_t30);
							 *0x40af70 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E00405B66(0x409b70, _t30 + 4);
								_t21 =  *0x40af70; // 0x6ffd80
								E00405B66(_t32, _t21 + 4);
								_t24 =  *0x40af70; // 0x6ffd80
								_push(0x409b70);
								_push(_t24 + 4);
								E00405B66();
								L15:
								 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00405B88(_t27, _t30, _t33, _t27, 0xffffffe8));
					E00405427();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                                                                                                                  0x00401b06
                                                                                                                                  0x00401b06
                                                                                                                                  0x00401b09
                                                                                                                                  0x00401b11
                                                                                                                                  0x00401b59
                                                                                                                                  0x00401b87
                                                                                                                                  0x00401b90
                                                                                                                                  0x00401b92
                                                                                                                                  0x00401b96
                                                                                                                                  0x00401b9b
                                                                                                                                  0x00401ba0
                                                                                                                                  0x00401ba2
                                                                                                                                  0x00401b5b
                                                                                                                                  0x00401b5d
                                                                                                                                  0x0040265c
                                                                                                                                  0x00401b63
                                                                                                                                  0x00401b63
                                                                                                                                  0x00401b68
                                                                                                                                  0x00401b6f
                                                                                                                                  0x00401b70
                                                                                                                                  0x00401b75
                                                                                                                                  0x00401b75
                                                                                                                                  0x00401b5d
                                                                                                                                  0x00000000
                                                                                                                                  0x00401b13
                                                                                                                                  0x00401b13
                                                                                                                                  0x00401b13
                                                                                                                                  0x00401b16
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00401b1c
                                                                                                                                  0x00401b20
                                                                                                                                  0x00000000
                                                                                                                                  0x00401b22
                                                                                                                                  0x00401b24
                                                                                                                                  0x00000000
                                                                                                                                  0x00401b2a
                                                                                                                                  0x00401b2a
                                                                                                                                  0x00401b34
                                                                                                                                  0x00401b39
                                                                                                                                  0x00401b43
                                                                                                                                  0x00401b48
                                                                                                                                  0x00401b4d
                                                                                                                                  0x00401b51
                                                                                                                                  0x004027b1
                                                                                                                                  0x0040288b
                                                                                                                                  0x0040288e
                                                                                                                                  0x00402894
                                                                                                                                  0x00402894
                                                                                                                                  0x00401b24
                                                                                                                                  0x00000000
                                                                                                                                  0x00401b20
                                                                                                                                  0x004021fb
                                                                                                                                  0x00402208
                                                                                                                                  0x00402209
                                                                                                                                  0x0040220e
                                                                                                                                  0x0040220e
                                                                                                                                  0x00402896
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                  • GlobalFree.KERNEL32 ref: 00401B75
                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401B87
                                                                                                                                  Strings
                                                                                                                                  • "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx", xrefs: 00401B2D, 00401B33, 00401B4D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFree
                                                                                                                                  • String ID: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx"
                                                                                                                                  • API String ID: 3394109436-3909523928
                                                                                                                                  • Opcode ID: 5747e91741e3fb9927a96d57e63499978fea871437ab26d6890173ae8e86a1be
                                                                                                                                  • Instruction ID: f6df762d61d54559a5bd4bb911f236f7c2d089bf7a2c1af573ad77b5def0dbe6
                                                                                                                                  • Opcode Fuzzy Hash: 5747e91741e3fb9927a96d57e63499978fea871437ab26d6890173ae8e86a1be
                                                                                                                                  • Instruction Fuzzy Hash: 9F2181B2A006169BC710AFA4DE85D5E73B4EB44318724463BF502F32D0DB7CB9129B5E
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C7751 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateThread.KERNEL32 ref: 032C779A
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,032AC83C,00000000,00000000,032AC6E0,00000000,00000000,00000000), ref: 032C77A6
                                                                                                                                  • __dosmaperr.LIBCMT ref: 032C77AD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2744730728-0
                                                                                                                                  • Opcode ID: d0231b3795d4002abc847cdb8ba5eb367f1fa36a45ef133cb919dc96435aae64
                                                                                                                                  • Instruction ID: 0f4d811f7d766b156ee40ac9f16e1526113b7a8a3f18d47aa91ab3d8ac69f1d3
                                                                                                                                  • Opcode Fuzzy Hash: d0231b3795d4002abc847cdb8ba5eb367f1fa36a45ef133cb919dc96435aae64
                                                                                                                                  • Instruction Fuzzy Hash: 4E01803653025EAFDF15EFA8DC04AEE7B69EF04351F10425DF80196150EBB199A0CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00401E1B Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 82%
                                                                                                                                  			E00401E1B() {
				void* _t15;
				void* _t24;
				void* _t26;
				void* _t31;

				_t28 = E004029F6(_t24);
				E00404F04(0xffffffeb, _t13); // executed
				_t15 = E004053C6(_t28); // executed
				 *(_t31 + 8) = _t15;
				if(_t15 == _t24) {
					 *((intOrPtr*)(_t31 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t31 - 0x1c)) != _t24) {
						while(WaitForSingleObject( *(_t31 + 8), 0x64) == 0x102) {
							E00405EC1(0xf);
						}
						GetExitCodeProcess( *(_t31 + 8), _t31 - 8); // executed
						if( *((intOrPtr*)(_t31 - 0x20)) < _t24) {
							if( *(_t31 - 8) != _t24) {
								 *((intOrPtr*)(_t31 - 4)) = 1;
							}
						} else {
							E00405AC4(_t26,  *(_t31 - 8));
						}
					}
					_push( *(_t31 + 8));
					FindCloseChangeNotification(); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t31 - 4));
				return 0;
			}







                                                                                                                                  0x00401e21
                                                                                                                                  0x00401e26
                                                                                                                                  0x00401e2c
                                                                                                                                  0x00401e33
                                                                                                                                  0x00401e36
                                                                                                                                  0x0040265c
                                                                                                                                  0x00401e3c
                                                                                                                                  0x00401e3f
                                                                                                                                  0x00401e50
                                                                                                                                  0x00401e4b
                                                                                                                                  0x00401e4b
                                                                                                                                  0x00401e65
                                                                                                                                  0x00401e6e
                                                                                                                                  0x00401e7e
                                                                                                                                  0x00401e80
                                                                                                                                  0x00401e80
                                                                                                                                  0x00401e70
                                                                                                                                  0x00401e74
                                                                                                                                  0x00401e74
                                                                                                                                  0x00401e6e
                                                                                                                                  0x00401e87
                                                                                                                                  0x00401e8a
                                                                                                                                  0x00401e8a
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00404F04: lstrlenA.KERNEL32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                    • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                    • Part of subcall function 00404F04: lstrcatA.KERNEL32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00402C4A,00402C4A,Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",00000000,00000000,00000000), ref: 00404F60
                                                                                                                                    • Part of subcall function 00404F04: SetWindowTextA.USER32(Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx",Execute: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx"), ref: 00404F72
                                                                                                                                    • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404F98
                                                                                                                                    • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FB2
                                                                                                                                    • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FC0
                                                                                                                                    • Part of subcall function 004053C6: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                                                                                                                    • Part of subcall function 004053C6: CloseHandle.KERNEL32(?), ref: 004053F8
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E55
                                                                                                                                  • GetExitCodeProcess.KERNELBASE ref: 00401E65
                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?,00000000,000000EB,00000000), ref: 00401E8A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcat
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3954718778-0
                                                                                                                                  • Opcode ID: 45ab694d93d3c8083ca874a04595ab13abe68012b6660c3dff7b3237667625b0
                                                                                                                                  • Instruction ID: 355628b0c836e6669011c6779fae97b23835f6d082b04fdd633ca662238f37b1
                                                                                                                                  • Opcode Fuzzy Hash: 45ab694d93d3c8083ca874a04595ab13abe68012b6660c3dff7b3237667625b0
                                                                                                                                  • Instruction Fuzzy Hash: 19019271D04215EBCF11AF91CD8599E7A75EB40358F20403BFA05B51E1C3794A82DBDE
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00405A4D Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E00405A4D(void* _a4, int _a8, char* _a12, int _a16, void* _a20) {
				long _t20;
				long _t23;
				long _t24;
				char* _t26;

				asm("sbb eax, eax");
				_t26 = _a16;
				 *_t26 = 0;
				_t20 = RegOpenKeyExA(_a4, _a8, 0,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				if(_t20 == 0) {
					_a8 = 0x400;
					_t23 = RegQueryValueExA(_a20, _a12, 0,  &_a16, _t26,  &_a8); // executed
					if(_t23 != 0 || _a16 != 1 && _a16 != 2) {
						 *_t26 = 0;
					}
					_t26[0x3ff] = 0;
					_t24 = RegCloseKey(_a20); // executed
					return _t24;
				}
				return _t20;
			}







                                                                                                                                  0x00405a5d
                                                                                                                                  0x00405a5f
                                                                                                                                  0x00405a6c
                                                                                                                                  0x00405a76
                                                                                                                                  0x00405a7e
                                                                                                                                  0x00405a83
                                                                                                                                  0x00405a97
                                                                                                                                  0x00405a9f
                                                                                                                                  0x00405aad
                                                                                                                                  0x00405aad
                                                                                                                                  0x00405ab2
                                                                                                                                  0x00405ab8
                                                                                                                                  0x00000000
                                                                                                                                  0x00405ab8
                                                                                                                                  0x00405ac1

                                                                                                                                  APIs
                                                                                                                                  • RegOpenKeyExA.KERNELBASE(80000002,00405C89,00000000,00000002,?,00000002,002870A1,?,00405C89,80000002,Software\Microsoft\Windows\CurrentVersion,002870A1,Execute: ,006AAF79), ref: 00405A76
                                                                                                                                  • RegQueryValueExA.KERNELBASE(002870A1,?,00000000,00405C89,002870A1,00405C89), ref: 00405A97
                                                                                                                                  • RegCloseKey.KERNELBASE(?), ref: 00405AB8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3677997916-0
                                                                                                                                  • Opcode ID: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                                                                                                                                  • Instruction ID: 1f5187eb0d206272966296eac295dca0b6851c7ebc3b2299c22a00064415c0d3
                                                                                                                                  • Opcode Fuzzy Hash: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                                                                                                                                  • Instruction Fuzzy Hash: 5E01487114020AEFDB128F64EC84AEB3FACEF14394F004526F945E6120D335D964DFA5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00402427 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                  			E00402427(int* __ebx, char* __esi) {
				int _t8;
				long _t11;
				int* _t14;
				void* _t18;
				char* _t20;
				void* _t22;
				void* _t25;

				_t20 = __esi;
				_t14 = __ebx;
				_t18 = E00402B00(_t25, 0x20019);
				_t8 = E004029D9(3);
				 *__esi = __ebx;
				if(_t18 == __ebx) {
					L7:
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					 *(_t22 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t22 - 0x14)) == __ebx) {
						_t11 = RegEnumValueA(_t18, _t8, __esi, _t22 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t11;
						if(_t11 != 0) {
							goto L7;
						} else {
							goto L4;
						}
					} else {
						RegEnumKeyA(_t18, _t8, __esi, 0x3ff);
						L4:
						_t20[0x3ff] = _t14;
						_push(_t18); // executed
						RegCloseKey(); // executed
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}










                                                                                                                                  0x00402427
                                                                                                                                  0x00402427
                                                                                                                                  0x00402433
                                                                                                                                  0x00402435
                                                                                                                                  0x0040243c
                                                                                                                                  0x0040243e
                                                                                                                                  0x0040265c
                                                                                                                                  0x0040265c
                                                                                                                                  0x00402444
                                                                                                                                  0x0040244c
                                                                                                                                  0x0040244f
                                                                                                                                  0x00402468
                                                                                                                                  0x0040246e
                                                                                                                                  0x00402470
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402451
                                                                                                                                  0x00402455
                                                                                                                                  0x00402476
                                                                                                                                  0x00402476
                                                                                                                                  0x0040247c
                                                                                                                                  0x0040247d
                                                                                                                                  0x0040247d
                                                                                                                                  0x0040244f
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00402B00: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                  • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402455
                                                                                                                                  • RegEnumValueA.ADVAPI32 ref: 00402468
                                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,0040A370,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Enum$CloseOpenValue
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 167947723-0
                                                                                                                                  • Opcode ID: 6a21badf5a871955e3ace1afb9f593eb2e60632fa136461b3b888f04c3496c79
                                                                                                                                  • Instruction ID: ca0bea074700aed3f6d5cd19b6a76ded14fd7da9354d4d4a85815760a07b6232
                                                                                                                                  • Opcode Fuzzy Hash: 6a21badf5a871955e3ace1afb9f593eb2e60632fa136461b3b888f04c3496c79
                                                                                                                                  • Instruction Fuzzy Hash: 31F0A271A04201EFE715AF659E88EBB7A6CDB40398F10443FF406A61C0D6B85D42967A
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A1C40 Relevance: 4.5, APIs: 3, Instructions: 35synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(?,00000001,00000000,?,032ABDD4,Global\CBIOS_MUTEX_SHARED_MEM,00000000,032F0808,00000000,00000080,76D86490), ref: 032A1C4D
                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000,?,032ABDD4,Global\CBIOS_MUTEX_SHARED_MEM,00000000,032F0808,00000000,00000080,76D86490), ref: 032A1C60
                                                                                                                                  • CreateMutexA.KERNELBASE ref: 032A1C8D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DescriptorSecurity$CreateDaclInitializeMutex
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3525989157-0
                                                                                                                                  • Opcode ID: 9f2a2f73e7554cc749de7dda5cacb599f9162c1ff8da2b0f59b160abeccf8210
                                                                                                                                  • Instruction ID: 6e058316f813081f4a2776286d52420d6f61e963894e93f82ae9744f997463d0
                                                                                                                                  • Opcode Fuzzy Hash: 9f2a2f73e7554cc749de7dda5cacb599f9162c1ff8da2b0f59b160abeccf8210
                                                                                                                                  • Instruction Fuzzy Hash: 27F06D71604321AFD314DF55E888AABBBE8EF88760F44890CF15882144E370D258CBE3
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C76A8 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032CA548: GetLastError.KERNEL32(76D81D30,032B2244,?,032C94CB,032C9F77,00000000,?,032BD9B8,032B2244,?,032B2244,00010000), ref: 032CA54D
                                                                                                                                    • Part of subcall function 032CA548: SetLastError.KERNEL32(00000000,00000008,000000FF,?,032BD9B8,032B2244,?,032B2244,00010000), ref: 032CA5EB
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 032C76D9
                                                                                                                                  • FreeLibraryAndExitThread.KERNEL32(?,?), ref: 032C76EF
                                                                                                                                  • ExitThread.KERNEL32 ref: 032C76F8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1991824761-0
                                                                                                                                  • Opcode ID: b8056488dbf2258535a200f4040ff3449518e7a9bdacbeb48d8311bb60b23c76
                                                                                                                                  • Instruction ID: 03804c9fc274dff38c352188cdd2c542969356f3c57aa75d94adcc49ebf08b88
                                                                                                                                  • Opcode Fuzzy Hash: b8056488dbf2258535a200f4040ff3449518e7a9bdacbeb48d8311bb60b23c76
                                                                                                                                  • Instruction Fuzzy Hash: DFF082304306A26FDB21EA3DC80CB5ABBA86F01764B2C8718F834D61A1DB31DCD1CE50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00402267 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00402267(char __ebx) {
				CHAR* _t8;
				CHAR* _t10;
				CHAR* _t20;
				void* _t22;
				void* _t25;

				 *(_t22 + 8) = 0x7e4e21;
				_t8 = E004029F6(1);
				 *(_t22 - 0x30) = E004029F6(0x12);
				_t10 = E004029F6(0xffffffdd);
				_t3 = _t22 + 8; // 0x7e4e21
				GetPrivateProfileStringA(_t8,  *(_t22 - 0x30), _t3, _t20, 0x3ff, _t10); // executed
				_t25 =  *_t20 -  *(_t22 + 8);
				if(_t25 == 0) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
					 *_t20 = __ebx;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}








                                                                                                                                  0x00402269
                                                                                                                                  0x00402270
                                                                                                                                  0x00402280
                                                                                                                                  0x00402283
                                                                                                                                  0x0040228e
                                                                                                                                  0x00402297
                                                                                                                                  0x0040229f
                                                                                                                                  0x00401716
                                                                                                                                  0x00402630
                                                                                                                                  0x00402637
                                                                                                                                  0x00402637
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                  • GetPrivateProfileStringA.KERNEL32(00000000,?,!N~,?,000003FF,00000000), ref: 00402297
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: PrivateProfileString
                                                                                                                                  • String ID: !N~
                                                                                                                                  • API String ID: 1096422788-529124213
                                                                                                                                  • Opcode ID: 83959307df37686c86d75e4de7286cd2fa4b3ebc5ce89ae33a3a58613c6f73fc
                                                                                                                                  • Instruction ID: 21cd7503a9a85725414fd2f210def48a3ed87e9b9f52c0cacc02f36f79452d1c
                                                                                                                                  • Opcode Fuzzy Hash: 83959307df37686c86d75e4de7286cd2fa4b3ebc5ce89ae33a3a58613c6f73fc
                                                                                                                                  • Instruction Fuzzy Hash: E4E04F71900208BBDB50AFA1CD49DAE3AA8BF043C4F100129FA10AB1C1DBB89541AB55
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00403EF1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00403EF1(int _a4) {
				long _t3;

				if(_a4 == 0x78) {
					 *0x42366c =  *0x42366c + 1;
				}
				_t3 = SendMessageA( *0x423ea8, 0x408, _a4, 0); // executed
				return _t3;
			}




                                                                                                                                  0x00403ef6
                                                                                                                                  0x00403ef8
                                                                                                                                  0x00403ef8
                                                                                                                                  0x00403f0f
                                                                                                                                  0x00403f15

                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID: x
                                                                                                                                  • API String ID: 3850602802-2363233923
                                                                                                                                  • Opcode ID: 46d605fedc9b17ed3aa99e624faff798016ffe450984ce7ce2feb54509c3447d
                                                                                                                                  • Instruction ID: 0a00224ba8322c10e7c5ad3fa7d0cdf23506fb3b21bf1cf3cfca3f20ccc8a775
                                                                                                                                  • Opcode Fuzzy Hash: 46d605fedc9b17ed3aa99e624faff798016ffe450984ce7ce2feb54509c3447d
                                                                                                                                  • Instruction Fuzzy Hash: 29C012B2688200BECB205F12DE01F06BA31E7A0703F109039F344200B4C2B86622EB0D
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C13A6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031C13A6(CHAR* _a4) {
				long _t2;

				"All Files|*.*" = "All Files|*.*" & 0x00000000;
				_t2 = GetPrivateProfileStringA( *0x31c67b4, _a4, 0x31c6810, "All Files|*.*", 0x2000,  *0x31c67e0); // executed
				return _t2;
			}




                                                                                                                                  0x031c13ac
                                                                                                                                  0x031c13cc
                                                                                                                                  0x031c13d2

                                                                                                                                  APIs
                                                                                                                                  • GetPrivateProfileStringA.KERNEL32(031C13DE,031C6810,All Files|*.*,00002000,031C13DE,?), ref: 031C13CC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748522491.00000000031C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 031C0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748395968.00000000031C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748634965.00000000031C3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748656419.00000000031C4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748694802.00000000031C6000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748715226.00000000031C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_31c0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: PrivateProfileString
                                                                                                                                  • String ID: All Files|*.*
                                                                                                                                  • API String ID: 1096422788-1532680088
                                                                                                                                  • Opcode ID: 3c9822046e12123eca2438f0d60bae7e5801fb46be49fd9f9f0e527b681e48fd
                                                                                                                                  • Instruction ID: af3197b943baad3e7675d9a5831e94d92606b25768fae1908f6428384eb8def5
                                                                                                                                  • Opcode Fuzzy Hash: 3c9822046e12123eca2438f0d60bae7e5801fb46be49fd9f9f0e527b681e48fd
                                                                                                                                  • Instruction Fuzzy Hash: 61C01235178350AFDA17EB00AD1AF047E23B76CB01F154814B1502105EC7A510B4D629
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A7300 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 86sleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Sleep.KERNELBASE(00000032), ref: 032A7428
                                                                                                                                  Strings
                                                                                                                                  • Global\CBIOS_NOTIFY_THREAD_MUTEX, xrefs: 032A7330
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Sleep
                                                                                                                                  • String ID: Global\CBIOS_NOTIFY_THREAD_MUTEX
                                                                                                                                  • API String ID: 3472027048-4251201473
                                                                                                                                  • Opcode ID: 4149cd7cf68b826781b69fe31dc3cc6d5f983f930e751e04902944fb0ce401f3
                                                                                                                                  • Instruction ID: bb9f250105f33207147bedf34e0eee03cb4526062a1941627563e45cd6fa7712
                                                                                                                                  • Opcode Fuzzy Hash: 4149cd7cf68b826781b69fe31dc3cc6d5f983f930e751e04902944fb0ce401f3
                                                                                                                                  • Instruction Fuzzy Hash: D331B439B38B028FC724EB5CF88461EB3A9FB40368F15C529DD458B245D770E8D18B89
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C77D6 Relevance: 3.1, APIs: 2, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032C76A8: CloseHandle.KERNEL32(?), ref: 032C76D9
                                                                                                                                    • Part of subcall function 032C76A8: FreeLibraryAndExitThread.KERNEL32(?,?), ref: 032C76EF
                                                                                                                                    • Part of subcall function 032C76A8: ExitThread.KERNEL32 ref: 032C76F8
                                                                                                                                  • _free.LIBCMT ref: 032C7812
                                                                                                                                  • _free.LIBCMT ref: 032C7838
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExitThread_free$CloseFreeHandleLibrary
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3637633525-0
                                                                                                                                  • Opcode ID: d2846b817dfab8ff9106991a062ff9d2f7df17a8af32d32a0762530858db7c52
                                                                                                                                  • Instruction ID: 0edfe769ef4c6b1f162ee6cc0e8128d226e36d8d14668d8cc08c92e5f0ea9145
                                                                                                                                  • Opcode Fuzzy Hash: d2846b817dfab8ff9106991a062ff9d2f7df17a8af32d32a0762530858db7c52
                                                                                                                                  • Instruction Fuzzy Hash: 2021AE35A313525ED724EA2DBC49B453799FB41770F18872AE6648B2C4D3B4D8C28A80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 004023AF Relevance: 3.1, APIs: 2, Instructions: 57registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                  			E004023AF(int* __ebx, char* __esi) {
				void* _t18;
				char* _t19;
				long _t22;
				void* _t35;
				void* _t39;
				void* _t42;

				_t37 = __esi;
				_t29 = __ebx;
				_t18 = E00402B00(_t42, 0x20019); // executed
				_t35 = _t18;
				_t19 = E004029F6(0x33);
				 *__esi = __ebx;
				if(_t35 == __ebx) {
					 *(_t39 - 4) = 1;
				} else {
					 *(_t39 - 8) = 0x3ff;
					_t22 = RegQueryValueExA(_t35, _t19, __ebx, _t39 + 8, __esi, _t39 - 8); // executed
					if(_t22 != 0) {
						L7:
						 *_t37 = _t29;
						 *(_t39 - 4) = 1;
					} else {
						if( *(_t39 + 8) == 4) {
							__eflags =  *(_t39 - 0x14) - __ebx;
							 *(_t39 - 4) = 0 |  *(_t39 - 0x14) == __ebx;
							E00405AC4(__esi,  *__esi);
						} else {
							if( *(_t39 + 8) == 1 ||  *(_t39 + 8) == 2) {
								 *(_t39 - 4) =  *(_t39 - 0x14);
								_t37[ *(_t39 - 8)] = _t29;
							} else {
								goto L7;
							}
						}
					}
					_push(_t35); // executed
					RegCloseKey(); // executed
				}
				 *0x423f28 =  *0x423f28 +  *(_t39 - 4);
				return 0;
			}









                                                                                                                                  0x004023af
                                                                                                                                  0x004023af
                                                                                                                                  0x004023b4
                                                                                                                                  0x004023bb
                                                                                                                                  0x004023bd
                                                                                                                                  0x004023c4
                                                                                                                                  0x004023c6
                                                                                                                                  0x0040265c
                                                                                                                                  0x004023cc
                                                                                                                                  0x004023cf
                                                                                                                                  0x004023df
                                                                                                                                  0x004023ea
                                                                                                                                  0x00402420
                                                                                                                                  0x00402420
                                                                                                                                  0x00402422
                                                                                                                                  0x004023ec
                                                                                                                                  0x004023f0
                                                                                                                                  0x0040240f
                                                                                                                                  0x00402416
                                                                                                                                  0x00402419
                                                                                                                                  0x004023f2
                                                                                                                                  0x004023f5
                                                                                                                                  0x00402400
                                                                                                                                  0x00402406
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004023f5
                                                                                                                                  0x004023f0
                                                                                                                                  0x0040247c
                                                                                                                                  0x0040247d
                                                                                                                                  0x0040247d
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00402B00: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                  • RegQueryValueExA.KERNELBASE(00000000,00000000,?,000003FF,?,?,?,?,00000033), ref: 004023DF
                                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,0040A370,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3677997916-0
                                                                                                                                  • Opcode ID: eab15ab1fb9436d0461565b65d9f839641e6776e667b8b400d8ef67e93707a70
                                                                                                                                  • Instruction ID: 12193c1ceb89264442681d64ce78cd47003ed4e83c7ffe784dc41c43057f06db
                                                                                                                                  • Opcode Fuzzy Hash: eab15ab1fb9436d0461565b65d9f839641e6776e667b8b400d8ef67e93707a70
                                                                                                                                  • Instruction Fuzzy Hash: C111E371900205EFDB15DF64CA889AF7BB4EF14348F20807FE442B72C1D2B88A45EB5A
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0040573A Relevance: 3.0, APIs: 2, Instructions: 46stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 53%
                                                                                                                                  			E0040573A(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405B66(0x4218a8, _a4);
				_t21 = E004056ED(0x4218a8);
				if(_t21 != 0) {
					E00405DC8(_t21);
					if(( *0x423eb8 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x4218a8;
						while(1) {
							_t11 = lstrlenA(0x4218a8);
							_push(0x4218a8);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405E61();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E004056A0(0x4218a8);
								continue;
							} else {
								goto L1;
							}
						}
						E00405659();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                                  0x00405746
                                                                                                                                  0x00405751
                                                                                                                                  0x00405755
                                                                                                                                  0x0040575c
                                                                                                                                  0x00405768
                                                                                                                                  0x00405774
                                                                                                                                  0x00405774
                                                                                                                                  0x0040578c
                                                                                                                                  0x0040578d
                                                                                                                                  0x00405794
                                                                                                                                  0x00405795
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405778
                                                                                                                                  0x0040577f
                                                                                                                                  0x00405787
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040577f
                                                                                                                                  0x00405797
                                                                                                                                  0x0040579d
                                                                                                                                  0x00000000
                                                                                                                                  0x004057ab
                                                                                                                                  0x0040576a
                                                                                                                                  0x0040576e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040576e
                                                                                                                                  0x00405757
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,ibaAnalyzer v7.3.6 (x64) Setup,NSIS Error), ref: 00405B73
                                                                                                                                    • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,004218A8,00000000,00405751,004218A8,004218A8,?,?,76DDF560,0040549F,?,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,76DDF560), ref: 004056FB
                                                                                                                                    • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                                                                                                                    • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                                                                                                                  • lstrlenA.KERNEL32(004218A8,00000000,004218A8,004218A8,?,?,76DDF560,0040549F,?,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,76DDF560), ref: 0040578D
                                                                                                                                  • GetFileAttributesA.KERNELBASE(004218A8,004218A8,004218A8,004218A8,004218A8,004218A8,00000000,004218A8,004218A8,?,?,76DDF560,0040549F,?,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,76DDF560), ref: 0040579D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3248276644-0
                                                                                                                                  • Opcode ID: 716f681fdc2f335f171507b78212e4fdddf35da2e6b413ee0daba6d976a18fc7
                                                                                                                                  • Instruction ID: 7155b9e5202267c574e320c9449d9087b3e4f671a0d42f3ce7b213b6d11f415d
                                                                                                                                  • Opcode Fuzzy Hash: 716f681fdc2f335f171507b78212e4fdddf35da2e6b413ee0daba6d976a18fc7
                                                                                                                                  • Instruction Fuzzy Hash: A1F0F425104D509AC72636395C09EAF1A55CE833A4F48053FF894B32D1CB3C8943EDAE
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C75F3 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(032E9430,0000000C), ref: 032C7606
                                                                                                                                  • ExitThread.KERNEL32 ref: 032C760D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorExitLastThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1611280651-0
                                                                                                                                  • Opcode ID: 286adedea50c73d0049daa8091f8a8fdfe1743b267036a46664b1fc97fd15a8f
                                                                                                                                  • Instruction ID: e0760fdb09016ed928f3a71c0d59380529959140c677db957b1217b031cda330
                                                                                                                                  • Opcode Fuzzy Hash: 286adedea50c73d0049daa8091f8a8fdfe1743b267036a46664b1fc97fd15a8f
                                                                                                                                  • Instruction Fuzzy Hash: 55F0AF79930345AFDB00FB74E809A6E7B74EF40700F24428DE4129B251CBB4A990CFA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00402866 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00402866(signed int __eax) {
				RECT* _t10;
				void* _t16;

				SendMessageA( *(_t16 - 0x34), 0xb,  *0x4214a0 & __eax, _t10); // executed
				if( *((intOrPtr*)(_t16 - 0x24)) != _t10) {
					InvalidateRect( *(_t16 - 0x34), _t10, _t10);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}





                                                                                                                                  0x00402875
                                                                                                                                  0x0040287e
                                                                                                                                  0x00402885
                                                                                                                                  0x00402885
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InvalidateMessageRectSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 909852535-0
                                                                                                                                  • Opcode ID: 46d6f11c940701ec0eb3576edbaf6f76ecda1d887e6a847d8cdde8d99bec7f9f
                                                                                                                                  • Instruction ID: bcd717e7596d016e205178ba64243b8d7c77eee19d70b8784ae4534d65a4b435
                                                                                                                                  • Opcode Fuzzy Hash: 46d6f11c940701ec0eb3576edbaf6f76ecda1d887e6a847d8cdde8d99bec7f9f
                                                                                                                                  • Instruction Fuzzy Hash: 2AE08C72B00104FFDB10DF94FE959AE77BAEB44359B10007AF201F10A0D2341D00CA28
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00401D95 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DAB
                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 00401DB6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$EnableShow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1136574915-0
                                                                                                                                  • Opcode ID: 01184a99a098fa4f7b5ffd0caf4b96e4eb64a91bfbc6cfc84e1934e58c82cbe0
                                                                                                                                  • Instruction ID: 0a77d41913575adca2a7ede6e8d56263b744db67c7fbf003078f88b8ecd5966f
                                                                                                                                  • Opcode Fuzzy Hash: 01184a99a098fa4f7b5ffd0caf4b96e4eb64a91bfbc6cfc84e1934e58c82cbe0
                                                                                                                                  • Instruction Fuzzy Hash: 24E0C272F08210DBD710FBB4AE899AE3274DB403A9B10453BF503F20C1D6B89C8196EE
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0040583D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                  			E0040583D(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                                  0x00405841
                                                                                                                                  0x0040584e
                                                                                                                                  0x00405863
                                                                                                                                  0x00405869

                                                                                                                                  APIs
                                                                                                                                  • GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe,80000000,00000003), ref: 00405841
                                                                                                                                  • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                  • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                                                  • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                                                                                                                  • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                                                  • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BDD83 Relevance: 3.0, APIs: 2, Instructions: 14COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 032BDD83
                                                                                                                                    • Part of subcall function 032BDDC7: InitializeCriticalSectionAndSpinCount.KERNEL32(032F3454,00000FA0,444D31BA,?,?,?,?,032DBDB1,000000FF), ref: 032BDDF6
                                                                                                                                    • Part of subcall function 032BDDC7: GetModuleHandleW.KERNELBASE(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,032DBDB1,000000FF), ref: 032BDE01
                                                                                                                                    • Part of subcall function 032BDDC7: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,032DBDB1,000000FF), ref: 032BDE12
                                                                                                                                    • Part of subcall function 032BDDC7: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 032BDE28
                                                                                                                                    • Part of subcall function 032BDDC7: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 032BDE36
                                                                                                                                    • Part of subcall function 032BDDC7: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 032BDE44
                                                                                                                                    • Part of subcall function 032BDDC7: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 032BDE6F
                                                                                                                                    • Part of subcall function 032BDDC7: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 032BDE7A
                                                                                                                                  • ___scrt_fastfail.LIBCMT ref: 032BDDA4
                                                                                                                                    • Part of subcall function 032BE203: __onexit.LIBCMT ref: 032BE209
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 66158676-0
                                                                                                                                  • Opcode ID: 775994e3a4cb2953553da0e6fb6cac602bcde03c902e5b64737a761c24226f58
                                                                                                                                  • Instruction ID: 0ef56d5d774e72ec5df86d22cde655b9b4f8ec74c4fe3b619658ab235221510c
                                                                                                                                  • Opcode Fuzzy Hash: 775994e3a4cb2953553da0e6fb6cac602bcde03c902e5b64737a761c24226f58
                                                                                                                                  • Instruction Fuzzy Hash: CCC04C1A674313A6D458FA756805BD802710B017E6F598855A2A86D4C59ED450C16056
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0040581E Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E0040581E(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                                                                                                  0x00405822
                                                                                                                                  0x0040582b
                                                                                                                                  0x00000000
                                                                                                                                  0x00405834
                                                                                                                                  0x0040583a

                                                                                                                                  APIs
                                                                                                                                  • GetFileAttributesA.KERNELBASE(?,00405629,?,?,?), ref: 00405822
                                                                                                                                  • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405834
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AttributesFile
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                  • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                                  • Instruction ID: 89544605ef234ac14ed66c3b065a2d642d1346908a696065e0ba681aeed38476
                                                                                                                                  • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                                  • Instruction Fuzzy Hash: F8C04CB1808501ABD7056B24EF0D81F7B66EF50325B108B35F5A9E00F0C7355C66DA1A
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A3B10 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FreeLibrary.KERNELBASE(?,?,00000000,?,00000000,032AA2E2), ref: 032A3B86
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                  • Opcode ID: 780eb07b2dfb8ed4ab32f2e15e0f05fd1ea4f659638e92cf9757f9ffbbebb408
                                                                                                                                  • Instruction ID: 4f702e7cb8c7239bb2ed6ee7741fdd9f93c84a9e579935b8c8a74bd34cfce543
                                                                                                                                  • Opcode Fuzzy Hash: 780eb07b2dfb8ed4ab32f2e15e0f05fd1ea4f659638e92cf9757f9ffbbebb408
                                                                                                                                  • Instruction Fuzzy Hash: AB016DBAE267194FD210EF4DF88881EF799E34473D789C43ED20AA3207CB3158808750
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00402223 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00402223(int __eax, CHAR* __ebx) {
				CHAR* _t11;
				void* _t13;
				CHAR* _t14;
				void* _t18;
				int _t22;

				_t11 = __ebx;
				_t5 = __eax;
				_t14 = 0;
				if(__eax != __ebx) {
					__eax = E004029F6(__ebx);
				}
				if(_t13 != _t11) {
					_t14 = E004029F6(0x11);
				}
				if( *((intOrPtr*)(_t18 - 0x14)) != _t11) {
					_t11 = E004029F6(0x22);
				}
				_t5 = WritePrivateProfileStringA(0, _t14, _t11, E004029F6(0xffffffcd)); // executed
				_t22 = _t5;
				if(_t22 == 0) {
					 *((intOrPtr*)(_t18 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t18 - 4));
				return 0;
			}








                                                                                                                                  0x00402223
                                                                                                                                  0x00402223
                                                                                                                                  0x00402225
                                                                                                                                  0x00402229
                                                                                                                                  0x0040222c
                                                                                                                                  0x00402234
                                                                                                                                  0x00402238
                                                                                                                                  0x00402241
                                                                                                                                  0x00402241
                                                                                                                                  0x00402246
                                                                                                                                  0x0040224f
                                                                                                                                  0x0040224f
                                                                                                                                  0x0040225c
                                                                                                                                  0x004015a6
                                                                                                                                  0x004015a8
                                                                                                                                  0x0040265c
                                                                                                                                  0x0040265c
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                  • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 0040225C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: PrivateProfileStringWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 390214022-0
                                                                                                                                  • Opcode ID: b6116c209c80720ea8c5b66b32d343bdc214f8bf2523826a10554ae8e2aaa3ef
                                                                                                                                  • Instruction ID: 7f0f3d0bfb11d3a69440f7e30d7772d63b8707f304f836d716d69bda9ce5b450
                                                                                                                                  • Opcode Fuzzy Hash: b6116c209c80720ea8c5b66b32d343bdc214f8bf2523826a10554ae8e2aaa3ef
                                                                                                                                  • Instruction Fuzzy Hash: 31E04871F002656BDBA07AF14F8D97F115C7B84344F14027EBA15762C6E9BC4D416169
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00402B00 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 79%
                                                                                                                                  			E00402B00(void* __eflags, void* _a4) {
				signed int _t6;
				char* _t8;
				intOrPtr _t9;
				signed int _t11;

				_t6 =  *0x423f50; // 0x100
				_t8 = E004029F6(0x22);
				_t9 =  *0x409b68; // 0x345ff3c
				_t11 = RegOpenKeyExA(E00402AEB( *((intOrPtr*)(_t9 + 4))), _t8, 0, _t6 | _a4,  &_a4); // executed
				asm("sbb eax, eax");
				return  !( ~_t11) & _a4;
			}







                                                                                                                                  0x00402b07
                                                                                                                                  0x00402b14
                                                                                                                                  0x00402b1a
                                                                                                                                  0x00402b28
                                                                                                                                  0x00402b30
                                                                                                                                  0x00402b38

                                                                                                                                  APIs
                                                                                                                                  • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Open
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 71445658-0
                                                                                                                                  • Opcode ID: b5dfad00fa1cd151fd60990f5b06a3c2bada7c6ed29f77274f64d0dacc55a64b
                                                                                                                                  • Instruction ID: c0cb2249de0b0b7c7cf81be38287cf815beb59390f5746c35b3b1e544e0707b9
                                                                                                                                  • Opcode Fuzzy Hash: b5dfad00fa1cd151fd60990f5b06a3c2bada7c6ed29f77274f64d0dacc55a64b
                                                                                                                                  • Instruction Fuzzy Hash: BFE08676640108BFDB50DFA4ED4BFD637ECB704340F008421B608D7091C678F5409B68
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 004031BF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E004031BF(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                  0x004031c3
                                                                                                                                  0x004031d6
                                                                                                                                  0x004031de
                                                                                                                                  0x00000000
                                                                                                                                  0x004031e5
                                                                                                                                  0x00000000
                                                                                                                                  0x004031e7

                                                                                                                                  APIs
                                                                                                                                  • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00413040,0040B040,004030C4,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000), ref: 004031D6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                  • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                                  • Instruction ID: 4c5c04567c480c11bae84e94003d2882b37cb3083c3cc1db03504fe221b835f3
                                                                                                                                  • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                                  • Instruction Fuzzy Hash: DAE08631500119BBCF215E619C00A973B5CEB09362F008033FA04E9190D532DB109BA5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10002930 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x10004038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x1000404c, 4, 0x40, 0x1000403c); // executed
					 *0x1000404c = 0xc2;
					 *0x1000403c = 0;
					 *0x10004044 = 0;
					 *0x10004054 = 0;
					 *0x10004048 = 0;
					 *0x10004040 = 0;
					 *0x1000404e = 0;
				}
				return 1;
			}



                                                                                                                                  0x10002939
                                                                                                                                  0x1000293e
                                                                                                                                  0x1000294e
                                                                                                                                  0x10002956
                                                                                                                                  0x1000295d
                                                                                                                                  0x10002962
                                                                                                                                  0x10002967
                                                                                                                                  0x1000296c
                                                                                                                                  0x10002971
                                                                                                                                  0x10002976
                                                                                                                                  0x10002976
                                                                                                                                  0x1000297e

                                                                                                                                  APIs
                                                                                                                                  • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 1000294E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.749338517.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.749309117.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749363604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749383020.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                  • Opcode ID: 34d967791fa0c81937acb5e832d60935bd6fac481f559dacb71f15d92aed8369
                                                                                                                                  • Instruction ID: 48d6293a520ab1310b80528f385a012c899c9e0ceb66e9e696cbd892b99779f9
                                                                                                                                  • Opcode Fuzzy Hash: 34d967791fa0c81937acb5e832d60935bd6fac481f559dacb71f15d92aed8369
                                                                                                                                  • Instruction Fuzzy Hash: 1BE0AEF15092A0DEF360DF688CC47023EE4A3983C5B03842AE348F6269EB3841448B19
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00403F18 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00403F18(intOrPtr _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_t7 = SetDlgItemTextA(_v4, _v0 + 0x3e8, E00405B88(_t8, _t9, _t10, 0, _a12)); // executed
				return _t7;
			}









                                                                                                                                  0x00403f32
                                                                                                                                  0x00403f37

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemText
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3367045223-0
                                                                                                                                  • Opcode ID: 0133f6fb0bbb01b6b2141ca724d41332ae1f029b98537481ef9b49a90444b815
                                                                                                                                  • Instruction ID: 32956ba5a052c000d200729fffd4f2c944d874cb1110b62223aa4bdd109d9e57
                                                                                                                                  • Opcode Fuzzy Hash: 0133f6fb0bbb01b6b2141ca724d41332ae1f029b98537481ef9b49a90444b815
                                                                                                                                  • Instruction Fuzzy Hash: E4C08C31048200BFD241AB04CC42F1FB3A8EFA0327F00C92EB05CE00D2C634D420CE2A
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00403F64 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00403F64(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x423678; // 0x70240
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                                                                  0x00403f64
                                                                                                                                  0x00403f6b
                                                                                                                                  0x00403f76
                                                                                                                                  0x00000000
                                                                                                                                  0x00403f76
                                                                                                                                  0x00403f7c

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                  • Opcode ID: 74a19277012f6d931596f598d2f6ffa2ec736fc7041dbb57cfa43a045af561dc
                                                                                                                                  • Instruction ID: 4934297729c285da13a483c37f1bad53b44c21571947472378d90217470b6476
                                                                                                                                  • Opcode Fuzzy Hash: 74a19277012f6d931596f598d2f6ffa2ec736fc7041dbb57cfa43a045af561dc
                                                                                                                                  • Instruction Fuzzy Hash: 6CC04C71B442017AEA209F619D45F177B68A754701F5444657204A51D0C674E510D61D
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A1DB0 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MapViewOfFile.KERNELBASE(?,000F001F,00000000,00000000,00000000,032ABEC8,00000001,00000000,?,?,?,?,?,76D86490), ref: 032A1DBC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileView
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3314676101-0
                                                                                                                                  • Opcode ID: daa7f4583375d378c636d6bf0b1b54d8ea5c53003b785d43bc497776559c1367
                                                                                                                                  • Instruction ID: 92f2dc4300000ba6bbfd75f2e6e454e77bd9af435a0bd9788ff1d1a2e9416fb2
                                                                                                                                  • Opcode Fuzzy Hash: daa7f4583375d378c636d6bf0b1b54d8ea5c53003b785d43bc497776559c1367
                                                                                                                                  • Instruction Fuzzy Hash: 7DB00170BC1328B6FE3066606D0FF2526285745F02F6045507301BD4CA89E4A050A518
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00403F4D Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00403F4D(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x423ea8, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                                  0x00403f5b
                                                                                                                                  0x00403f61

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                  • Opcode ID: 5380ca26047a56ac044db27ec5452a3d407db4c462228856e9187df95d64c5b6
                                                                                                                                  • Instruction ID: 0662716cb4741bc9db58cdf5bc89cb1196afa115b106f7c4ea820954fb206898
                                                                                                                                  • Opcode Fuzzy Hash: 5380ca26047a56ac044db27ec5452a3d407db4c462228856e9187df95d64c5b6
                                                                                                                                  • Instruction Fuzzy Hash: 17B09276685201BADA215B10DE09F457E62E764702F018064B204240B0C6B200A5DB09
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0040540B Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E0040540B(int _a4, CHAR* _a8) {
				int _t3;

				_t3 = GetDlgItemTextA( *0x423678, _a4, _a8, 0x400); // executed
				return _t3;
			}




                                                                                                                                  0x0040541e
                                                                                                                                  0x00405424

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemText
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3367045223-0
                                                                                                                                  • Opcode ID: 2a3cf452a9340375e7ea9e4d6319565003b19af3fd8fe49c2e8af92dd2f11c39
                                                                                                                                  • Instruction ID: 30df335a9567130ec804c6d1d151e6d7b01c17dcb48a9d335dbed8569bbd2918
                                                                                                                                  • Opcode Fuzzy Hash: 2a3cf452a9340375e7ea9e4d6319565003b19af3fd8fe49c2e8af92dd2f11c39
                                                                                                                                  • Instruction Fuzzy Hash: FBB09276608200BFDA125F50DE05E0ABB72FB94312F40C465BB98241B082325822EF0A
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 004031F1 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E004031F1(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                                  0x004031ff
                                                                                                                                  0x00403205

                                                                                                                                  APIs
                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,0000DBE4), ref: 004031FF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FilePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                  • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                                  • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                                                                  • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                                  • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A7430 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Event
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4201588131-0
                                                                                                                                  • Opcode ID: 83bf4c879197772936e4ea93876a8de1b96200c65398589ca89e73299e9e906f
                                                                                                                                  • Instruction ID: cb5d63d060c5a0ba8f624e8f40a48e814cfef26d2304db2f0f2dc8b1bb40bc40
                                                                                                                                  • Opcode Fuzzy Hash: 83bf4c879197772936e4ea93876a8de1b96200c65398589ca89e73299e9e906f
                                                                                                                                  • Instruction Fuzzy Hash: 2AB092BA8042109BD200FBA8E80CA0EB7A8AB54B19F40C424E14286048C6B48892CF14
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C1071 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031C1071(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x31c67c8, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                                  0x031c107f
                                                                                                                                  0x031c1084

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748522491.00000000031C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 031C0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748395968.00000000031C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748634965.00000000031C3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748656419.00000000031C4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748694802.00000000031C6000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748715226.00000000031C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_31c0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                  • Opcode ID: dd22e5e1c86a3197ef5226108899550e27991ae457b6073355dd5d0f0ff4069b
                                                                                                                                  • Instruction ID: 729311f401773ed4694585765bc7095b46692586c1e3ac7638f99c66e1f5a44d
                                                                                                                                  • Opcode Fuzzy Hash: dd22e5e1c86a3197ef5226108899550e27991ae457b6073355dd5d0f0ff4069b
                                                                                                                                  • Instruction Fuzzy Hash: CAB0127D2E074076DA11A700CC01F4A7DA2E77CB00F408824B300180F4C6B200F49B20
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C13F3 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031C13F3(CHAR* _a4, int _a8) {
				int _t3;

				_t3 = GetPrivateProfileIntA( *0x31c67b4, _a4, _a8,  *0x31c67e0); // executed
				return _t3;
			}




                                                                                                                                  0x031c1407
                                                                                                                                  0x031c140d

                                                                                                                                  APIs
                                                                                                                                  • GetPrivateProfileIntA.KERNEL32 ref: 031C1407
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748522491.00000000031C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 031C0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748395968.00000000031C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748634965.00000000031C3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748656419.00000000031C4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748694802.00000000031C6000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748715226.00000000031C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_31c0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: PrivateProfile
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1469295129-0
                                                                                                                                  • Opcode ID: 5e6403027eb4623f0ee8a7667d8266c061d2da0f676501b589124981628639c3
                                                                                                                                  • Instruction ID: 54f4282c0e63ed19e45d89229d7b36fd77115f28d6a670c429e9f40b12436c94
                                                                                                                                  • Opcode Fuzzy Hash: 5e6403027eb4623f0ee8a7667d8266c061d2da0f676501b589124981628639c3
                                                                                                                                  • Instruction Fuzzy Hash: 6AC0483A024200AFCB4A6B80ED0880ABF72FB9C350B08C808B2A50002CC23280B4EB21
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A1DA0 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileMappingOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1680863896-0
                                                                                                                                  • Opcode ID: 6fa200837e3186c2b0cc954b35ceacb3470d778451324639b38568d4a0adb6c8
                                                                                                                                  • Instruction ID: 0878c900b15b65fb16902c0381ffa563d69b9f00e7ca360093178a3cb1d8a88f
                                                                                                                                  • Opcode Fuzzy Hash: 6fa200837e3186c2b0cc954b35ceacb3470d778451324639b38568d4a0adb6c8
                                                                                                                                  • Instruction Fuzzy Hash: 84A002B0B852596EFE5066916E0EF35251C9B40B01F1050507755DC4E689905410E525
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00403F3A Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00403F3A(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x420498, _a4); // executed
				return _t2;
			}




                                                                                                                                  0x00403f44
                                                                                                                                  0x00403f4a

                                                                                                                                  APIs
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00403D17), ref: 00403F44
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2492992576-0
                                                                                                                                  • Opcode ID: 315e157356e8942ef3b8d7e2082c61631171d9164c942d8812de0ab912510814
                                                                                                                                  • Instruction ID: 218003202f2b1835e3bff4e9bf146b8b4f872d9b8cc4e3003fd48478f7f9154f
                                                                                                                                  • Opcode Fuzzy Hash: 315e157356e8942ef3b8d7e2082c61631171d9164c942d8812de0ab912510814
                                                                                                                                  • Instruction Fuzzy Hash: 09A002755051049BCA519B54DE048057A62A754701741C479B24551575C7315461EB6E
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BAE00 Relevance: 1.3, APIs: 1, Instructions: 18COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CloseHandle.KERNELBASE(?,032ACCA0), ref: 032BAE24
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                  • Opcode ID: 96d40974d09649782ea49dfa02f71f8f118371a952175282ce372c6a6b7d2c3a
                                                                                                                                  • Instruction ID: c76fe470585ae6bafd56e3be4d1d6c1614220a285f678e5ae7ee6a9282df72c8
                                                                                                                                  • Opcode Fuzzy Hash: 96d40974d09649782ea49dfa02f71f8f118371a952175282ce372c6a6b7d2c3a
                                                                                                                                  • Instruction Fuzzy Hash: C7D05B34A117228FDB28DB29D5485D6B3F4AF0D361718456CE96AC76D0D770D4C1C790
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A1D00 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CloseHandle.KERNELBASE(00000000,032A3983,032A3998,00000000,032AC923,?,032BB3FE,032BAD47,?,?,00000000,?,00000000,032DBCDE,000000FF), ref: 032A1D01
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                  • Opcode ID: 371a0130e4b0bac70756dc6063c2d674b4508dcd187c59a7abf24c0b9c97a7ca
                                                                                                                                  • Instruction ID: fa430a9fc59539dfd4d5491934c2c2fd535c27510ae70ca0b380c96bf8c4db80
                                                                                                                                  • Opcode Fuzzy Hash: 371a0130e4b0bac70756dc6063c2d674b4508dcd187c59a7abf24c0b9c97a7ca
                                                                                                                                  • Instruction Fuzzy Hash: 68A00274BF513B469E142E78FA1D8253A58B551E073D05F90B11BC64C8DD29C018C510
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 032B3500 Relevance: 110.7, APIs: 61, Strings: 2, Instructions: 481memorystringserviceCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                  			E032B3500(void* __ebx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v136;
				void* _v140;
				void* _v144;
				void* _v148;
				char* _v152;
				void* _v156;
				void* _v160;
				void* _v164;
				void* _v168;
				intOrPtr _v172;
				int _v176;
				void* __ebp;
				signed int _t85;
				void* _t92;
				char* _t95;
				void* _t107;
				void _t110;
				void* _t116;
				void* _t120;
				void* _t124;
				void* _t128;
				void* _t132;
				char _t134;
				char* _t135;
				void* _t139;
				intOrPtr _t141;
				void* _t145;
				void* _t146;
				void* _t157;
				void* _t158;
				void* _t161;
				void* _t162;
				void* _t163;
				void* _t173;
				void* _t174;
				void* _t175;
				void* _t176;
				void* _t177;
				void* _t186;
				CHAR* _t189;
				void* _t192;
				void* _t195;
				void* _t196;
				void* _t197;
				void* _t198;
				void* _t199;
				void* _t206;
				void* _t207;
				void* _t208;
				void* _t209;
				void* _t215;
				void* _t216;
				void* _t217;
				void* _t222;
				void* _t223;
				void* _t227;
				void* _t230;
				void* _t240;
				CHAR* _t247;
				intOrPtr* _t251;
				void* _t252;
				void* _t255;
				void* _t259;
				intOrPtr* _t260;
				intOrPtr* _t261;
				intOrPtr _t262;
				void* _t264;
				void** _t266;
				void* _t267;
				void* _t268;
				void _t269;
				void* _t271;
				signed int _t272;
				void* _t273;

				_t85 =  *0x32ed474; // 0x444d31ba
				_v8 = _t85 ^ _t272;
				 *0x32efef4 = _a8;
				 *0x32efef8 = _a16;
				 *0x32efefc = _a12;
				_t271 = OpenSCManagerA(0, 0, 0xf003f);
				if(_t271 != 0) {
					_v140 = 0xdeadbeaf;
					_t92 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t266 =  *0x32efef8;
					_t240 = _t92;
					if(_t266 == 0) {
						L102:
						if(_t240 != 0) {
							GlobalFree(_t240);
						}
						L104:
						E032B1F00();
						E032B1F70(_v140);
						_t273 = _t273 + 4;
						goto L105;
					}
					_t267 =  *_t266;
					if(_t267 == 0) {
						goto L102;
					}
					lstrcpyA(_t240, _t267 + 4);
					_t268 = GlobalFree;
					 *( *0x32efef8) =  *_t267;
					GlobalFree(_t267);
					_t247 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t107 =  *0x32efef8;
					_v152 = _t247;
					if(_t107 == 0) {
						L98:
						if(_t247 != 0) {
							GlobalFree(_t247);
						}
						if(_t240 != 0) {
							GlobalFree(_t240);
						}
						goto L104;
					}
					_t110 =  *_t107;
					_v144 = _t110;
					if(_t110 == 0) {
						goto L98;
					}
					lstrcpyA(_t247, _t110 + 4);
					_t259 = _v144;
					 *( *0x32efef8) =  *_t259;
					GlobalFree(_t259);
					_t116 = E032B1F30( &_v136);
					_t273 = _t273 + 4;
					if(_t116 == 0) {
						_v168 = E032AD1A0( &_v136);
						_t120 = E032B1F30( &_v136);
						_t273 = _t273 + 8;
						if(_t120 == 0) {
							_v176 = E032AD1A0( &_v136);
							_v156 = GlobalAlloc(0x40,  *0x32efef4 + 1);
							_t124 = E032B1F30(_t123);
							_t273 = _t273 + 8;
							if(_t124 == 0) {
								_v164 = GlobalAlloc(0x40,  *0x32efef4 + 1);
								_t128 = E032B1F30(_t127);
								_t273 = _t273 + 4;
								if(_t128 == 0) {
									_v160 = GlobalAlloc(0x40,  *0x32efef4 + 1);
									_t132 = E032B1F30(_t131);
									_t273 = _t273 + 4;
									if(_t132 == 0) {
										_t260 = _v160;
										_t251 = _t260;
										_v144 = _t251 + 1;
										do {
											_t134 =  *_t251;
											_t251 = _t251 + 1;
										} while (_t134 != 0);
										_t252 = _t251 - _v144;
										 *((char*)(_t252 + _t260 + 1)) = _t134;
										_t135 = 0;
										if(_t252 == 0) {
											L50:
											_v148 = GlobalAlloc(0x40,  *0x32efef4 + 1);
											_t139 = E032B1F30(_t138);
											_t273 = _t273 + 4;
											if(_t139 == 0) {
												_t253 = _v148;
												_t261 = _v148;
												_v144 = _t261 + 1;
												do {
													_t141 =  *_t261;
													_t261 = _t261 + 1;
												} while (_t141 != 0);
												_t262 = _t261 - _v144;
												_v172 = _t262;
												if(_t262 != 0) {
													E032B5420(_t268, _t271, _t253);
													_t186 = E032BF0A0(_v148, 0x5c);
													_t273 = _t273 + 0xc;
													if(_t186 == 0) {
														_t189 = GlobalAlloc(0x40,  *0x32efef4 + 1);
														_v144 = _t189;
														lstrcpyA(_t189, ".\\");
														E032C58C7(_v144,  *0x32efef4, _v148);
														_t192 = _v148;
														_t273 = _t273 + 0xc;
														if(_t192 != 0) {
															GlobalFree(_t192);
														}
														_v148 = _v144;
													}
												}
												_v144 = GlobalAlloc(0x40,  *0x32efef4 + 1);
												_t145 = E032B1F30(_t144);
												_t273 = _t273 + 4;
												_t146 = _v144;
												if(_t145 == 0) {
													_t147 =  ==  ? 0 : _t146;
													_t255 = _v160;
													_t149 =  ==  ? 0 : _v148;
													_t151 =  !=  ? _t255 : 0;
													_t153 =  ==  ? 0 :  &_v140;
													_v168 = CreateServiceA(_t271, _t240, _v152, 0xf01ff, _v168, _v176, 1, _v156, _v164,  ==  ? 0 :  &_v140,  !=  ? _t255 : 0,  ==  ? 0 : _v148,  ==  ? 0 : _t146);
													_t157 = _v144;
													if(_t157 != 0) {
														GlobalFree(_t157);
													}
													_t158 = _v148;
													if(_t158 != 0) {
														GlobalFree(_t158);
													}
													GlobalFree(_v160);
													GlobalFree(_v164);
													_t161 = _v156;
													if(_t161 != 0) {
														GlobalFree(_t161);
													}
													_t162 = _v152;
													if(_t162 != 0) {
														GlobalFree(_t162);
													}
													if(_t240 != 0) {
														GlobalFree(_t240);
													}
													_t163 = _v168;
													if(_t163 != 0) {
														CloseServiceHandle(_t163);
														E032B1F00();
														E032B1F70(_v140);
														_t273 = _t273 + 4;
														_t95 = "success";
														goto L106;
													} else {
														_v140 = GetLastError();
														goto L104;
													}
												} else {
													if(_t146 != 0) {
														GlobalFree(_t146);
													}
													_t173 = _v148;
													if(_t173 != 0) {
														GlobalFree(_t173);
													}
													_t174 = _v160;
													if(_t174 != 0) {
														GlobalFree(_t174);
													}
													_t175 = _v164;
													if(_t175 != 0) {
														GlobalFree(_t175);
													}
													_t176 = _v156;
													if(_t176 != 0) {
														GlobalFree(_t176);
													}
													_t177 = _v152;
													if(_t177 != 0) {
														GlobalFree(_t177);
													}
													if(_t240 != 0) {
														GlobalFree(_t240);
													}
													goto L104;
												}
											}
											_t195 = _v148;
											if(_t195 != 0) {
												GlobalFree(_t195);
											}
											_t196 = _v160;
											if(_t196 != 0) {
												GlobalFree(_t196);
											}
											_t197 = _v164;
											if(_t197 != 0) {
												GlobalFree(_t197);
											}
											_t198 = _v156;
											if(_t198 != 0) {
												GlobalFree(_t198);
											}
											_t199 = _v152;
											if(_t199 != 0) {
												GlobalFree(_t199);
											}
											if(_t240 != 0) {
												GlobalFree(_t240);
											}
											goto L104;
										} else {
											goto L47;
										}
										do {
											L47:
											if(_t135[_t260] == 0x3b) {
												_t135[_t260] = 0;
											}
											_t135 =  &(_t135[1]);
										} while (_t135 < _t252);
										goto L50;
									}
									_t206 = _v160;
									if(_t206 != 0) {
										GlobalFree(_t206);
									}
									_t207 = _v164;
									if(_t207 != 0) {
										GlobalFree(_t207);
									}
									_t208 = _v156;
									if(_t208 != 0) {
										GlobalFree(_t208);
									}
									_t209 = _v152;
									if(_t209 != 0) {
										GlobalFree(_t209);
									}
									if(_t240 != 0) {
										GlobalFree(_t240);
									}
									goto L104;
								}
								_t215 = _v164;
								if(_t215 != 0) {
									GlobalFree(_t215);
								}
								_t216 = _v156;
								if(_t216 != 0) {
									GlobalFree(_t216);
								}
								_t217 = _v152;
								if(_t217 != 0) {
									GlobalFree(_t217);
								}
								if(_t240 != 0) {
									GlobalFree(_t240);
								}
								goto L104;
							}
							_t222 = _v156;
							if(_t222 != 0) {
								GlobalFree(_t222);
							}
							_t223 = _v152;
							if(_t223 != 0) {
								GlobalFree(_t223);
							}
							if(_t240 != 0) {
								GlobalFree(_t240);
							}
						} else {
							_t227 = _v152;
							if(_t227 != 0) {
								GlobalFree(_t227);
							}
							if(_t240 != 0) {
								GlobalFree(_t240);
							}
						}
					} else {
						_t230 = _v152;
						if(_t230 != 0) {
							GlobalFree(_t230);
						}
						if(_t240 != 0) {
							GlobalFree(_t240);
						}
					}
					goto L104;
				} else {
					E032B1F00();
					if( *0x32efef8 != 0) {
						_t269 = GlobalAlloc(0x40,  *0x32efef4 + 8);
						_t5 = _t269 + 4; // 0x4
						wsprintfA(_t5, 0x32dc480, 0x64);
						_t264 =  *0x32efef8;
						_t273 = _t273 + 0xc;
						 *_t269 =  *_t264;
						 *_t264 = _t269;
					}
					L105:
					_t95 = 0x32dc484;
					L106:
					E032B1FC0(_t95);
					if(_t271 != 0) {
						CloseServiceHandle(_t271);
					}
					return E032BD98D(_v8 ^ _t272);
				}
			}














































































                                                                                                                                  0x032b3509
                                                                                                                                  0x032b3510
                                                                                                                                  0x032b3523
                                                                                                                                  0x032b352d
                                                                                                                                  0x032b3533
                                                                                                                                  0x032b3544
                                                                                                                                  0x032b3548
                                                                                                                                  0x032b359a
                                                                                                                                  0x032b35a7
                                                                                                                                  0x032b35ad
                                                                                                                                  0x032b35b3
                                                                                                                                  0x032b35b7
                                                                                                                                  0x032b3a93
                                                                                                                                  0x032b3a95
                                                                                                                                  0x032b3a98
                                                                                                                                  0x032b3a98
                                                                                                                                  0x032b3a9e
                                                                                                                                  0x032b3a9e
                                                                                                                                  0x032b3aa9
                                                                                                                                  0x032b3ab4
                                                                                                                                  0x00000000
                                                                                                                                  0x032b3ab4
                                                                                                                                  0x032b35bd
                                                                                                                                  0x032b35c1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b35cc
                                                                                                                                  0x032b35da
                                                                                                                                  0x032b35e0
                                                                                                                                  0x032b35e2
                                                                                                                                  0x032b35f3
                                                                                                                                  0x032b35f5
                                                                                                                                  0x032b35fa
                                                                                                                                  0x032b3602
                                                                                                                                  0x032b3a83
                                                                                                                                  0x032b3a85
                                                                                                                                  0x032b3a88
                                                                                                                                  0x032b3a88
                                                                                                                                  0x032b3a8c
                                                                                                                                  0x032b3a8f
                                                                                                                                  0x032b3a8f
                                                                                                                                  0x00000000
                                                                                                                                  0x032b3a8c
                                                                                                                                  0x032b3608
                                                                                                                                  0x032b360a
                                                                                                                                  0x032b3612
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b361d
                                                                                                                                  0x032b3623
                                                                                                                                  0x032b3631
                                                                                                                                  0x032b3633
                                                                                                                                  0x032b363c
                                                                                                                                  0x032b3641
                                                                                                                                  0x032b3646
                                                                                                                                  0x032b3671
                                                                                                                                  0x032b367e
                                                                                                                                  0x032b3683
                                                                                                                                  0x032b3688
                                                                                                                                  0x032b36bd
                                                                                                                                  0x032b36cd
                                                                                                                                  0x032b36d3
                                                                                                                                  0x032b36d8
                                                                                                                                  0x032b36dd
                                                                                                                                  0x032b3719
                                                                                                                                  0x032b371f
                                                                                                                                  0x032b3724
                                                                                                                                  0x032b3729
                                                                                                                                  0x032b3772
                                                                                                                                  0x032b3778
                                                                                                                                  0x032b377d
                                                                                                                                  0x032b3782
                                                                                                                                  0x032b37c8
                                                                                                                                  0x032b37ce
                                                                                                                                  0x032b37d3
                                                                                                                                  0x032b37e0
                                                                                                                                  0x032b37e0
                                                                                                                                  0x032b37e2
                                                                                                                                  0x032b37e3
                                                                                                                                  0x032b37e7
                                                                                                                                  0x032b37ed
                                                                                                                                  0x032b37f1
                                                                                                                                  0x032b37f6
                                                                                                                                  0x032b3807
                                                                                                                                  0x032b3817
                                                                                                                                  0x032b381d
                                                                                                                                  0x032b3822
                                                                                                                                  0x032b3827
                                                                                                                                  0x032b387a
                                                                                                                                  0x032b3880
                                                                                                                                  0x032b3885
                                                                                                                                  0x032b3890
                                                                                                                                  0x032b3890
                                                                                                                                  0x032b3892
                                                                                                                                  0x032b3893
                                                                                                                                  0x032b3897
                                                                                                                                  0x032b389d
                                                                                                                                  0x032b38a3
                                                                                                                                  0x032b38a6
                                                                                                                                  0x032b38b3
                                                                                                                                  0x032b38b8
                                                                                                                                  0x032b38bd
                                                                                                                                  0x032b38c8
                                                                                                                                  0x032b38d4
                                                                                                                                  0x032b38da
                                                                                                                                  0x032b38f2
                                                                                                                                  0x032b38f7
                                                                                                                                  0x032b38fd
                                                                                                                                  0x032b3902
                                                                                                                                  0x032b3905
                                                                                                                                  0x032b3905
                                                                                                                                  0x032b390d
                                                                                                                                  0x032b390d
                                                                                                                                  0x032b38bd
                                                                                                                                  0x032b3923
                                                                                                                                  0x032b3929
                                                                                                                                  0x032b392e
                                                                                                                                  0x032b3933
                                                                                                                                  0x032b3939
                                                                                                                                  0x032b399d
                                                                                                                                  0x032b39a2
                                                                                                                                  0x032b39af
                                                                                                                                  0x032b39b7
                                                                                                                                  0x032b39c9
                                                                                                                                  0x032b39f7
                                                                                                                                  0x032b39fd
                                                                                                                                  0x032b3a05
                                                                                                                                  0x032b3a08
                                                                                                                                  0x032b3a08
                                                                                                                                  0x032b3a0a
                                                                                                                                  0x032b3a12
                                                                                                                                  0x032b3a15
                                                                                                                                  0x032b3a15
                                                                                                                                  0x032b3a1d
                                                                                                                                  0x032b3a25
                                                                                                                                  0x032b3a27
                                                                                                                                  0x032b3a2f
                                                                                                                                  0x032b3a32
                                                                                                                                  0x032b3a32
                                                                                                                                  0x032b3a34
                                                                                                                                  0x032b3a3c
                                                                                                                                  0x032b3a3f
                                                                                                                                  0x032b3a3f
                                                                                                                                  0x032b3a43
                                                                                                                                  0x032b3a46
                                                                                                                                  0x032b3a46
                                                                                                                                  0x032b3a48
                                                                                                                                  0x032b3a50
                                                                                                                                  0x032b3a67
                                                                                                                                  0x032b3a69
                                                                                                                                  0x032b3a74
                                                                                                                                  0x032b3a79
                                                                                                                                  0x032b3a7c
                                                                                                                                  0x00000000
                                                                                                                                  0x032b3a52
                                                                                                                                  0x032b3a58
                                                                                                                                  0x00000000
                                                                                                                                  0x032b3a58
                                                                                                                                  0x032b393b
                                                                                                                                  0x032b393d
                                                                                                                                  0x032b3940
                                                                                                                                  0x032b3940
                                                                                                                                  0x032b3942
                                                                                                                                  0x032b394a
                                                                                                                                  0x032b394d
                                                                                                                                  0x032b394d
                                                                                                                                  0x032b394f
                                                                                                                                  0x032b3957
                                                                                                                                  0x032b395a
                                                                                                                                  0x032b395a
                                                                                                                                  0x032b395c
                                                                                                                                  0x032b3964
                                                                                                                                  0x032b3967
                                                                                                                                  0x032b3967
                                                                                                                                  0x032b3969
                                                                                                                                  0x032b3971
                                                                                                                                  0x032b3974
                                                                                                                                  0x032b3974
                                                                                                                                  0x032b3976
                                                                                                                                  0x032b397e
                                                                                                                                  0x032b3981
                                                                                                                                  0x032b3981
                                                                                                                                  0x032b3985
                                                                                                                                  0x032b398c
                                                                                                                                  0x032b398c
                                                                                                                                  0x00000000
                                                                                                                                  0x032b3985
                                                                                                                                  0x032b3939
                                                                                                                                  0x032b3829
                                                                                                                                  0x032b3831
                                                                                                                                  0x032b3834
                                                                                                                                  0x032b3834
                                                                                                                                  0x032b3836
                                                                                                                                  0x032b383e
                                                                                                                                  0x032b3841
                                                                                                                                  0x032b3841
                                                                                                                                  0x032b3843
                                                                                                                                  0x032b384b
                                                                                                                                  0x032b384e
                                                                                                                                  0x032b384e
                                                                                                                                  0x032b3850
                                                                                                                                  0x032b3858
                                                                                                                                  0x032b385b
                                                                                                                                  0x032b385b
                                                                                                                                  0x032b385d
                                                                                                                                  0x032b3865
                                                                                                                                  0x032b3868
                                                                                                                                  0x032b3868
                                                                                                                                  0x032b386c
                                                                                                                                  0x032b3873
                                                                                                                                  0x032b3873
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b37f8
                                                                                                                                  0x032b37f8
                                                                                                                                  0x032b37fc
                                                                                                                                  0x032b37fe
                                                                                                                                  0x032b37fe
                                                                                                                                  0x032b3802
                                                                                                                                  0x032b3803
                                                                                                                                  0x00000000
                                                                                                                                  0x032b37f8
                                                                                                                                  0x032b3784
                                                                                                                                  0x032b378c
                                                                                                                                  0x032b378f
                                                                                                                                  0x032b378f
                                                                                                                                  0x032b3791
                                                                                                                                  0x032b3799
                                                                                                                                  0x032b379c
                                                                                                                                  0x032b379c
                                                                                                                                  0x032b379e
                                                                                                                                  0x032b37a6
                                                                                                                                  0x032b37a9
                                                                                                                                  0x032b37a9
                                                                                                                                  0x032b37ab
                                                                                                                                  0x032b37b3
                                                                                                                                  0x032b37b6
                                                                                                                                  0x032b37b6
                                                                                                                                  0x032b37ba
                                                                                                                                  0x032b37c1
                                                                                                                                  0x032b37c1
                                                                                                                                  0x00000000
                                                                                                                                  0x032b37ba
                                                                                                                                  0x032b372b
                                                                                                                                  0x032b3733
                                                                                                                                  0x032b3736
                                                                                                                                  0x032b3736
                                                                                                                                  0x032b3738
                                                                                                                                  0x032b3740
                                                                                                                                  0x032b3743
                                                                                                                                  0x032b3743
                                                                                                                                  0x032b3745
                                                                                                                                  0x032b374d
                                                                                                                                  0x032b3750
                                                                                                                                  0x032b3750
                                                                                                                                  0x032b3754
                                                                                                                                  0x032b375b
                                                                                                                                  0x032b375b
                                                                                                                                  0x00000000
                                                                                                                                  0x032b3754
                                                                                                                                  0x032b36df
                                                                                                                                  0x032b36e7
                                                                                                                                  0x032b36ea
                                                                                                                                  0x032b36ea
                                                                                                                                  0x032b36ec
                                                                                                                                  0x032b36f4
                                                                                                                                  0x032b36f7
                                                                                                                                  0x032b36f7
                                                                                                                                  0x032b36fb
                                                                                                                                  0x032b3702
                                                                                                                                  0x032b3702
                                                                                                                                  0x032b368a
                                                                                                                                  0x032b368a
                                                                                                                                  0x032b3692
                                                                                                                                  0x032b3695
                                                                                                                                  0x032b3695
                                                                                                                                  0x032b3699
                                                                                                                                  0x032b36a0
                                                                                                                                  0x032b36a0
                                                                                                                                  0x032b3699
                                                                                                                                  0x032b3648
                                                                                                                                  0x032b3648
                                                                                                                                  0x032b3650
                                                                                                                                  0x032b3653
                                                                                                                                  0x032b3653
                                                                                                                                  0x032b3657
                                                                                                                                  0x032b365e
                                                                                                                                  0x032b365e
                                                                                                                                  0x032b3657
                                                                                                                                  0x00000000
                                                                                                                                  0x032b354a
                                                                                                                                  0x032b354a
                                                                                                                                  0x032b3556
                                                                                                                                  0x032b356d
                                                                                                                                  0x032b3576
                                                                                                                                  0x032b357a
                                                                                                                                  0x032b3580
                                                                                                                                  0x032b3586
                                                                                                                                  0x032b358b
                                                                                                                                  0x032b358d
                                                                                                                                  0x032b358d
                                                                                                                                  0x032b3ab7
                                                                                                                                  0x032b3ab7
                                                                                                                                  0x032b3abc
                                                                                                                                  0x032b3abd
                                                                                                                                  0x032b3ac7
                                                                                                                                  0x032b3aca
                                                                                                                                  0x032b3aca
                                                                                                                                  0x032b3adc
                                                                                                                                  0x032b3adc

                                                                                                                                  APIs
                                                                                                                                  • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 032B3538
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B3567
                                                                                                                                  • wsprintfA.USER32 ref: 032B357A
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B35A7
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B35CC
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B35E2
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B35ED
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B361D
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B3633
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B3653
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B365E
                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 032B3ACA
                                                                                                                                    • Part of subcall function 032B1F00: GlobalFree.KERNEL32 ref: 032B1F1B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc$lstrcpy$CloseHandleManagerOpenServicewsprintf
                                                                                                                                  • String ID: error$success
                                                                                                                                  • API String ID: 4138226526-58590040
                                                                                                                                  • Opcode ID: f6260af46dad1bac34552a570587fc45157e0f790a1ae11e8804997908c8d031
                                                                                                                                  • Instruction ID: a4102a35044ec73b8bd4634def3f117fb113102089743cba7221d7d6b1a106f0
                                                                                                                                  • Opcode Fuzzy Hash: f6260af46dad1bac34552a570587fc45157e0f790a1ae11e8804997908c8d031
                                                                                                                                  • Instruction Fuzzy Hash: 83F168B5A10316AFDB20EF75DD48F9AB7BCAF44380F1941A4E609E7246DA70D990CF60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00404853 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                  			E00404853(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8; // 0x69fe24
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423eb0; // 0x69fab8
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423eb9 & 0x00000002;
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004047D3(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423eb8; // 0xa0
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x42047c;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x420494;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x42047c = _t315;
									 *0x420494 = _t315;
									 *0x423f00 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423eb9 & 0x00000001;
										if(( *0x423eb9 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423ecc - _t315; // 0x3
										_v32 =  *0x420494;
										_t196 =  *0x423ec8; // 0x69fe24
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42367c; // 0x6b2723
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E004046F1(0x3ff, 0xfffffffb, E004047A6(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x69fe2c
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x69fe3c
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423ecc; // 0x3
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x420494);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423f00 = _a4;
					_t247 =  *0x423ecc; // 0x3
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420494 = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420488 =  *0x420488 | 0xffffffff;
					_v24 = _t250;
					 *0x420490 = SetWindowLongA(_v8, 0xfffffffc, E00404E54);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42047c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42047c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405B88(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403F18(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403F18(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423ecc - _t318; // 0x3
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420494 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420494 + _t318 * 4) = _t274;
									_t288 =  *( *0x420494 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423ecc; // 0x3
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403F4D(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403F4D(_v12);
								L89:
								return E00403F7F(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                                                                                                                                  0x00404871
                                                                                                                                  0x00404877
                                                                                                                                  0x00404879
                                                                                                                                  0x0040487f
                                                                                                                                  0x00404885
                                                                                                                                  0x00404888
                                                                                                                                  0x00404892
                                                                                                                                  0x0040489b
                                                                                                                                  0x0040489e
                                                                                                                                  0x004048a1
                                                                                                                                  0x00404ac9
                                                                                                                                  0x00404ac9
                                                                                                                                  0x00404ad0
                                                                                                                                  0x00404ae4
                                                                                                                                  0x00404ad2
                                                                                                                                  0x00404ad4
                                                                                                                                  0x00404ad7
                                                                                                                                  0x00404ad8
                                                                                                                                  0x00404adf
                                                                                                                                  0x00404adf
                                                                                                                                  0x00404ae7
                                                                                                                                  0x00404af0
                                                                                                                                  0x00404afb
                                                                                                                                  0x00404afb
                                                                                                                                  0x00404afe
                                                                                                                                  0x00404b01
                                                                                                                                  0x00404b10
                                                                                                                                  0x00404b10
                                                                                                                                  0x00404b17
                                                                                                                                  0x00404b8f
                                                                                                                                  0x00404b8f
                                                                                                                                  0x00404b92
                                                                                                                                  0x00404b94
                                                                                                                                  0x00404b97
                                                                                                                                  0x00404b9e
                                                                                                                                  0x00404bac
                                                                                                                                  0x00404bac
                                                                                                                                  0x00404bae
                                                                                                                                  0x00404bb1
                                                                                                                                  0x00404bb8
                                                                                                                                  0x00404bba
                                                                                                                                  0x00404bbe
                                                                                                                                  0x00404bdb
                                                                                                                                  0x00404bdf
                                                                                                                                  0x00404bdf
                                                                                                                                  0x00404bc0
                                                                                                                                  0x00404bcd
                                                                                                                                  0x00404bcd
                                                                                                                                  0x00404bbe
                                                                                                                                  0x00404bb8
                                                                                                                                  0x00000000
                                                                                                                                  0x00404b92
                                                                                                                                  0x00404b19
                                                                                                                                  0x00404b1c
                                                                                                                                  0x00404b27
                                                                                                                                  0x00404b29
                                                                                                                                  0x00404b2c
                                                                                                                                  0x00404b33
                                                                                                                                  0x00404b38
                                                                                                                                  0x00404b3a
                                                                                                                                  0x00404b44
                                                                                                                                  0x00404b44
                                                                                                                                  0x00404b48
                                                                                                                                  0x00404b4a
                                                                                                                                  0x00404b4d
                                                                                                                                  0x00404b4f
                                                                                                                                  0x00404b52
                                                                                                                                  0x00404b68
                                                                                                                                  0x00404b68
                                                                                                                                  0x00404b54
                                                                                                                                  0x00404b54
                                                                                                                                  0x00404b5a
                                                                                                                                  0x00404b5c
                                                                                                                                  0x00404b63
                                                                                                                                  0x00404b5e
                                                                                                                                  0x00404b5e
                                                                                                                                  0x00404b5e
                                                                                                                                  0x00404b5c
                                                                                                                                  0x00404b6c
                                                                                                                                  0x00404b6e
                                                                                                                                  0x00404b73
                                                                                                                                  0x00404b7c
                                                                                                                                  0x00404b7d
                                                                                                                                  0x00404b87
                                                                                                                                  0x00404b87
                                                                                                                                  0x00404b89
                                                                                                                                  0x00404b8c
                                                                                                                                  0x00404b8c
                                                                                                                                  0x00404b4d
                                                                                                                                  0x00000000
                                                                                                                                  0x00404b3a
                                                                                                                                  0x00404b1e
                                                                                                                                  0x00404b21
                                                                                                                                  0x00404b25
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00404b25
                                                                                                                                  0x00404b03
                                                                                                                                  0x00404b0a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00404af2
                                                                                                                                  0x00404af2
                                                                                                                                  0x00404af5
                                                                                                                                  0x00404be2
                                                                                                                                  0x00404be2
                                                                                                                                  0x00404be9
                                                                                                                                  0x00404c5d
                                                                                                                                  0x00404c5d
                                                                                                                                  0x00404c64
                                                                                                                                  0x00404c70
                                                                                                                                  0x00404c70
                                                                                                                                  0x00404c72
                                                                                                                                  0x00404c79
                                                                                                                                  0x00404c7b
                                                                                                                                  0x00404c80
                                                                                                                                  0x00404c82
                                                                                                                                  0x00404c85
                                                                                                                                  0x00404c85
                                                                                                                                  0x00404c8b
                                                                                                                                  0x00404c90
                                                                                                                                  0x00404c92
                                                                                                                                  0x00404c95
                                                                                                                                  0x00404c95
                                                                                                                                  0x00404c9b
                                                                                                                                  0x00404ca1
                                                                                                                                  0x00404ca7
                                                                                                                                  0x00404ca7
                                                                                                                                  0x00404cad
                                                                                                                                  0x00404cb4
                                                                                                                                  0x00404e01
                                                                                                                                  0x00404e01
                                                                                                                                  0x00404e08
                                                                                                                                  0x00404e0a
                                                                                                                                  0x00404e11
                                                                                                                                  0x00404e15
                                                                                                                                  0x00404e22
                                                                                                                                  0x00404e22
                                                                                                                                  0x00404e25
                                                                                                                                  0x00404e2b
                                                                                                                                  0x00404e3d
                                                                                                                                  0x00404e3d
                                                                                                                                  0x00404e11
                                                                                                                                  0x00000000
                                                                                                                                  0x00404cba
                                                                                                                                  0x00404cbc
                                                                                                                                  0x00404cc1
                                                                                                                                  0x00404cc4
                                                                                                                                  0x00404cc8
                                                                                                                                  0x00404cc8
                                                                                                                                  0x00404ccd
                                                                                                                                  0x00404cd0
                                                                                                                                  0x00404d11
                                                                                                                                  0x00404d13
                                                                                                                                  0x00404d1d
                                                                                                                                  0x00404d23
                                                                                                                                  0x00404d26
                                                                                                                                  0x00404d2b
                                                                                                                                  0x00404d32
                                                                                                                                  0x00404d35
                                                                                                                                  0x00404dd7
                                                                                                                                  0x00404ddd
                                                                                                                                  0x00404de3
                                                                                                                                  0x00404de8
                                                                                                                                  0x00404deb
                                                                                                                                  0x00404dfc
                                                                                                                                  0x00404dfc
                                                                                                                                  0x00000000
                                                                                                                                  0x00404d3b
                                                                                                                                  0x00404d3b
                                                                                                                                  0x00404d3b
                                                                                                                                  0x00404d3e
                                                                                                                                  0x00404d44
                                                                                                                                  0x00404d47
                                                                                                                                  0x00404d49
                                                                                                                                  0x00404d4b
                                                                                                                                  0x00404d4d
                                                                                                                                  0x00404d50
                                                                                                                                  0x00404d53
                                                                                                                                  0x00404d5a
                                                                                                                                  0x00404d5c
                                                                                                                                  0x00404d5f
                                                                                                                                  0x00404d66
                                                                                                                                  0x00404d69
                                                                                                                                  0x00404d69
                                                                                                                                  0x00404d69
                                                                                                                                  0x00404d69
                                                                                                                                  0x00404d6d
                                                                                                                                  0x00404d70
                                                                                                                                  0x00404d7c
                                                                                                                                  0x00404d7d
                                                                                                                                  0x00404d80
                                                                                                                                  0x00404d82
                                                                                                                                  0x00404d82
                                                                                                                                  0x00404d82
                                                                                                                                  0x00404d72
                                                                                                                                  0x00404d74
                                                                                                                                  0x00404d74
                                                                                                                                  0x00404da1
                                                                                                                                  0x00404da1
                                                                                                                                  0x00404da2
                                                                                                                                  0x00404dae
                                                                                                                                  0x00404dbd
                                                                                                                                  0x00404dbd
                                                                                                                                  0x00404dbf
                                                                                                                                  0x00404dc2
                                                                                                                                  0x00404dcb
                                                                                                                                  0x00404dcb
                                                                                                                                  0x00000000
                                                                                                                                  0x00404d3e
                                                                                                                                  0x00404cd2
                                                                                                                                  0x00404cdd
                                                                                                                                  0x00404ce0
                                                                                                                                  0x00404ce5
                                                                                                                                  0x00404ce7
                                                                                                                                  0x00404ce9
                                                                                                                                  0x00404ceb
                                                                                                                                  0x00404cfb
                                                                                                                                  0x00404d05
                                                                                                                                  0x00404d07
                                                                                                                                  0x00404d0a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00404ced
                                                                                                                                  0x00404ced
                                                                                                                                  0x00404ced
                                                                                                                                  0x00404cf0
                                                                                                                                  0x00404cf3
                                                                                                                                  0x00404cf5
                                                                                                                                  0x00404cf5
                                                                                                                                  0x00404cf5
                                                                                                                                  0x00404cf6
                                                                                                                                  0x00404cf7
                                                                                                                                  0x00404cf7
                                                                                                                                  0x00000000
                                                                                                                                  0x00404ced
                                                                                                                                  0x00404cd0
                                                                                                                                  0x00404cb4
                                                                                                                                  0x00404beb
                                                                                                                                  0x00404bf1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00404bfd
                                                                                                                                  0x00404c01
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00404c11
                                                                                                                                  0x00404c13
                                                                                                                                  0x00404c16
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00404c28
                                                                                                                                  0x00404c2a
                                                                                                                                  0x00404c2d
                                                                                                                                  0x00404c37
                                                                                                                                  0x00404c39
                                                                                                                                  0x00404c3a
                                                                                                                                  0x00404c3b
                                                                                                                                  0x00404c4a
                                                                                                                                  0x00404c4c
                                                                                                                                  0x00404c53
                                                                                                                                  0x00404c56
                                                                                                                                  0x00000000
                                                                                                                                  0x00404c56
                                                                                                                                  0x00404c2f
                                                                                                                                  0x00404c32
                                                                                                                                  0x00404c35
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00404c35
                                                                                                                                  0x00000000
                                                                                                                                  0x00404af5
                                                                                                                                  0x004048a7
                                                                                                                                  0x004048ac
                                                                                                                                  0x004048b1
                                                                                                                                  0x004048b6
                                                                                                                                  0x004048b7
                                                                                                                                  0x004048c0
                                                                                                                                  0x004048cb
                                                                                                                                  0x004048d6
                                                                                                                                  0x004048dc
                                                                                                                                  0x004048ea
                                                                                                                                  0x004048ff
                                                                                                                                  0x00404904
                                                                                                                                  0x0040490f
                                                                                                                                  0x00404918
                                                                                                                                  0x0040492d
                                                                                                                                  0x0040493e
                                                                                                                                  0x0040494b
                                                                                                                                  0x0040494b
                                                                                                                                  0x00404950
                                                                                                                                  0x00404956
                                                                                                                                  0x00404958
                                                                                                                                  0x0040495b
                                                                                                                                  0x00404960
                                                                                                                                  0x00404965
                                                                                                                                  0x00404967
                                                                                                                                  0x00404967
                                                                                                                                  0x00404987
                                                                                                                                  0x00404987
                                                                                                                                  0x00404989
                                                                                                                                  0x0040498a
                                                                                                                                  0x0040498f
                                                                                                                                  0x00404992
                                                                                                                                  0x00404995
                                                                                                                                  0x00404999
                                                                                                                                  0x0040499e
                                                                                                                                  0x004049a3
                                                                                                                                  0x004049a7
                                                                                                                                  0x004049ac
                                                                                                                                  0x004049b1
                                                                                                                                  0x004049b3
                                                                                                                                  0x004049b5
                                                                                                                                  0x004049bb
                                                                                                                                  0x00404a85
                                                                                                                                  0x00404a98
                                                                                                                                  0x00000000
                                                                                                                                  0x004049c1
                                                                                                                                  0x004049c4
                                                                                                                                  0x004049c7
                                                                                                                                  0x004049ca
                                                                                                                                  0x004049ca
                                                                                                                                  0x004049d0
                                                                                                                                  0x004049d6
                                                                                                                                  0x004049d9
                                                                                                                                  0x004049df
                                                                                                                                  0x004049e0
                                                                                                                                  0x004049e5
                                                                                                                                  0x004049ee
                                                                                                                                  0x004049f5
                                                                                                                                  0x004049f8
                                                                                                                                  0x004049fb
                                                                                                                                  0x004049fe
                                                                                                                                  0x00404a38
                                                                                                                                  0x00404a3a
                                                                                                                                  0x00404a63
                                                                                                                                  0x00404a3c
                                                                                                                                  0x00404a49
                                                                                                                                  0x00404a49
                                                                                                                                  0x00404a00
                                                                                                                                  0x00404a03
                                                                                                                                  0x00404a12
                                                                                                                                  0x00404a1c
                                                                                                                                  0x00404a24
                                                                                                                                  0x00404a2b
                                                                                                                                  0x00404a33
                                                                                                                                  0x00404a33
                                                                                                                                  0x004049fe
                                                                                                                                  0x00404a69
                                                                                                                                  0x00404a6a
                                                                                                                                  0x00404a70
                                                                                                                                  0x00404a76
                                                                                                                                  0x00404a76
                                                                                                                                  0x00404a83
                                                                                                                                  0x00404a9e
                                                                                                                                  0x00404aa2
                                                                                                                                  0x00404abf
                                                                                                                                  0x00404ac4
                                                                                                                                  0x00404ac7
                                                                                                                                  0x00404ac7
                                                                                                                                  0x00000000
                                                                                                                                  0x00404aa4
                                                                                                                                  0x00404aa9
                                                                                                                                  0x00404ab2
                                                                                                                                  0x00404e3f
                                                                                                                                  0x00404e51
                                                                                                                                  0x00404e51
                                                                                                                                  0x00404aa2
                                                                                                                                  0x00000000
                                                                                                                                  0x00404a83
                                                                                                                                  0x004049bb

                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                  • String ID: $#'k$M$N
                                                                                                                                  • API String ID: 1638840714-608436665
                                                                                                                                  • Opcode ID: bc836f97d9874f4f727094095d6c382577d8705a5fdd7ffcfefc5c205b7b8112
                                                                                                                                  • Instruction ID: 91af9d563adbb526dddc39620d8b288a2aea1bcbb5731436b9e02a5cfbe7d22d
                                                                                                                                  • Opcode Fuzzy Hash: bc836f97d9874f4f727094095d6c382577d8705a5fdd7ffcfefc5c205b7b8112
                                                                                                                                  • Instruction Fuzzy Hash: AB029FB0E00209AFDB21DF54DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B30E0 Relevance: 63.3, APIs: 19, Strings: 17, Instructions: 291registrylibrarymemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 57%
                                                                                                                                  			E032B30E0(void* __edi, void* __esi, int _a8, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v264;
				char _v266;
				struct _OSVERSIONINFOW _v548;
				void* _v552;
				int _v556;
				int _v560;
				struct _SYSTEM_INFO _v596;
				void* __ebp;
				signed int _t47;
				_Unknown_base(*)()* _t54;
				_Unknown_base(*)()* _t58;
				intOrPtr _t69;
				intOrPtr _t74;
				intOrPtr _t84;
				void* _t95;
				void* _t97;
				signed int _t105;
				void* _t107;
				void* _t124;
				void* _t125;
				void* _t126;
				int _t137;
				void _t139;
				void _t140;
				signed int _t149;
				void* _t150;
				void* _t151;
				void* _t163;

				_t47 =  *0x32ed474; // 0x444d31ba
				_v8 = _t47 ^ _t149;
				asm("xorps xmm0, xmm0");
				_push(__edi);
				 *0x32efef4 = _a8;
				 *0x32efefc = _a12;
				 *0x32efef8 = _a16;
				asm("movups [ebp-0x250], xmm0");
				_v596.wProcessorLevel = 0;
				asm("movups [ebp-0x240], xmm0");
				E032BEF40(__edi,  &(_v548.dwMajorVersion), 0, 0x118);
				_t151 = _t150 + 0xc;
				_v548.dwOSVersionInfoSize = 0x11c;
				_t54 = GetProcAddress(GetModuleHandleA("ntdll"), "RtlGetVersion");
				if(_t54 == 0) {
					_t137 = GetVersionExW( &_v548);
				} else {
					_t105 =  *_t54( &_v548);
					asm("sbb esi, esi");
					_t137 =  ~_t105 + 1;
				}
				_t107 =  *0x32efef8;
				if(_t107 != 0) {
					while(1) {
						_t126 =  *_t107;
						if(_t126 == 0) {
							break;
						}
						 *_t107 =  *_t126;
						GlobalFree(_t126);
						_t107 =  *0x32efef8;
						if(_t107 != 0) {
							continue;
						}
						break;
					}
				}
				if(_t137 != 0) {
					_t58 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetNativeSystemInfo");
					if(_t58 == 0) {
						GetSystemInfo( &_v596);
					} else {
						 *_t58( &_v596);
					}
					if(_v548.dwPlatformId != 2) {
						L59:
						goto L60;
					} else {
						_t69 = _v548.dwMajorVersion;
						if(_t69 <= 4) {
							goto L59;
						} else {
							if(_t69 != 0xa) {
								if(_t69 != 6) {
									if(_t69 != 5) {
										L57:
										_push("Unknown");
										goto L58;
									} else {
										_t74 = _v548.dwMinorVersion;
										if(_t74 != 2) {
											if(_t74 != 1) {
												if(_t74 != 0) {
													goto L57;
												} else {
													_push("2000");
												}
											} else {
												_push("XP");
											}
											L58:
											E032B1FC0();
											E032B1F70(0);
											return E032BD98D(_v8 ^ _t149);
										} else {
											if(_v266 != 1 || _v596.dwOemId != 9) {
												_push("2003");
												goto L51;
											} else {
												E032B1FC0("XP");
												E032B1F70(1);
												return E032BD98D(_v8 ^ _t149);
											}
										}
									}
								} else {
									if(_v548.dwMinorVersion == 0) {
										if(_v266 != 1) {
											_push("2008");
										} else {
											_push("VISTA");
										}
										E032B1FC0();
										_t151 = _t151 + 4;
									}
									if(_v548.dwMinorVersion == 1) {
										if(_v266 != 1) {
											_push("2008 R2");
										} else {
											_push("7");
										}
										E032B1FC0();
										_t151 = _t151 + 4;
									}
									_t84 = _v548.dwMinorVersion;
									if(_t84 == 2 || _t84 == 3) {
										if(_v266 != 1) {
											_push("2012");
										} else {
											_push("8");
										}
										goto L51;
									}
									goto L52;
								}
							} else {
								if(_v266 == 1) {
									if(_v548.dwBuildNumber < 0x55f0) {
										_push("10");
									} else {
										_push("11");
									}
								} else {
									_v552 = 0;
									_t144 = "unknown";
									if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows NT\\CurrentVersion", 0, 0x20019,  &_v552) != 0) {
										L25:
									} else {
										_v556 = 0x100;
										if(RegQueryValueExA(_v552, "ProductName", 0,  &_v560,  &_v264,  &_v556) != 0) {
											L24:
											RegCloseKey(_v552);
											goto L25;
										} else {
											_t95 = E032BF1D0( &_v264, "2022");
											_t151 = _t151 + 8;
											if(_t95 == 0) {
												_t97 = E032BF1D0( &_v264, "2019");
												_t151 = _t151 + 8;
												if(_t97 == 0) {
													E032BF1D0( &_v264, "2016");
													_t151 = _t151 + 8;
													_t121 =  ==  ? "unknown" : "2016";
													_t144 =  ==  ? "unknown" : "2016";
													goto L24;
												} else {
													RegCloseKey(_v552);
													_push("2019");
												}
											} else {
												RegCloseKey(_v552);
												_push("2022");
											}
										}
									}
								}
								L51:
								E032B1FC0();
								_t151 = _t151 + 4;
								L52:
								E032B1F70(0 | _v596.dwOemId == 0x00000009);
								return E032BD98D(_v8 ^ _t149);
							}
						}
					}
				} else {
					_t163 = _t107;
					L60:
					if(_t163 != 0) {
						_t139 = GlobalAlloc(0x40,  *0x32efef4 + 8);
						_t44 = _t139 + 4; // 0x4
						lstrcpynA(_t44, "NT",  *0x32efef4);
						_t124 =  *0x32efef8;
						 *_t139 =  *_t124;
						 *_t124 = _t139;
						_t140 = GlobalAlloc(0x40,  *0x32efef4 + 8);
						_t45 = _t140 + 4; // 0x4
						wsprintfA(_t45, 0x32dc480, 0);
						_t125 =  *0x32efef8;
						 *_t140 =  *_t125;
						 *_t125 = _t140;
					}
					return E032BD98D(_v8 ^ _t149);
				}
			}
































                                                                                                                                  0x032b30e9
                                                                                                                                  0x032b30f0
                                                                                                                                  0x032b30f6
                                                                                                                                  0x032b30fd
                                                                                                                                  0x032b30fe
                                                                                                                                  0x032b310b
                                                                                                                                  0x032b3119
                                                                                                                                  0x032b311f
                                                                                                                                  0x032b3126
                                                                                                                                  0x032b3130
                                                                                                                                  0x032b3137
                                                                                                                                  0x032b313c
                                                                                                                                  0x032b313f
                                                                                                                                  0x032b3160
                                                                                                                                  0x032b3164
                                                                                                                                  0x032b3185
                                                                                                                                  0x032b3166
                                                                                                                                  0x032b316d
                                                                                                                                  0x032b3173
                                                                                                                                  0x032b3175
                                                                                                                                  0x032b3175
                                                                                                                                  0x032b3187
                                                                                                                                  0x032b318f
                                                                                                                                  0x032b3197
                                                                                                                                  0x032b3197
                                                                                                                                  0x032b319b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b31a0
                                                                                                                                  0x032b31a2
                                                                                                                                  0x032b31a4
                                                                                                                                  0x032b31ac
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b31ac
                                                                                                                                  0x032b31ae
                                                                                                                                  0x032b31b6
                                                                                                                                  0x032b31d0
                                                                                                                                  0x032b31d4
                                                                                                                                  0x032b31e8
                                                                                                                                  0x032b31d6
                                                                                                                                  0x032b31dd
                                                                                                                                  0x032b31dd
                                                                                                                                  0x032b31f5
                                                                                                                                  0x032b3477
                                                                                                                                  0x00000000
                                                                                                                                  0x032b31fb
                                                                                                                                  0x032b31fb
                                                                                                                                  0x032b3204
                                                                                                                                  0x00000000
                                                                                                                                  0x032b320a
                                                                                                                                  0x032b320d
                                                                                                                                  0x032b333e
                                                                                                                                  0x032b33b6
                                                                                                                                  0x032b344f
                                                                                                                                  0x032b344f
                                                                                                                                  0x00000000
                                                                                                                                  0x032b33bc
                                                                                                                                  0x032b33bc
                                                                                                                                  0x032b33c5
                                                                                                                                  0x032b343b
                                                                                                                                  0x032b3446
                                                                                                                                  0x00000000
                                                                                                                                  0x032b3448
                                                                                                                                  0x032b3448
                                                                                                                                  0x032b3448
                                                                                                                                  0x032b343d
                                                                                                                                  0x032b343d
                                                                                                                                  0x032b343d
                                                                                                                                  0x032b3454
                                                                                                                                  0x032b3454
                                                                                                                                  0x032b345f
                                                                                                                                  0x032b3476
                                                                                                                                  0x032b33c7
                                                                                                                                  0x032b33ce
                                                                                                                                  0x032b3405
                                                                                                                                  0x00000000
                                                                                                                                  0x032b33da
                                                                                                                                  0x032b33df
                                                                                                                                  0x032b33ed
                                                                                                                                  0x032b3404
                                                                                                                                  0x032b3404
                                                                                                                                  0x032b33ce
                                                                                                                                  0x032b33c5
                                                                                                                                  0x032b3340
                                                                                                                                  0x032b3347
                                                                                                                                  0x032b3350
                                                                                                                                  0x032b3359
                                                                                                                                  0x032b3352
                                                                                                                                  0x032b3352
                                                                                                                                  0x032b3352
                                                                                                                                  0x032b335e
                                                                                                                                  0x032b3363
                                                                                                                                  0x032b3363
                                                                                                                                  0x032b336d
                                                                                                                                  0x032b3376
                                                                                                                                  0x032b337f
                                                                                                                                  0x032b3378
                                                                                                                                  0x032b3378
                                                                                                                                  0x032b3378
                                                                                                                                  0x032b3384
                                                                                                                                  0x032b3389
                                                                                                                                  0x032b3389
                                                                                                                                  0x032b338c
                                                                                                                                  0x032b3395
                                                                                                                                  0x032b33a3
                                                                                                                                  0x032b33ac
                                                                                                                                  0x032b33a5
                                                                                                                                  0x032b33a5
                                                                                                                                  0x032b33a5
                                                                                                                                  0x00000000
                                                                                                                                  0x032b33a3
                                                                                                                                  0x00000000
                                                                                                                                  0x032b3395
                                                                                                                                  0x032b3213
                                                                                                                                  0x032b321a
                                                                                                                                  0x032b3325
                                                                                                                                  0x032b3331
                                                                                                                                  0x032b3327
                                                                                                                                  0x032b3327
                                                                                                                                  0x032b3327
                                                                                                                                  0x032b3220
                                                                                                                                  0x032b3226
                                                                                                                                  0x032b3242
                                                                                                                                  0x032b324f
                                                                                                                                  0x032b3315
                                                                                                                                  0x032b3255
                                                                                                                                  0x032b325b
                                                                                                                                  0x032b3289
                                                                                                                                  0x032b3309
                                                                                                                                  0x032b330f
                                                                                                                                  0x00000000
                                                                                                                                  0x032b328b
                                                                                                                                  0x032b3297
                                                                                                                                  0x032b329c
                                                                                                                                  0x032b32a1
                                                                                                                                  0x032b32c6
                                                                                                                                  0x032b32cb
                                                                                                                                  0x032b32d0
                                                                                                                                  0x032b32f5
                                                                                                                                  0x032b32fa
                                                                                                                                  0x032b3304
                                                                                                                                  0x032b3307
                                                                                                                                  0x00000000
                                                                                                                                  0x032b32d2
                                                                                                                                  0x032b32dd
                                                                                                                                  0x032b32e3
                                                                                                                                  0x032b32e3
                                                                                                                                  0x032b32a3
                                                                                                                                  0x032b32ae
                                                                                                                                  0x032b32b4
                                                                                                                                  0x032b32b4
                                                                                                                                  0x032b32a1
                                                                                                                                  0x032b3289
                                                                                                                                  0x032b324f
                                                                                                                                  0x032b340a
                                                                                                                                  0x032b340a
                                                                                                                                  0x032b340f
                                                                                                                                  0x032b3412
                                                                                                                                  0x032b3420
                                                                                                                                  0x032b3437
                                                                                                                                  0x032b3437
                                                                                                                                  0x032b320d
                                                                                                                                  0x032b3204
                                                                                                                                  0x032b31b8
                                                                                                                                  0x032b31b8
                                                                                                                                  0x032b347e
                                                                                                                                  0x032b347e
                                                                                                                                  0x032b3499
                                                                                                                                  0x032b34a0
                                                                                                                                  0x032b34a4
                                                                                                                                  0x032b34aa
                                                                                                                                  0x032b34bb
                                                                                                                                  0x032b34bf
                                                                                                                                  0x032b34c3
                                                                                                                                  0x032b34cc
                                                                                                                                  0x032b34d0
                                                                                                                                  0x032b34d6
                                                                                                                                  0x032b34e1
                                                                                                                                  0x032b34e3
                                                                                                                                  0x032b34e3
                                                                                                                                  0x032b34f4
                                                                                                                                  0x032b34f4

                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32(ntdll,RtlGetVersion), ref: 032B3153
                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 032B3160
                                                                                                                                  • GetVersionExW.KERNEL32(0000011C), ref: 032B317F
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B31A2
                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 032B31C9
                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 032B31D0
                                                                                                                                  • GetSystemInfo.KERNEL32(?), ref: 032B31E8
                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020019,?), ref: 032B3247
                                                                                                                                  • RegQueryValueExA.ADVAPI32(00000000,ProductName,00000000,?,?,?), ref: 032B3281
                                                                                                                                  • _strstr.LIBCMT ref: 032B3297
                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 032B32AE
                                                                                                                                  • _strstr.LIBCMT ref: 032B32C6
                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 032B32DD
                                                                                                                                  • _strstr.LIBCMT ref: 032B32F5
                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 032B330F
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B3491
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,032DCAC4), ref: 032B34A4
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B34C1
                                                                                                                                  • wsprintfA.USER32 ref: 032B34D0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseGlobal_strstr$AddressAllocHandleModuleProc$FreeInfoOpenQuerySystemValueVersionlstrcpynwsprintf
                                                                                                                                  • String ID: 2000$2003$2008$2008 R2$2012$2016$2019$2022$GetNativeSystemInfo$ProductName$RtlGetVersion$Software\Microsoft\Windows NT\CurrentVersion$Unknown$VISTA$kernel32.dll$ntdll$unknown
                                                                                                                                  • API String ID: 2307477385-3003425156
                                                                                                                                  • Opcode ID: e1510f3cc5c1f76e94122f8dddd97a00d2138ab7fb002c6deae03a49e3226c8d
                                                                                                                                  • Instruction ID: 57d9f6be949275c74cb51c06b88b24d4ee4b0813284ae815486ab1ad40dc0d31
                                                                                                                                  • Opcode Fuzzy Hash: e1510f3cc5c1f76e94122f8dddd97a00d2138ab7fb002c6deae03a49e3226c8d
                                                                                                                                  • Instruction Fuzzy Hash: A9A1F87AE60325AFDB20EB54EC49BEDB3B8AB04744F084195E905A7141DBB1EAC4CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BD7A0 Relevance: 45.6, APIs: 13, Strings: 13, Instructions: 90libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032BD7A0() {
				_Unknown_base(*)()* _t4;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				_Unknown_base(*)()* _t13;
				_Unknown_base(*)()* _t14;
				_Unknown_base(*)()* _t15;
				signed int _t16;
				struct HINSTANCE__* _t23;

				_t23 = LoadLibraryA("mpiwin32.dll");
				if(_t23 != 0) {
					_t4 = GetProcAddress(_t23, "MPI_SubmitPasswordEx");
					 *0x32f3418 = _t4;
					if(_t4 == 0) {
						L13:
						return 0;
					} else {
						_t6 = GetProcAddress(_t23, "MPI_ErasePassword");
						 *0x32f341c = _t6;
						if(_t6 == 0) {
							goto L13;
						} else {
							_t7 = GetProcAddress(_t23, "MPI_SetChannel");
							 *0x32f3420 = _t7;
							if(_t7 == 0) {
								goto L13;
							} else {
								_t8 = GetProcAddress(_t23, "MPI_SearchFirst");
								 *0x32f3424 = _t8;
								if(_t8 == 0) {
									goto L13;
								} else {
									_t9 = GetProcAddress(_t23, "MPI_Open");
									 *0x32f3428 = _t9;
									if(_t9 == 0) {
										goto L13;
									} else {
										_t10 = GetProcAddress(_t23, "MPI_Close");
										 *0x32f342c = _t10;
										if(_t10 == 0) {
											goto L13;
										} else {
											_t11 = GetProcAddress(_t23, "MPI_GetDeveloperId");
											 *0x32f3430 = _t11;
											if(_t11 == 0) {
												goto L13;
											} else {
												_t12 = GetProcAddress(_t23, "MPI_GetSerialNr");
												 *0x32f3434 = _t12;
												if(_t12 == 0) {
													goto L13;
												} else {
													_t13 = GetProcAddress(_t23, "MPI_ReadMem");
													 *0x32f3438 = _t13;
													if(_t13 == 0) {
														goto L13;
													} else {
														_t14 = GetProcAddress(_t23, "MPI_WriteMem");
														 *0x32f343c = _t14;
														if(_t14 == 0) {
															goto L13;
														} else {
															_t15 = GetProcAddress(_t23, "MPI_EncryptEx");
															 *0x32f3440 = _t15;
															if(_t15 != 0) {
																_t16 = GetProcAddress(_t23, "MPI_DecryptEx");
																 *0x32f3444 = _t16;
																return _t16 & 0xffffff00 | _t16 != 0x00000000;
															} else {
																goto L13;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				} else {
					return 0;
				}
			}
















                                                                                                                                  0x032bd7ac
                                                                                                                                  0x032bd7b0
                                                                                                                                  0x032bd7c3
                                                                                                                                  0x032bd7c5
                                                                                                                                  0x032bd7cc
                                                                                                                                  0x032bd884
                                                                                                                                  0x032bd888
                                                                                                                                  0x032bd7d2
                                                                                                                                  0x032bd7d8
                                                                                                                                  0x032bd7da
                                                                                                                                  0x032bd7e1
                                                                                                                                  0x00000000
                                                                                                                                  0x032bd7e7
                                                                                                                                  0x032bd7ed
                                                                                                                                  0x032bd7ef
                                                                                                                                  0x032bd7f6
                                                                                                                                  0x00000000
                                                                                                                                  0x032bd7fc
                                                                                                                                  0x032bd802
                                                                                                                                  0x032bd804
                                                                                                                                  0x032bd80b
                                                                                                                                  0x00000000
                                                                                                                                  0x032bd80d
                                                                                                                                  0x032bd813
                                                                                                                                  0x032bd815
                                                                                                                                  0x032bd81c
                                                                                                                                  0x00000000
                                                                                                                                  0x032bd81e
                                                                                                                                  0x032bd824
                                                                                                                                  0x032bd826
                                                                                                                                  0x032bd82d
                                                                                                                                  0x00000000
                                                                                                                                  0x032bd82f
                                                                                                                                  0x032bd835
                                                                                                                                  0x032bd837
                                                                                                                                  0x032bd83e
                                                                                                                                  0x00000000
                                                                                                                                  0x032bd840
                                                                                                                                  0x032bd846
                                                                                                                                  0x032bd848
                                                                                                                                  0x032bd84f
                                                                                                                                  0x00000000
                                                                                                                                  0x032bd851
                                                                                                                                  0x032bd857
                                                                                                                                  0x032bd859
                                                                                                                                  0x032bd860
                                                                                                                                  0x00000000
                                                                                                                                  0x032bd862
                                                                                                                                  0x032bd868
                                                                                                                                  0x032bd86a
                                                                                                                                  0x032bd871
                                                                                                                                  0x00000000
                                                                                                                                  0x032bd873
                                                                                                                                  0x032bd879
                                                                                                                                  0x032bd87b
                                                                                                                                  0x032bd882
                                                                                                                                  0x032bd88f
                                                                                                                                  0x032bd893
                                                                                                                                  0x032bd89d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bd882
                                                                                                                                  0x032bd871
                                                                                                                                  0x032bd860
                                                                                                                                  0x032bd84f
                                                                                                                                  0x032bd83e
                                                                                                                                  0x032bd82d
                                                                                                                                  0x032bd81c
                                                                                                                                  0x032bd80b
                                                                                                                                  0x032bd7f6
                                                                                                                                  0x032bd7e1
                                                                                                                                  0x032bd7b2
                                                                                                                                  0x032bd7b5
                                                                                                                                  0x032bd7b5

                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32(mpiwin32.dll,?,032BADA0), ref: 032BD7A6
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MPI_SubmitPasswordEx), ref: 032BD7C3
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MPI_ErasePassword), ref: 032BD7D8
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MPI_SetChannel), ref: 032BD7ED
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MPI_SearchFirst), ref: 032BD802
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MPI_Open), ref: 032BD813
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MPI_Close), ref: 032BD824
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MPI_GetDeveloperId), ref: 032BD835
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MPI_GetSerialNr), ref: 032BD846
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MPI_ReadMem), ref: 032BD857
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MPI_WriteMem), ref: 032BD868
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MPI_EncryptEx), ref: 032BD879
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                  • String ID: MPI_Close$MPI_DecryptEx$MPI_EncryptEx$MPI_ErasePassword$MPI_GetDeveloperId$MPI_GetSerialNr$MPI_Open$MPI_ReadMem$MPI_SearchFirst$MPI_SetChannel$MPI_SubmitPasswordEx$MPI_WriteMem$mpiwin32.dll
                                                                                                                                  • API String ID: 2238633743-3193614432
                                                                                                                                  • Opcode ID: f1da265576a36846e26565cf9be318a28a466a0b34f596e1d38676e72961df10
                                                                                                                                  • Instruction ID: c8d81934cd97b7c0aad7dcd319601f2749b191cc4cf8e7b06e464fbe272c7d73
                                                                                                                                  • Opcode Fuzzy Hash: f1da265576a36846e26565cf9be318a28a466a0b34f596e1d38676e72961df10
                                                                                                                                  • Instruction Fuzzy Hash: 3A21D4256A1F233DE713FF3E7D058CEE6EC9E516A53098132E400E2515FFA0C1C289A9
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B5A00 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 153libraryloaderthreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 50%
                                                                                                                                  			E032B5A00(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				union _SECURITY_IMPERSONATION_LEVEL _v12;
				struct _TOKEN_PRIVILEGES _v24;
				char _v25;
				void* _v32;
				void* _v36;
				void* _v40;
				long _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				void* _v68;
				void* _v72;
				char _v140;
				void* __ebp;
				signed int _t40;
				struct HWND__* _t56;
				long _t58;
				struct HINSTANCE__* _t70;
				_Unknown_base(*)()* _t73;
				int _t92;
				void* _t93;
				signed int _t95;

				_t40 =  *0x32ed474; // 0x444d31ba
				_v8 = _t40 ^ _t95;
				asm("xorps xmm0, xmm0");
				_v56 = _a4;
				_v52 = _a8;
				_v48 = _a12;
				_v36 = 0;
				_v40 = 0;
				_v44 = 0;
				asm("movlpd [ebp-0x84], xmm0");
				asm("movlpd [ebp-0x7c], xmm0");
				asm("movlpd [ebp-0x74], xmm0");
				asm("movlpd [ebp-0x6c], xmm0");
				asm("movlpd [ebp-0x64], xmm0");
				asm("movlpd [ebp-0x5c], xmm0");
				asm("movlpd [ebp-0x54], xmm0");
				asm("movlpd [ebp-0x4c], xmm0");
				_v140 = 0x44;
				asm("movups [ebp-0x44], xmm0");
				_v32 = 0;
				if(OpenProcessToken(GetCurrentProcess(), 0x20,  &_v32) == 0) {
					L13:
					GetLastError();
					goto L14;
				} else {
					_v24.PrivilegeCount = 1;
					LookupPrivilegeValueW(0, L"SeIncreaseQuotaPrivilege",  &(_v24.Privileges));
					_v12 = 2;
					AdjustTokenPrivileges(_v32, 0,  &_v24, 0, 0, 0);
					_t92 = GetLastError();
					_t56 = CloseHandle(_v32);
					if(_t92 != 0) {
						L14:
						return E032BD98D(_v8 ^ _t95);
					} else {
						__imp__GetShellWindow();
						if(_t56 == 0) {
							goto L14;
						} else {
							GetWindowThreadProcessId(_t56,  &_v44);
							_t58 = _v44;
							if(_t58 == 0) {
								goto L14;
							} else {
								_t93 = OpenProcess(0x400, _t92, _t58);
								if(_t93 == 0) {
									goto L13;
								} else {
									_v25 = 0;
									if(OpenProcessToken(_t93, 2,  &_v36) != 0) {
										if(DuplicateTokenEx(_v36, 0x18b, 0, 2, 1,  &_v40) == 0) {
											goto L6;
										} else {
											_t70 = LoadLibraryA("advapi32.dll");
											if(_t70 == 0) {
												L11:
												_v25 = 1;
												CloseHandle(_v68);
												CloseHandle(_v72);
											} else {
												_t73 = GetProcAddress(_t70, "CreateProcessWithTokenW");
												if(_t73 != 0) {
													_push( &_v72);
													_push( &_v140);
													_push(_v48);
													_push(0);
													_push(0);
													_push(_v52);
													_push(_v56);
													_push(0);
													_push(_v40);
													if( *_t73() == 0) {
														goto L6;
													} else {
														goto L11;
													}
												}
											}
										}
									} else {
										L6:
										GetLastError();
									}
									CloseHandle(_v36);
									CloseHandle(_v40);
									CloseHandle(_t93);
									return E032BD98D(_v8 ^ _t95);
								}
							}
						}
					}
				}
			}


























                                                                                                                                  0x032b5a09
                                                                                                                                  0x032b5a10
                                                                                                                                  0x032b5a16
                                                                                                                                  0x032b5a1a
                                                                                                                                  0x032b5a21
                                                                                                                                  0x032b5a28
                                                                                                                                  0x032b5a31
                                                                                                                                  0x032b5a38
                                                                                                                                  0x032b5a3f
                                                                                                                                  0x032b5a46
                                                                                                                                  0x032b5a4e
                                                                                                                                  0x032b5a53
                                                                                                                                  0x032b5a58
                                                                                                                                  0x032b5a5d
                                                                                                                                  0x032b5a62
                                                                                                                                  0x032b5a67
                                                                                                                                  0x032b5a6c
                                                                                                                                  0x032b5a71
                                                                                                                                  0x032b5a7b
                                                                                                                                  0x032b5a7f
                                                                                                                                  0x032b5a9b
                                                                                                                                  0x032b5bcd
                                                                                                                                  0x032b5bcd
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5aa1
                                                                                                                                  0x032b5aa4
                                                                                                                                  0x032b5ab3
                                                                                                                                  0x032b5ac2
                                                                                                                                  0x032b5acf
                                                                                                                                  0x032b5ae0
                                                                                                                                  0x032b5ae2
                                                                                                                                  0x032b5ae6
                                                                                                                                  0x032b5bcf
                                                                                                                                  0x032b5be1
                                                                                                                                  0x032b5aec
                                                                                                                                  0x032b5aec
                                                                                                                                  0x032b5af4
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5afa
                                                                                                                                  0x032b5aff
                                                                                                                                  0x032b5b05
                                                                                                                                  0x032b5b0a
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5b10
                                                                                                                                  0x032b5b1d
                                                                                                                                  0x032b5b21
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5b27
                                                                                                                                  0x032b5b2a
                                                                                                                                  0x032b5b3a
                                                                                                                                  0x032b5b5a
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5b5c
                                                                                                                                  0x032b5b61
                                                                                                                                  0x032b5b69
                                                                                                                                  0x032b5b9e
                                                                                                                                  0x032b5ba1
                                                                                                                                  0x032b5ba5
                                                                                                                                  0x032b5baa
                                                                                                                                  0x032b5b6b
                                                                                                                                  0x032b5b71
                                                                                                                                  0x032b5b79
                                                                                                                                  0x032b5b7e
                                                                                                                                  0x032b5b85
                                                                                                                                  0x032b5b86
                                                                                                                                  0x032b5b89
                                                                                                                                  0x032b5b8b
                                                                                                                                  0x032b5b8d
                                                                                                                                  0x032b5b90
                                                                                                                                  0x032b5b93
                                                                                                                                  0x032b5b95
                                                                                                                                  0x032b5b9c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5b9c
                                                                                                                                  0x032b5b79
                                                                                                                                  0x032b5b69
                                                                                                                                  0x032b5b3c
                                                                                                                                  0x032b5b3c
                                                                                                                                  0x032b5b3c
                                                                                                                                  0x032b5b3c
                                                                                                                                  0x032b5baf
                                                                                                                                  0x032b5bb4
                                                                                                                                  0x032b5bb7
                                                                                                                                  0x032b5bcc
                                                                                                                                  0x032b5bcc
                                                                                                                                  0x032b5b21
                                                                                                                                  0x032b5b0a
                                                                                                                                  0x032b5af4
                                                                                                                                  0x032b5ae6

                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000020,?,76D81D30,76D85970,00000000), ref: 032B5A86
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 032B5A8D
                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,032B491F), ref: 032B5AB3
                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000), ref: 032B5ACF
                                                                                                                                  • GetLastError.KERNEL32 ref: 032B5AD5
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B5AE2
                                                                                                                                  • GetShellWindow.USER32 ref: 032B5AEC
                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 032B5AFF
                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000000,00000000), ref: 032B5B17
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000002,00000000), ref: 032B5B32
                                                                                                                                  • GetLastError.KERNEL32 ref: 032B5B3C
                                                                                                                                  • DuplicateTokenEx.ADVAPI32(00000000,0000018B,00000000,00000002,00000001,00000000), ref: 032B5B52
                                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 032B5B61
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 032B5B71
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 032B5BA5
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 032B5BAA
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B5BAF
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B5BB4
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B5BB7
                                                                                                                                  • GetLastError.KERNEL32 ref: 032B5BCD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandle$Process$Token$ErrorLastOpen$Window$AddressAdjustCurrentDuplicateLibraryLoadLookupPrivilegePrivilegesProcShellThreadValue
                                                                                                                                  • String ID: CreateProcessWithTokenW$D$SeIncreaseQuotaPrivilege$advapi32.dll
                                                                                                                                  • API String ID: 2448814150-3211835448
                                                                                                                                  • Opcode ID: cf633de7f53bdb48555a2e9aaec440bf0752ae8fcc6ab8381aa8fb28e18a4717
                                                                                                                                  • Instruction ID: 09537527fb5710081e6f7269d7a4bc2af4c4112222737f6a318438aeb3f11ffb
                                                                                                                                  • Opcode Fuzzy Hash: cf633de7f53bdb48555a2e9aaec440bf0752ae8fcc6ab8381aa8fb28e18a4717
                                                                                                                                  • Instruction Fuzzy Hash: 38515731E1121EABDF10EFA1ED49BEEBBB8BF49740F148159F504BA184DBB19940CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B5800 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 176memoryprocessCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 80%
                                                                                                                                  			E032B5800(intOrPtr __ecx, void* _a4, char* _a8) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v32;
				void* _v36;
				int _v40;
				int _v60;
				int _v64;
				int _v92;
				int _v96;
				int _v100;
				char _v104;
				short* _t45;
				short* _t48;
				short* _t51;
				short* _t56;
				char* _t63;
				short* _t73;
				void* _t74;
				char* _t83;
				char* _t84;
				void* _t85;
				int _t86;
				intOrPtr _t87;
				int _t88;
				intOrPtr _t89;
				int _t90;
				int _t91;
				int _t93;

				_v8 = __ecx;
				 *(__ecx + 0x1c) = 0;
				_t86 = MultiByteToWideChar(0xfde9, 0,  *(__ecx + 0x10), 0xffffffff, 0, 0);
				_t45 = GlobalAlloc(0x40, _t86 + _t86);
				_t87 = _v8;
				_v20 = _t45;
				MultiByteToWideChar(0xfde9, 0,  *(_t87 + 0x10), 0xffffffff, _t45, _t86);
				_t88 = MultiByteToWideChar(0xfde9, 0,  *(_t87 + 0x14), 0xffffffff, 0, 0);
				_t48 = GlobalAlloc(0x40, _t88 + _t88);
				_t89 = _v8;
				_v12 = _t48;
				MultiByteToWideChar(0xfde9, 0,  *(_t89 + 0x14), 0xffffffff, _t48, _t88);
				_t90 = MultiByteToWideChar(0xfde9, 0,  *(_t89 + 0x18), 0xffffffff, 0, 0);
				_t51 = GlobalAlloc(0x40, _t90 + _t90);
				_v16 = _t51;
				MultiByteToWideChar(0xfde9, 0,  *(_v8 + 0x18), 0xffffffff, _t51, _t90);
				_t83 = _a4;
				_t91 = MultiByteToWideChar(0xfde9, 0, _t83, 0xffffffff, 0, 0);
				_t56 = GlobalAlloc(0x40, _t91 + _t91);
				_a4 = _t56;
				MultiByteToWideChar(0xfde9, 0, _t83, 0xffffffff, _t56, _t91);
				_t84 = _a8;
				_t93 = MultiByteToWideChar(0xfde9, 0, _t84, 0xffffffff, 0, 0);
				_t73 = GlobalAlloc(0x40, _t93 + _t93);
				MultiByteToWideChar(0xfde9, 0, _t84, 0xffffffff, _t73, _t93);
				_v64 = 0;
				_t63 =  &_v104;
				_v40 = 0;
				_t74 = _v20;
				_t85 = 0;
				asm("xorps xmm0, xmm0");
				_v104 = 0x44;
				asm("movlpd [ebp-0x54], xmm0");
				asm("movlpd [ebp-0x4c], xmm0");
				asm("movlpd [ebp-0x44], xmm0");
				asm("movlpd [ebp-0x34], xmm0");
				asm("movlpd [ebp-0x2c], xmm0");
				_v100 = 0;
				_v96 = 0;
				_v92 = 0;
				_v60 = 0;
				__imp__CreateProcessWithLogonW(_t74, _v12, _v16, 1, _a4, 0, 0, 0, _t73, _t63,  &_v36);
				if(_t63 == 0) {
					 *((intOrPtr*)(_v8 + 0x1c)) = GetLastError();
				} else {
					CloseHandle(_v36);
					CloseHandle(_v32);
					_t85 = 1;
				}
				GlobalFree(_t74);
				GlobalFree(_v12);
				GlobalFree(_v16);
				GlobalFree(_a4);
				return _t85;
			}

































                                                                                                                                  0x032b581a
                                                                                                                                  0x032b5824
                                                                                                                                  0x032b5833
                                                                                                                                  0x032b583b
                                                                                                                                  0x032b583e
                                                                                                                                  0x032b5844
                                                                                                                                  0x032b5851
                                                                                                                                  0x032b5865
                                                                                                                                  0x032b586d
                                                                                                                                  0x032b5870
                                                                                                                                  0x032b5876
                                                                                                                                  0x032b5883
                                                                                                                                  0x032b5897
                                                                                                                                  0x032b589f
                                                                                                                                  0x032b58a3
                                                                                                                                  0x032b58b5
                                                                                                                                  0x032b58b7
                                                                                                                                  0x032b58cf
                                                                                                                                  0x032b58d7
                                                                                                                                  0x032b58eb
                                                                                                                                  0x032b58ee
                                                                                                                                  0x032b58f0
                                                                                                                                  0x032b5903
                                                                                                                                  0x032b590e
                                                                                                                                  0x032b5920
                                                                                                                                  0x032b5925
                                                                                                                                  0x032b592d
                                                                                                                                  0x032b5930
                                                                                                                                  0x032b5939
                                                                                                                                  0x032b593c
                                                                                                                                  0x032b5944
                                                                                                                                  0x032b5947
                                                                                                                                  0x032b5953
                                                                                                                                  0x032b595b
                                                                                                                                  0x032b5961
                                                                                                                                  0x032b5966
                                                                                                                                  0x032b596b
                                                                                                                                  0x032b5970
                                                                                                                                  0x032b5977
                                                                                                                                  0x032b597e
                                                                                                                                  0x032b5985
                                                                                                                                  0x032b598c
                                                                                                                                  0x032b5994
                                                                                                                                  0x032b59b6
                                                                                                                                  0x032b5996
                                                                                                                                  0x032b599f
                                                                                                                                  0x032b59a4
                                                                                                                                  0x032b59a6
                                                                                                                                  0x032b59a6
                                                                                                                                  0x032b59c0
                                                                                                                                  0x032b59c5
                                                                                                                                  0x032b59ca
                                                                                                                                  0x032b59cf
                                                                                                                                  0x032b59d9

                                                                                                                                  APIs
                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B582B
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032B583B
                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B5851
                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B5863
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032B586D
                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B5883
                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B5895
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032B589F
                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B58B5
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032B58D7
                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B58EE
                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B5901
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032B590B
                                                                                                                                  • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000001,?,00000000,00000000,00000000,00000000,?,?), ref: 032B598C
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 032B599F
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B59A4
                                                                                                                                  • GetLastError.KERNEL32 ref: 032B59AD
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B59C0
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B59C5
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B59CA
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B59CF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$ByteCharMultiWide$Alloc$Free$CloseHandle$CreateErrorLastLogonProcessWith
                                                                                                                                  • String ID: D
                                                                                                                                  • API String ID: 2148581596-2746444292
                                                                                                                                  • Opcode ID: d9d890d6e05f0719cdb9f2af52800867a7c7ad5da732c803bc09e7f5272ae1e7
                                                                                                                                  • Instruction ID: b04b2cd76625f74493a9dc1014573b367d8b940443893a1072183d738edf6ee1
                                                                                                                                  • Opcode Fuzzy Hash: d9d890d6e05f0719cdb9f2af52800867a7c7ad5da732c803bc09e7f5272ae1e7
                                                                                                                                  • Instruction Fuzzy Hash: CB513371941328BAEB20AF95DC45FAA7BB9EF49720F204316F6147B1D0D6B06900DF65
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B9290 Relevance: 35.5, APIs: 16, Strings: 4, Instructions: 492memorystringCOMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 82%
                                                                                                                                  			E032B9290(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __fp0, long _a12, intOrPtr _a16, void* _a20) {
				signed int _v8;
				char _v264;
				char _v753;
				char _v776;
				int _v780;
				intOrPtr _v792;
				intOrPtr _v796;
				signed int _v800;
				int _v804;
				char _v812;
				int _v816;
				intOrPtr _v828;
				int _v832;
				intOrPtr _v836;
				int _v840;
				char _v848;
				intOrPtr _v988;
				signed int _v990;
				char _v992;
				char _v1514;
				signed int _v1516;
				signed short _v1518;
				signed short _v1520;
				intOrPtr _v1660;
				short _v1662;
				char _v1684;
				int _v1688;
				int _v1692;
				char _v1696;
				short _v2208;
				int _v2212;
				char _v2224;
				char _v2480;
				char _v2768;
				char _v3124;
				void* _v3144;
				signed int _v3156;
				char _v3792;
				int _v3796;
				int _v3800;
				void _v3804;
				void* _v3808;
				void* __ebp;
				signed int _t121;
				void* _t129;
				signed short _t142;
				void* _t149;
				void* _t160;
				void* _t168;
				void* _t173;
				void* _t192;
				void* _t199;
				intOrPtr _t200;
				intOrPtr _t208;
				intOrPtr _t256;
				int _t261;
				int _t266;
				void* _t268;
				void** _t271;
				signed short _t273;
				intOrPtr* _t276;
				intOrPtr* _t279;
				void* _t284;
				signed int _t297;
				void* _t298;
				void* _t299;
				void* _t300;
				void* _t301;
				void* _t305;
				void* _t306;
				void* _t309;
				void* _t310;
				void* _t311;
				long _t313;
				void* _t314;
				intOrPtr* _t315;
				signed int _t316;
				signed int _t317;
				void _t318;
				void _t319;
				void _t320;
				void _t321;
				signed int _t322;
				void* _t323;
				void* _t324;
				void* _t325;
				void* _t326;
				void* _t327;
				void* _t328;
				void* _t329;
				void* _t330;
				void* _t332;
				void* _t345;

				_t345 = __fp0;
				_t302 = __edi;
				_t121 =  *0x32ed474; // 0x444d31ba
				_v8 = _t121 ^ _t322;
				_t313 = _a12;
				_t268 = __ecx;
				 *0x32effcc = _a20;
				 *0x32effd0 = _a16;
				 *0x32effc8 = _t313;
				E032BEF40(__edi,  &_v776, 0, 0x200);
				E032BEF40(_t302,  &_v264, 0, 0x100);
				_t324 = _t323 + 0x18;
				_t129 = GlobalAlloc(0x40, _t313);
				_t271 =  *0x32effcc;
				_t314 = _t129;
				_t296 = lstrcpyA;
				_v3800 = 0;
				if(_t271 != 0) {
					_t311 =  *_t271;
					if(_t311 != 0) {
						lstrcpyA(_t314, _t311 + 4);
						 *( *0x32effcc) =  *_t311;
						GlobalFree(_t311);
						_t266 = E032AD1A0(_t314);
						_t271 =  *0x32effcc;
						_t324 = _t324 + 4;
						_t296 = lstrcpyA;
						_v3800 = _t266;
					}
				}
				_v3796 = 0;
				if(_t271 != 0) {
					_t310 =  *_t271;
					if(_t310 != 0) {
						 *_t296(_t314, _t310 + 4);
						 *( *0x32effcc) =  *_t310;
						GlobalFree(_t310);
						_t261 = E032AD1A0(_t314);
						_t271 =  *0x32effcc;
						_t324 = _t324 + 4;
						_v3796 = _t261;
					}
				}
				_t303 = 0;
				_v3804 = 0;
				if(_t271 != 0) {
					_t309 =  *_t271;
					if(_t309 == 0) {
						_t303 = 0;
					} else {
						_t14 = _t309 + 4; // 0x4
						lstrcpyA(_t314, _t14);
						 *( *0x32effcc) =  *_t309;
						GlobalFree(_t309);
						_t256 = E032AD1A0(_t314);
						_t303 = _t256;
						_t324 = _t324 + 4;
						_v3804 = _t256;
					}
				}
				GlobalFree(_t314);
				if(L032B9110(_t268) != 0) {
					E032BEF40(_t303,  &_v1684, 0, 0xa4);
					E032BEF40(_t303,  &_v1514, 0, 0x20a);
					asm("xorps xmm0, xmm0");
					_v1692 = _v3800;
					_v1688 = _v3796;
					_v1696 = 0x100;
					asm("movups [ebp-0x5ec], xmm0");
					E032AC990(_t268, _t296, _t303, _t314, _t303,  &_v3808,  &_v3800,  &_v3796, 0, 0);
					_t142 = _v3796;
					_t325 = _t324 + 0x30;
					_t273 = _v3800;
					_t297 = _v3808;
					_t315 =  *((intOrPtr*)(_t268 + 0xc));
					_v1520 = _t142;
					_v1518 = _t273;
					_v1516 = _t297;
					if(_t315 != 0) {
						 *_t315(0x82,  &_v1520);
						_t297 = _v1516;
						_t325 = _t325 + 8;
						_t273 = _v1518;
						_t142 = _v1520;
					}
					asm("xorps xmm0, xmm0");
					asm("movlpd [ebp-0x328], xmm0");
					_v792 = (_t142 & 0x0000ffff) - 0x76c;
					_v804 = 0;
					_v796 = (_t273 & 0x0000ffff) - 1;
					_v800 = _t297 & 0x0000ffff;
					asm("movlpd [ebp-0x310], xmm0");
					_v780 = 0;
					_t149 = E032C1F12( &_v812);
					_v840 = 0;
					asm("xorps xmm0, xmm0");
					_v816 = 0;
					asm("movlpd [ebp-0x34c], xmm0");
					_t316 = _t297;
					asm("movlpd [ebp-0x334], xmm0");
					_v828 = 0x74;
					_v832 = 0;
					_v836 = 1;
					E032C6468(_t273, _t149, _t316, E032C1F12( &_v848), _t297);
					st0 = _t345;
					_t305 =  *((intOrPtr*)( *((intOrPtr*)(_t268 + 0x10))))(2,  &_v1696);
					_t326 = _t325 + 0x20;
					if(_t305 != 0) {
						L18:
						E032BEF40(_t305,  &_v992, 0, 0x90);
						_t160 =  *((intOrPtr*)( *((intOrPtr*)(_t268 + 0x18))))(_t305, 1,  &_v992, 0x90);
						_t327 = _t326 + 0x1c;
						if(_t160 != 0) {
							E032B8F20(_t273,  &_v264, "%d-%u", _v990 & 0x0000ffff);
							E032BEF40(_t305,  &_v2768, 0, 0x220);
							_t168 =  *((intOrPtr*)( *((intOrPtr*)(_t268 + 0x18))))(_t305, 0x37,  &_v2768, 0x220, _v988);
							_t328 = _t327 + 0x2c;
							if(_t168 != 0) {
								_t279 =  &_v2480;
								_t297 = _t279 + 1;
								do {
									_t208 =  *_t279;
									_t279 = _t279 + 1;
								} while (_t208 != 0);
								_t280 = _t279 != _t297;
								if(_t279 != _t297) {
									_push( &_v2480);
									_push(_v988);
									E032B8F20(_t280,  &_v264, "%d-%u (%s)", _v990 & 0x0000ffff);
									_t328 = _t328 + 0x14;
								}
							}
							_t317 = _t316 | 0xffffffff;
							_v3796 = _t317;
							E032BEF40(_t305,  &_v3792, 0, 0x400);
							_t173 =  *((intOrPtr*)( *((intOrPtr*)(_t268 + 0x18))))(_t305, 0x33,  &_v3792, 0x400);
							_t329 = _t328 + 0x1c;
							if(_t173 != 0) {
								if((_v3156 & 0x00010000) == 0) {
									_t317 =  !=  ? _v3804 : _t317;
								} else {
									E032B9000(_t268, _t297, _t305, _t317, _t345,  &_v3124,  &_v3796);
									_t317 = _v3796;
								}
							}
							 *((intOrPtr*)( *((intOrPtr*)(_t268 + 0x14))))(_t305);
							asm("xorps xmm0, xmm0");
							_v1662 = _v990;
							_v1660 = _v988;
							_v1696 = 0x10100;
							asm("movups [ebp-0x5ec], xmm0");
							_v1688 = 0x3e8;
							_t306 =  *((intOrPtr*)( *((intOrPtr*)(_t268 + 0x10))))(2,  &_v1696);
							_t330 = _t329 + 0xc;
							if(_t306 != 0) {
								E032BEF40(_t306,  &_v2224, 0, 0x210);
								_t192 =  *((intOrPtr*)( *((intOrPtr*)(_t268 + 0x18))))(_t306, 0x41,  &_v2224, 0x210);
								_t332 = _t330 + 0x1c;
								if(_t192 != 0 && _v2224 == 0x400) {
									WideCharToMultiByte(0, 0,  &_v2208, _v2212,  &_v776, 0x200, 0, 0);
									_t199 = E032BF1D0( &_v776, "iba License Identifier ");
									_t276 =  &_v776;
									_t332 = _t332 + 8;
									if(_t199 == _t276) {
										_t298 = _t276 + 1;
										do {
											_t200 =  *_t276;
											_t276 = _t276 + 1;
										} while (_t200 != 0);
										E032BFB60( &_v776,  &_v753, _t276 - _t298 - 0x16);
										_t332 = _t332 + 0xc;
									}
								}
								 *((intOrPtr*)( *((intOrPtr*)(_t268 + 0x14))))(_t306);
								_t330 = _t332 + 4;
							}
							E032B99A0( &_v264);
							E032B99A0( &_v776);
							E032B9950(_t317);
							_push(1);
							goto L38;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t268 + 0x14))))(_t305);
							E032B99A0( &_v264);
							E032B99A0( &_v776);
							E032B9950(0xfffffffd);
							E032B9950(0);
							return E032BD98D(_v8 ^ _t322);
						}
					} else {
						asm("xorps xmm0, xmm0");
						asm("movups [ebp-0x5ec], xmm0");
						_t305 =  *((intOrPtr*)( *((intOrPtr*)(_t268 + 0x10))))(2,  &_v1696);
						_t326 = _t326 + 8;
						if(_t305 != 0) {
							goto L18;
						} else {
							E032B99A0( &_v264);
							E032B99A0( &_v776);
							E032B9950(0xfffffffd);
							_push(_t305);
							L38:
							E032B9950();
							goto L39;
						}
					}
				} else {
					if( *0x32effcc == 0) {
						L39:
						return E032BD98D(_v8 ^ _t322);
					} else {
						_t318 = GlobalAlloc(0x40,  *0x32effc8 + 8);
						_t17 = _t318 + 4; // 0x4
						lstrcpynA(_t17,  &_v264,  *0x32effc8);
						_t284 =  *0x32effcc;
						 *_t318 =  *_t284;
						 *_t284 = _t318;
						_t319 = GlobalAlloc(0x40,  *0x32effc8 + 8);
						_t19 = _t319 + 4; // 0x4
						lstrcpynA(_t19,  &_v776,  *0x32effc8);
						_t299 =  *0x32effcc;
						 *_t319 =  *_t299;
						 *_t299 = _t319;
						_t320 = GlobalAlloc(0x40,  *0x32effc8 + 8);
						_t20 = _t320 + 4; // 0x4
						wsprintfA(_t20, 0x32dc480, 0xfffffffd);
						_t300 =  *0x32effcc;
						 *_t320 =  *_t300;
						 *_t300 = _t320;
						_t321 = GlobalAlloc(0x40,  *0x32effc8 + 8);
						_t21 = _t321 + 4; // 0x4
						wsprintfA(_t21, 0x32dc480, 0);
						_t301 =  *0x32effcc;
						 *_t321 =  *_t301;
						 *_t301 = _t321;
						return E032BD98D(_v8 ^ _t322);
					}
				}
			}
































































































                                                                                                                                  0x032b9290
                                                                                                                                  0x032b9290
                                                                                                                                  0x032b9299
                                                                                                                                  0x032b92a0
                                                                                                                                  0x032b92a8
                                                                                                                                  0x032b92ab
                                                                                                                                  0x032b92ae
                                                                                                                                  0x032b92bb
                                                                                                                                  0x032b92c9
                                                                                                                                  0x032b92cf
                                                                                                                                  0x032b92e2
                                                                                                                                  0x032b92e7
                                                                                                                                  0x032b92ed
                                                                                                                                  0x032b92f3
                                                                                                                                  0x032b92f9
                                                                                                                                  0x032b92fb
                                                                                                                                  0x032b9301
                                                                                                                                  0x032b930d
                                                                                                                                  0x032b930f
                                                                                                                                  0x032b9313
                                                                                                                                  0x032b931a
                                                                                                                                  0x032b9324
                                                                                                                                  0x032b9326
                                                                                                                                  0x032b932d
                                                                                                                                  0x032b9332
                                                                                                                                  0x032b9338
                                                                                                                                  0x032b933b
                                                                                                                                  0x032b9341
                                                                                                                                  0x032b9341
                                                                                                                                  0x032b9313
                                                                                                                                  0x032b9347
                                                                                                                                  0x032b9353
                                                                                                                                  0x032b9355
                                                                                                                                  0x032b9359
                                                                                                                                  0x032b9360
                                                                                                                                  0x032b936a
                                                                                                                                  0x032b936c
                                                                                                                                  0x032b9373
                                                                                                                                  0x032b9378
                                                                                                                                  0x032b937e
                                                                                                                                  0x032b9381
                                                                                                                                  0x032b9381
                                                                                                                                  0x032b9359
                                                                                                                                  0x032b9387
                                                                                                                                  0x032b9389
                                                                                                                                  0x032b9391
                                                                                                                                  0x032b9393
                                                                                                                                  0x032b9397
                                                                                                                                  0x032b93c7
                                                                                                                                  0x032b9399
                                                                                                                                  0x032b9399
                                                                                                                                  0x032b939e
                                                                                                                                  0x032b93ac
                                                                                                                                  0x032b93ae
                                                                                                                                  0x032b93b5
                                                                                                                                  0x032b93ba
                                                                                                                                  0x032b93bc
                                                                                                                                  0x032b93bf
                                                                                                                                  0x032b93bf
                                                                                                                                  0x032b9397
                                                                                                                                  0x032b93ca
                                                                                                                                  0x032b93d9
                                                                                                                                  0x032b94d1
                                                                                                                                  0x032b94e4
                                                                                                                                  0x032b94ef
                                                                                                                                  0x032b94f2
                                                                                                                                  0x032b9500
                                                                                                                                  0x032b9515
                                                                                                                                  0x032b9528
                                                                                                                                  0x032b952f
                                                                                                                                  0x032b9534
                                                                                                                                  0x032b953b
                                                                                                                                  0x032b953e
                                                                                                                                  0x032b9545
                                                                                                                                  0x032b954c
                                                                                                                                  0x032b954f
                                                                                                                                  0x032b9556
                                                                                                                                  0x032b955d
                                                                                                                                  0x032b9566
                                                                                                                                  0x032b9574
                                                                                                                                  0x032b9576
                                                                                                                                  0x032b957d
                                                                                                                                  0x032b9580
                                                                                                                                  0x032b9587
                                                                                                                                  0x032b9587
                                                                                                                                  0x032b9591
                                                                                                                                  0x032b9599
                                                                                                                                  0x032b95a1
                                                                                                                                  0x032b95ab
                                                                                                                                  0x032b95b5
                                                                                                                                  0x032b95be
                                                                                                                                  0x032b95cb
                                                                                                                                  0x032b95d3
                                                                                                                                  0x032b95dd
                                                                                                                                  0x032b95e4
                                                                                                                                  0x032b95ee
                                                                                                                                  0x032b95f1
                                                                                                                                  0x032b9601
                                                                                                                                  0x032b960a
                                                                                                                                  0x032b960c
                                                                                                                                  0x032b9614
                                                                                                                                  0x032b961e
                                                                                                                                  0x032b9628
                                                                                                                                  0x032b963b
                                                                                                                                  0x032b9646
                                                                                                                                  0x032b9650
                                                                                                                                  0x032b9652
                                                                                                                                  0x032b9657
                                                                                                                                  0x032b969f
                                                                                                                                  0x032b96ad
                                                                                                                                  0x032b96c4
                                                                                                                                  0x032b96c6
                                                                                                                                  0x032b96cb
                                                                                                                                  0x032b9729
                                                                                                                                  0x032b973c
                                                                                                                                  0x032b9753
                                                                                                                                  0x032b9755
                                                                                                                                  0x032b975a
                                                                                                                                  0x032b975c
                                                                                                                                  0x032b9762
                                                                                                                                  0x032b9765
                                                                                                                                  0x032b9765
                                                                                                                                  0x032b9767
                                                                                                                                  0x032b9768
                                                                                                                                  0x032b976c
                                                                                                                                  0x032b976e
                                                                                                                                  0x032b9776
                                                                                                                                  0x032b9777
                                                                                                                                  0x032b9791
                                                                                                                                  0x032b9796
                                                                                                                                  0x032b9796
                                                                                                                                  0x032b976e
                                                                                                                                  0x032b97a4
                                                                                                                                  0x032b97aa
                                                                                                                                  0x032b97b0
                                                                                                                                  0x032b97c7
                                                                                                                                  0x032b97c9
                                                                                                                                  0x032b97ce
                                                                                                                                  0x032b97da
                                                                                                                                  0x032b9800
                                                                                                                                  0x032b97dc
                                                                                                                                  0x032b97ec
                                                                                                                                  0x032b97f1
                                                                                                                                  0x032b97f1
                                                                                                                                  0x032b97da
                                                                                                                                  0x032b980b
                                                                                                                                  0x032b9814
                                                                                                                                  0x032b9817
                                                                                                                                  0x032b9824
                                                                                                                                  0x032b9836
                                                                                                                                  0x032b9840
                                                                                                                                  0x032b9847
                                                                                                                                  0x032b9853
                                                                                                                                  0x032b9855
                                                                                                                                  0x032b985a
                                                                                                                                  0x032b986e
                                                                                                                                  0x032b9885
                                                                                                                                  0x032b9887
                                                                                                                                  0x032b988c
                                                                                                                                  0x032b98bf
                                                                                                                                  0x032b98d1
                                                                                                                                  0x032b98d6
                                                                                                                                  0x032b98dc
                                                                                                                                  0x032b98e1
                                                                                                                                  0x032b98e3
                                                                                                                                  0x032b98e6
                                                                                                                                  0x032b98e6
                                                                                                                                  0x032b98e8
                                                                                                                                  0x032b98e9
                                                                                                                                  0x032b9901
                                                                                                                                  0x032b9906
                                                                                                                                  0x032b9906
                                                                                                                                  0x032b98e1
                                                                                                                                  0x032b990d
                                                                                                                                  0x032b990f
                                                                                                                                  0x032b990f
                                                                                                                                  0x032b9919
                                                                                                                                  0x032b9925
                                                                                                                                  0x032b992b
                                                                                                                                  0x032b9930
                                                                                                                                  0x00000000
                                                                                                                                  0x032b96cd
                                                                                                                                  0x032b96d1
                                                                                                                                  0x032b96da
                                                                                                                                  0x032b96e6
                                                                                                                                  0x032b96ed
                                                                                                                                  0x032b96f4
                                                                                                                                  0x032b970c
                                                                                                                                  0x032b970c
                                                                                                                                  0x032b9659
                                                                                                                                  0x032b965f
                                                                                                                                  0x032b9668
                                                                                                                                  0x032b9671
                                                                                                                                  0x032b9673
                                                                                                                                  0x032b9678
                                                                                                                                  0x00000000
                                                                                                                                  0x032b967a
                                                                                                                                  0x032b9681
                                                                                                                                  0x032b968d
                                                                                                                                  0x032b9694
                                                                                                                                  0x032b9699
                                                                                                                                  0x032b9932
                                                                                                                                  0x032b9932
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9937
                                                                                                                                  0x032b9678
                                                                                                                                  0x032b93df
                                                                                                                                  0x032b93e6
                                                                                                                                  0x032b993a
                                                                                                                                  0x032b994a
                                                                                                                                  0x032b93ec
                                                                                                                                  0x032b940b
                                                                                                                                  0x032b9414
                                                                                                                                  0x032b9418
                                                                                                                                  0x032b941a
                                                                                                                                  0x032b9422
                                                                                                                                  0x032b942c
                                                                                                                                  0x032b9439
                                                                                                                                  0x032b9442
                                                                                                                                  0x032b9446
                                                                                                                                  0x032b9448
                                                                                                                                  0x032b9459
                                                                                                                                  0x032b945d
                                                                                                                                  0x032b9467
                                                                                                                                  0x032b9470
                                                                                                                                  0x032b9474
                                                                                                                                  0x032b9476
                                                                                                                                  0x032b948a
                                                                                                                                  0x032b948e
                                                                                                                                  0x032b9492
                                                                                                                                  0x032b949b
                                                                                                                                  0x032b949f
                                                                                                                                  0x032b94a1
                                                                                                                                  0x032b94ac
                                                                                                                                  0x032b94af
                                                                                                                                  0x032b94c0
                                                                                                                                  0x032b94c0
                                                                                                                                  0x032b93e6

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B92ED
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B9326
                                                                                                                                    • Part of subcall function 032B99A0: GlobalAlloc.KERNEL32(00000040,?,?,?,032B991E,?), ref: 032B99B8
                                                                                                                                    • Part of subcall function 032B99A0: lstrcpynA.KERNEL32(00000004,032B991E,?,?,032B991E,?), ref: 032B99CD
                                                                                                                                    • Part of subcall function 032B9950: GlobalAlloc.KERNEL32(00000040,?,?,?,032B9930,?,?,?), ref: 032B9968
                                                                                                                                    • Part of subcall function 032B9950: wsprintfA.USER32 ref: 032B997C
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B936C
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,00000004), ref: 032B939E
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B93AE
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B93CA
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B93FD
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,?), ref: 032B9418
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B9431
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,?), ref: 032B9446
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B945F
                                                                                                                                  • wsprintfA.USER32 ref: 032B9474
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B9490
                                                                                                                                  • wsprintfA.USER32 ref: 032B949F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloc$Free$lstrcpynwsprintf$lstrcpy
                                                                                                                                  • String ID: %d-%u$%d-%u (%s)$iba License Identifier $t
                                                                                                                                  • API String ID: 410540248-433711832
                                                                                                                                  • Opcode ID: 27f2f9a8294e5b5274b7a3927987633b7b0bf615591760c39d6836b119c98525
                                                                                                                                  • Instruction ID: df90f12ab4743ec7e86e2b6596c19b46c00b46c770787b6afc565f8c60dcb49e
                                                                                                                                  • Opcode Fuzzy Hash: 27f2f9a8294e5b5274b7a3927987633b7b0bf615591760c39d6836b119c98525
                                                                                                                                  • Instruction Fuzzy Hash: BE129175910229AFDB21EF64DC85BDAB3BCAF49740F044196E608EB281D7B1ABC4CF51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B4D00 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 121memoryservicestringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032B4D00(long _a8, intOrPtr _a12, void* _a16) {
				void* _t15;
				void* _t17;
				void* _t18;
				void** _t42;
				void* _t44;
				void* _t45;
				void* _t52;
				void* _t53;
				int _t54;
				void _t55;
				void* _t56;
				void* _t57;

				 *0x32efef4 = _a8;
				 *0x32efef8 = _a16;
				 *0x32efefc = _a12;
				_t56 = OpenSCManagerA(0, 0, 0xf003f);
				if(_t56 != 0) {
					_t15 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t42 =  *0x32efef8;
					_t53 = _t15;
					if(_t42 == 0) {
						L12:
						if(_t53 != 0) {
							GlobalFree(_t53);
						}
						E032B1F00();
						L15:
						L16:
						_t17 = 0x32dc484;
						L17:
						_t18 = E032B1FC0(_t17);
						if(_t56 == 0) {
							return _t18;
						}
						return CloseServiceHandle(_t56);
					}
					_t44 =  *_t42;
					if(_t44 == 0) {
						goto L12;
					}
					lstrcpyA(_t53, _t44 + 4);
					 *( *0x32efef8) =  *_t44;
					GlobalFree(_t44);
					_t45 = OpenServiceA(_t56, _t53, 0xf01ff);
					if(_t53 != 0) {
						GlobalFree(_t53);
					}
					if(_t45 != 0) {
						_a8 = 0;
						_t54 = StartServiceA(_t45, 0, 0);
						if(_t54 == 0) {
							_a8 = GetLastError();
							_t54 =  ==  ? 0 : _t54;
						}
						CloseServiceHandle(_t45);
						E032B1F00();
						E032B1F70(_a8);
						_t57 = _t57 + 4;
						_t17 =  !=  ? "success" : 0x32dc484;
						goto L17;
					} else {
						E032B1F00();
						E032B1F70(GetLastError());
						_t57 = _t57 + 4;
						goto L15;
					}
				}
				E032B1F00();
				if( *0x32efef8 != 0) {
					_t55 = GlobalAlloc(0x40,  *0x32efef4 + 8);
					_t4 = _t55 + 4; // 0x4
					wsprintfA(_t4, 0x32dc480, 0x64);
					_t52 =  *0x32efef8;
					_t57 = _t57 + 0xc;
					 *_t55 =  *_t52;
					 *_t52 = _t55;
				}
				goto L16;
			}















                                                                                                                                  0x032b4d0e
                                                                                                                                  0x032b4d18
                                                                                                                                  0x032b4d22
                                                                                                                                  0x032b4d33
                                                                                                                                  0x032b4d37
                                                                                                                                  0x032b4d8c
                                                                                                                                  0x032b4d92
                                                                                                                                  0x032b4d98
                                                                                                                                  0x032b4d9c
                                                                                                                                  0x032b4e50
                                                                                                                                  0x032b4e52
                                                                                                                                  0x032b4e55
                                                                                                                                  0x032b4e55
                                                                                                                                  0x032b4e5b
                                                                                                                                  0x032b4e60
                                                                                                                                  0x032b4e66
                                                                                                                                  0x032b4e66
                                                                                                                                  0x032b4e6b
                                                                                                                                  0x032b4e6c
                                                                                                                                  0x032b4e76
                                                                                                                                  0x032b4e7f
                                                                                                                                  0x032b4e7f
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4e79
                                                                                                                                  0x032b4da2
                                                                                                                                  0x032b4da6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4db1
                                                                                                                                  0x032b4dbf
                                                                                                                                  0x032b4dc1
                                                                                                                                  0x032b4dd4
                                                                                                                                  0x032b4dd8
                                                                                                                                  0x032b4ddb
                                                                                                                                  0x032b4ddb
                                                                                                                                  0x032b4de3
                                                                                                                                  0x032b4e00
                                                                                                                                  0x032b4e0d
                                                                                                                                  0x032b4e11
                                                                                                                                  0x032b4e1b
                                                                                                                                  0x032b4e23
                                                                                                                                  0x032b4e23
                                                                                                                                  0x032b4e2d
                                                                                                                                  0x032b4e2f
                                                                                                                                  0x032b4e37
                                                                                                                                  0x032b4e3c
                                                                                                                                  0x032b4e4b
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4de5
                                                                                                                                  0x032b4de5
                                                                                                                                  0x032b4df1
                                                                                                                                  0x032b4df6
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4df6
                                                                                                                                  0x032b4de3
                                                                                                                                  0x032b4d39
                                                                                                                                  0x032b4d45
                                                                                                                                  0x032b4d5c
                                                                                                                                  0x032b4d65
                                                                                                                                  0x032b4d69
                                                                                                                                  0x032b4d6f
                                                                                                                                  0x032b4d75
                                                                                                                                  0x032b4d7a
                                                                                                                                  0x032b4d7c
                                                                                                                                  0x032b4d7c
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 032B4D27
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B4D56
                                                                                                                                  • wsprintfA.USER32 ref: 032B4D69
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B4D8C
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B4DB1
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4DC1
                                                                                                                                  • OpenServiceA.ADVAPI32(00000000,00000000,000F01FF), ref: 032B4DCE
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4DDB
                                                                                                                                  • GetLastError.KERNEL32 ref: 032B4DEA
                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 032B4E79
                                                                                                                                    • Part of subcall function 032B1F00: GlobalFree.KERNEL32 ref: 032B1F1B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$AllocOpenService$CloseErrorHandleLastManagerlstrcpywsprintf
                                                                                                                                  • String ID: error$success
                                                                                                                                  • API String ID: 2756925818-58590040
                                                                                                                                  • Opcode ID: 10f4db0aef772d96d4fc0df2e2e7f58741012be13d118435b300d94e222f1607
                                                                                                                                  • Instruction ID: a26f6cc85ad80a396f42579549f30fb1bb20fc8086f40ea61fd4afc33eff3d6a
                                                                                                                                  • Opcode Fuzzy Hash: 10f4db0aef772d96d4fc0df2e2e7f58741012be13d118435b300d94e222f1607
                                                                                                                                  • Instruction Fuzzy Hash: EB41B276611312AFD710FF65F8CDB6673B8EF44781F1A8124FA158B24ADBB0A950CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A77C0 Relevance: 25.7, APIs: 17, Instructions: 181networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 35%
                                                                                                                                  			E032A77C0(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8) {
				signed int _v4;
				signed int _v16;
				short _v28;
				short _v30;
				char _v32;
				char _v44;
				signed int _v48;
				intOrPtr _v54;
				intOrPtr _v284;
				short _v288;
				short _v292;
				intOrPtr _v300;
				intOrPtr _v304;
				void* _v312;
				signed int _v320;
				char _v332;
				signed int _v336;
				char _v340;
				signed int _v348;
				char _v352;
				void* _v356;
				char _v360;
				signed int _v364;
				intOrPtr _v384;
				signed int _v392;
				intOrPtr _v400;
				void* __ebp;
				signed int _t53;
				signed int _t56;
				signed int _t57;
				signed short _t58;
				signed int _t64;
				long _t66;
				long _t68;
				void* _t74;
				intOrPtr* _t76;
				signed int _t102;
				signed int _t106;
				signed int _t109;

				_t109 =  &_v312;
				_t53 =  *0x32ed474; // 0x444d31ba
				_v4 = _t53 ^ _t109;
				_push(6);
				_v284 = _a4;
				_t56 = _a8;
				_push(1);
				_push(2);
				_v300 = __ecx;
				_v304 = __edx;
				_v312 = _t56;
				_v292 = 0;
				_v288 = 0;
				_t74 = 0;
				L032BD95D();
				_t102 = _t56;
				if(_t102 != 0xffffffff) {
					_v32 = 2;
					_v30 = 0;
					_v28 = 0;
					while(1) {
						_push(0x10);
						_push( &_v32);
						_push(_t102);
						L032BD957();
						asm("sbb esi, esi");
						_t106 =  ~( ~_t56);
						if(__eflags == 0) {
							break;
						}
						_t74 = _t74 + 1;
						L032BD915();
						_push(_t56);
						_push(_t74);
						_t56 = E032A3960(_t56);
						_t109 = _t109 + 8;
						__eflags = _t74 - 5;
						if(__eflags < 0) {
							continue;
						}
						break;
					}
					_t57 = GetTickCount();
					__eflags = _t106;
					_v320 = _t57;
					if(_t106 != 0) {
						L21:
						L032BD915();
						_push( &_v336);
						_t58 =  &_v44;
						_push(_t58);
						_push(_t102);
						_v336 = 0x10;
						L032BD93F();
						_push(_v54);
						L032BD939();
						_push(_t58 & 0x0000ffff);
						_push(_t57);
						_push(_t106);
						E032A3960(_t58);
						_t109 = _t109 + 0xc;
						_push(_t102);
						L032BD945();
					} else {
						while(1) {
							_push( &_v332);
							_push(0x8004667e);
							_push(_t102);
							_v332 = 1;
							L032BD951();
							_t106 = _t57;
							__eflags = _t106;
							if(_t106 != 0) {
								break;
							}
							_t57 = _v320;
							_push(0x10);
							_push(_t57);
							_push(_t102);
							L032BD94B();
							_push( &_v356);
							_push(0x8004667e);
							_push(_t102);
							_v356 = 0;
							L032BD951();
							_t106 = _t57;
							__eflags = _t106;
							if(_t106 != 0) {
								break;
							} else {
								__eflags = _v364;
								_t76 = _v360;
								if(_v364 == 0) {
									_t57 =  *(_t76 + 4);
									_v352 =  *_t76;
									_v348 = _t57;
								} else {
									_v348 = 0x30d40;
								}
								_push( &_v352);
								_push(0);
								_push( &_v340);
								_push(0);
								_push(0);
								_v336 = _t102;
								_v340 = 1;
								L032BD921();
								_t106 = _t57;
								_t64 =  &_v360;
								_push(_t64);
								_push(_t102);
								L032BD927();
								__eflags = _t64;
								if(_t64 != 0) {
								} else {
									_t66 = GetTickCount();
									_t57 = 0x10624dd3 *  *(_t76 + 4);
									__eflags = 0x10624dd3 *  *(_t76 + 4) >> 0x20 >> 6 - _t66 - _v384;
									if(0x10624dd3 *  *(_t76 + 4) >> 0x20 >> 6 <= _t66 - _v384) {
										L19:
										__eflags = _t106;
										if(_t106 != 0) {
											goto L21;
										} else {
											E032A3960(_t57);
											_push(_t102);
											L032BD945();
										}
									} else {
										_t57 = _v392;
										__eflags = _t57;
										if(_t57 == 0) {
											goto L19;
										} else {
											_t57 =  *_t57(_v400, 0);
											__eflags = _t57;
											if(_t57 == 0) {
												goto L19;
											} else {
												_t68 = GetTickCount();
												_t57 = 0x10624dd3 *  *(_t76 + 4);
												__eflags = 0x10624dd3 *  *(_t76 + 4) >> 0x20 >> 6 - _t68 - _v392;
												if(0x10624dd3 *  *(_t76 + 4) >> 0x20 >> 6 > _t68 - _v392) {
													continue;
												} else {
													goto L19;
												}
											}
										}
									}
								}
							}
							goto L23;
						}
						_push(_t106);
						_t57 = E032A3960(_t57);
						_t109 = _t109 + 4;
						goto L19;
					}
					L23:
					__eflags = _v48 ^ _t109;
					return E032BD98D(_v48 ^ _t109);
				} else {
					L032BD915();
					_push(_t56);
					E032A3960(_t56);
					return E032BD98D(_v16 ^ _t109 + 0x00000004);
				}
			}










































                                                                                                                                  0x032a77c0
                                                                                                                                  0x032a77c6
                                                                                                                                  0x032a77cd
                                                                                                                                  0x032a77de
                                                                                                                                  0x032a77e0
                                                                                                                                  0x032a77e4
                                                                                                                                  0x032a77eb
                                                                                                                                  0x032a77ef
                                                                                                                                  0x032a77f1
                                                                                                                                  0x032a77f5
                                                                                                                                  0x032a77f9
                                                                                                                                  0x032a77fd
                                                                                                                                  0x032a7801
                                                                                                                                  0x032a7805
                                                                                                                                  0x032a7807
                                                                                                                                  0x032a780c
                                                                                                                                  0x032a7811
                                                                                                                                  0x032a783b
                                                                                                                                  0x032a7845
                                                                                                                                  0x032a784d
                                                                                                                                  0x032a7855
                                                                                                                                  0x032a7855
                                                                                                                                  0x032a785e
                                                                                                                                  0x032a785f
                                                                                                                                  0x032a7860
                                                                                                                                  0x032a7869
                                                                                                                                  0x032a786b
                                                                                                                                  0x032a786d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032a786f
                                                                                                                                  0x032a7872
                                                                                                                                  0x032a7877
                                                                                                                                  0x032a7878
                                                                                                                                  0x032a7879
                                                                                                                                  0x032a787e
                                                                                                                                  0x032a7881
                                                                                                                                  0x032a7884
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7884
                                                                                                                                  0x032a7886
                                                                                                                                  0x032a788c
                                                                                                                                  0x032a788e
                                                                                                                                  0x032a7892
                                                                                                                                  0x032a79ae
                                                                                                                                  0x032a79ae
                                                                                                                                  0x032a79b9
                                                                                                                                  0x032a79ba
                                                                                                                                  0x032a79c1
                                                                                                                                  0x032a79c2
                                                                                                                                  0x032a79c3
                                                                                                                                  0x032a79cb
                                                                                                                                  0x032a79d7
                                                                                                                                  0x032a79d8
                                                                                                                                  0x032a79e0
                                                                                                                                  0x032a79e1
                                                                                                                                  0x032a79e2
                                                                                                                                  0x032a79e3
                                                                                                                                  0x032a79e8
                                                                                                                                  0x032a79eb
                                                                                                                                  0x032a79ec
                                                                                                                                  0x032a7898
                                                                                                                                  0x032a78a0
                                                                                                                                  0x032a78a4
                                                                                                                                  0x032a78a5
                                                                                                                                  0x032a78aa
                                                                                                                                  0x032a78ab
                                                                                                                                  0x032a78b3
                                                                                                                                  0x032a78b8
                                                                                                                                  0x032a78ba
                                                                                                                                  0x032a78bc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032a78c2
                                                                                                                                  0x032a78c6
                                                                                                                                  0x032a78c8
                                                                                                                                  0x032a78c9
                                                                                                                                  0x032a78ca
                                                                                                                                  0x032a78d3
                                                                                                                                  0x032a78d4
                                                                                                                                  0x032a78d9
                                                                                                                                  0x032a78da
                                                                                                                                  0x032a78de
                                                                                                                                  0x032a78e3
                                                                                                                                  0x032a78e5
                                                                                                                                  0x032a78e7
                                                                                                                                  0x00000000
                                                                                                                                  0x032a78ed
                                                                                                                                  0x032a78ed
                                                                                                                                  0x032a78f1
                                                                                                                                  0x032a78f5
                                                                                                                                  0x032a7903
                                                                                                                                  0x032a7906
                                                                                                                                  0x032a790a
                                                                                                                                  0x032a78f7
                                                                                                                                  0x032a78f7
                                                                                                                                  0x032a78f7
                                                                                                                                  0x032a7912
                                                                                                                                  0x032a7913
                                                                                                                                  0x032a7918
                                                                                                                                  0x032a7919
                                                                                                                                  0x032a791a
                                                                                                                                  0x032a791b
                                                                                                                                  0x032a791f
                                                                                                                                  0x032a7927
                                                                                                                                  0x032a792c
                                                                                                                                  0x032a792e
                                                                                                                                  0x032a7932
                                                                                                                                  0x032a7933
                                                                                                                                  0x032a7934
                                                                                                                                  0x032a7939
                                                                                                                                  0x032a793b
                                                                                                                                  0x032a7941
                                                                                                                                  0x032a7941
                                                                                                                                  0x032a7952
                                                                                                                                  0x032a7958
                                                                                                                                  0x032a795a
                                                                                                                                  0x032a799a
                                                                                                                                  0x032a799a
                                                                                                                                  0x032a799c
                                                                                                                                  0x00000000
                                                                                                                                  0x032a799e
                                                                                                                                  0x032a799e
                                                                                                                                  0x032a79a3
                                                                                                                                  0x032a79a4
                                                                                                                                  0x032a79a9
                                                                                                                                  0x032a795c
                                                                                                                                  0x032a795c
                                                                                                                                  0x032a7960
                                                                                                                                  0x032a7962
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7964
                                                                                                                                  0x032a796a
                                                                                                                                  0x032a796c
                                                                                                                                  0x032a796e
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7970
                                                                                                                                  0x032a7970
                                                                                                                                  0x032a7981
                                                                                                                                  0x032a7987
                                                                                                                                  0x032a7989
                                                                                                                                  0x00000000
                                                                                                                                  0x032a798f
                                                                                                                                  0x00000000
                                                                                                                                  0x032a798f
                                                                                                                                  0x032a7989
                                                                                                                                  0x032a796e
                                                                                                                                  0x032a7962
                                                                                                                                  0x032a795a
                                                                                                                                  0x032a793b
                                                                                                                                  0x00000000
                                                                                                                                  0x032a78e7
                                                                                                                                  0x032a7991
                                                                                                                                  0x032a7992
                                                                                                                                  0x032a7997
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7997
                                                                                                                                  0x032a79f8
                                                                                                                                  0x032a7a03
                                                                                                                                  0x032a7a10
                                                                                                                                  0x032a7813
                                                                                                                                  0x032a7813
                                                                                                                                  0x032a7818
                                                                                                                                  0x032a7819
                                                                                                                                  0x032a783a
                                                                                                                                  0x032a783a

                                                                                                                                  APIs
                                                                                                                                  • socket.WS2_32(00000002,00000001,00000006), ref: 032A7807
                                                                                                                                  • WSAGetLastError.WS2_32(?,?,?), ref: 032A7813
                                                                                                                                  • bind.WS2_32(00000000,?,00000010), ref: 032A7860
                                                                                                                                  • WSAGetLastError.WS2_32(?), ref: 032A7872
                                                                                                                                  • GetTickCount.KERNEL32 ref: 032A7886
                                                                                                                                  • ioctlsocket.WS2_32(00000000,8004667E,?), ref: 032A78B3
                                                                                                                                  • connect.WS2_32(00000000,?,00000010), ref: 032A78CA
                                                                                                                                  • ioctlsocket.WS2_32(00000000,8004667E,?), ref: 032A78DE
                                                                                                                                  • select.WS2_32(00000000,00000000,?,00000000,?), ref: 032A7927
                                                                                                                                  • __WSAFDIsSet.WS2_32(00000000,?), ref: 032A7934
                                                                                                                                  • GetTickCount.KERNEL32 ref: 032A7941
                                                                                                                                  • GetTickCount.KERNEL32 ref: 032A7970
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountTick$ErrorLastioctlsocket$bindconnectselectsocket
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 807788312-0
                                                                                                                                  • Opcode ID: cd3bb35c882f8617c2762d10d14d21f36468ffac89d2f182c64de6b7f5e2643b
                                                                                                                                  • Instruction ID: bb9dcbbcdaff93a8bd826463513a49e29bbb9933eb82d86da92982386f3d4bbb
                                                                                                                                  • Opcode Fuzzy Hash: cd3bb35c882f8617c2762d10d14d21f36468ffac89d2f182c64de6b7f5e2643b
                                                                                                                                  • Instruction Fuzzy Hash: 0851B2755287059BC320EF6C9880AEFB7F8EFC4744F044A1EF4999A240DBB19984CB66
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B45E0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 101servicememorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032B45E0(intOrPtr _a8, intOrPtr _a12, void* _a16) {
				void* _t12;
				char* _t14;
				void* _t15;
				int _t23;
				void** _t33;
				void* _t35;
				void* _t36;
				void* _t41;
				void* _t42;
				void _t44;
				void* _t45;
				void* _t46;

				 *0x32efef4 = _a8;
				 *0x32efef8 = _a16;
				 *0x32efefc = _a12;
				_t45 = OpenSCManagerA(0, 0, 0xf003f);
				if(_t45 != 0) {
					_t12 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t33 =  *0x32efef8;
					_t42 = _t12;
					if(_t33 == 0) {
						L10:
						if(_t42 != 0) {
							GlobalFree(_t42);
						}
						L12:
						E032B1F00();
						goto L13;
					}
					_t35 =  *_t33;
					if(_t35 == 0) {
						goto L10;
					}
					lstrcpyA(_t42, _t35 + 4);
					 *( *0x32efef8) =  *_t35;
					GlobalFree(_t35);
					_t36 = OpenServiceA(_t45, _t42, 0xf01ff);
					if(_t42 != 0) {
						GlobalFree(_t42);
					}
					if(_t36 == 0) {
						goto L12;
					} else {
						_t23 = DeleteService(_t36);
						CloseServiceHandle(_t36);
						E032B1F00();
						if(_t23 == 0) {
							goto L13;
						}
						_t14 = "success";
						goto L14;
					}
				} else {
					E032B1F00();
					if( *0x32efef8 != 0) {
						_t44 = GlobalAlloc(0x40,  *0x32efef4 + 8);
						_t4 = _t44 + 4; // 0x4
						wsprintfA(_t4, 0x32dc480, 0x64);
						_t41 =  *0x32efef8;
						_t46 = _t46 + 0xc;
						 *_t44 =  *_t41;
						 *_t41 = _t44;
					}
					L13:
					_t14 = 0x32dc484;
					L14:
					_t15 = E032B1FC0(_t14);
					if(_t45 == 0) {
						return _t15;
					}
					return CloseServiceHandle(_t45);
				}
			}















                                                                                                                                  0x032b45ee
                                                                                                                                  0x032b45f8
                                                                                                                                  0x032b4602
                                                                                                                                  0x032b4613
                                                                                                                                  0x032b4617
                                                                                                                                  0x032b466c
                                                                                                                                  0x032b4672
                                                                                                                                  0x032b4678
                                                                                                                                  0x032b467c
                                                                                                                                  0x032b46df
                                                                                                                                  0x032b46e1
                                                                                                                                  0x032b46e4
                                                                                                                                  0x032b46e4
                                                                                                                                  0x032b46ea
                                                                                                                                  0x032b46ea
                                                                                                                                  0x00000000
                                                                                                                                  0x032b46ef
                                                                                                                                  0x032b467e
                                                                                                                                  0x032b4682
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4689
                                                                                                                                  0x032b4697
                                                                                                                                  0x032b4699
                                                                                                                                  0x032b46ac
                                                                                                                                  0x032b46b0
                                                                                                                                  0x032b46b3
                                                                                                                                  0x032b46b3
                                                                                                                                  0x032b46bb
                                                                                                                                  0x00000000
                                                                                                                                  0x032b46bd
                                                                                                                                  0x032b46be
                                                                                                                                  0x032b46cd
                                                                                                                                  0x032b46cf
                                                                                                                                  0x032b46d6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b46d8
                                                                                                                                  0x00000000
                                                                                                                                  0x032b46d8
                                                                                                                                  0x032b4619
                                                                                                                                  0x032b4619
                                                                                                                                  0x032b4625
                                                                                                                                  0x032b463c
                                                                                                                                  0x032b4645
                                                                                                                                  0x032b4649
                                                                                                                                  0x032b464f
                                                                                                                                  0x032b4655
                                                                                                                                  0x032b465a
                                                                                                                                  0x032b465c
                                                                                                                                  0x032b465c
                                                                                                                                  0x032b46f5
                                                                                                                                  0x032b46f5
                                                                                                                                  0x032b46fa
                                                                                                                                  0x032b46fb
                                                                                                                                  0x032b4705
                                                                                                                                  0x032b470e
                                                                                                                                  0x032b470e
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4708

                                                                                                                                  APIs
                                                                                                                                  • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 032B4607
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B4636
                                                                                                                                  • wsprintfA.USER32 ref: 032B4649
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B466C
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B4689
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4699
                                                                                                                                  • OpenServiceA.ADVAPI32(00000000,00000000,000F01FF), ref: 032B46A6
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B46B3
                                                                                                                                  • DeleteService.ADVAPI32(00000000), ref: 032B46BE
                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 032B46CD
                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 032B4708
                                                                                                                                    • Part of subcall function 032B1F00: GlobalFree.KERNEL32 ref: 032B1F1B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Service$Free$AllocCloseHandleOpen$DeleteManagerlstrcpywsprintf
                                                                                                                                  • String ID: error$success
                                                                                                                                  • API String ID: 3035868994-58590040
                                                                                                                                  • Opcode ID: 96c8c0fc746d0aa49c6e011f948afdc85b570b5ea9699551b5b6f493b5362a0c
                                                                                                                                  • Instruction ID: fa879897f1ae2654372725a7b147e90dc702772229e3fcdecc9f4f06cce1003a
                                                                                                                                  • Opcode Fuzzy Hash: 96c8c0fc746d0aa49c6e011f948afdc85b570b5ea9699551b5b6f493b5362a0c
                                                                                                                                  • Instruction Fuzzy Hash: 66318236611312AFD710FF65F9CDE6677B8FB48791B1A8114EA058B34ACB70E890CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A7A20 Relevance: 16.6, APIs: 11, Instructions: 137networksleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 45%
                                                                                                                                  			E032A7A20(void* __ebx, void* __edi, void* __esi, void* __ebp, signed int _a4) {
				signed int _v4;
				intOrPtr _v12;
				signed int _v16;
				signed int _v28;
				short _v30;
				signed int _v32;
				void* _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v54;
				signed int _v56;
				intOrPtr _v60;
				void* _v64;
				signed int _v68;
				signed int _t28;
				signed int _t30;
				signed int _t35;
				intOrPtr _t37;
				signed short _t40;
				signed int _t44;
				void* _t49;
				intOrPtr _t50;
				signed int _t56;
				void* _t57;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				void* _t78;
				signed int _t82;
				signed int _t87;

				_t78 = __ebp;
				_t49 = __ebx;
				_t82 =  &_v44;
				_t28 =  *0x32ed474; // 0x444d31ba
				_v4 = _t28 ^ _t82;
				_t30 = _a4;
				_push(6);
				_push(1);
				_push(2);
				_v44 = _t30;
				L032BD95D();
				_t77 = _t30;
				if(_t77 == 0xffffffff) {
					L032BD915();
					_push(_t30);
					E032A3960(_t30);
					__eflags = _v16 ^ _t82 + 0x00000004;
					return E032BD98D(_v16 ^ _t82 + 0x00000004);
				} else {
					_t70 = 0;
					_t87 = 0;
					_v32 = 2;
					_v30 = 0;
					_v28 = 0;
					while(1) {
						_push(0x10);
						_push( &_v32);
						_push(_t77);
						L032BD957();
						asm("sbb eax, eax");
						_t35 =  ~( ~_t30);
						if(_t87 == 0) {
							break;
						}
						_t70 = _t70 + 1;
						L032BD915();
						_t87 = _t70 - 5;
						_push(_t35);
						if(_t87 >= 0) {
							E032A3960(_t35);
							_push(_t77);
							L032BD945();
							__eflags = _v32 ^ _t82 + 0x00000004;
							return E032BD98D(_v32 ^ _t82 + 0x00000004);
						} else {
							_push(_t70);
							_t30 = E032A3960(_t35);
							_t82 = _t82 + 8;
							continue;
						}
						goto L16;
					}
					_push(_t49);
					_t66 =  &_v64;
					_push(_t78);
					_t71 = _t70 | 0xffffffff;
					__eflags = _t71;
					E032C6AB3( &_v32,  &_v64,  &_v64);
					_t56 = _v64;
					_t37 = _v60;
					_t50 = _v12;
					_v56 = _t56;
					_v52 = _t37;
					while(1) {
						_t82 = _t82 + 4;
						_t57 = _t56 - _v64;
						asm("sbb eax, [esp+0x18]");
						__eflags = _t37 - _t50;
						if(__eflags > 0) {
							break;
						}
						if(__eflags < 0) {
							L9:
							_t44 = _v68;
							_push(0x10);
							_push(_t44);
							_push(_t77);
							L032BD94B();
							_t71 = _t44;
							__eflags = _t71;
							if(_t71 >= 0) {
								L15:
								__eflags = _v28 ^ _t82;
								return E032BD98D(_v28 ^ _t82);
							} else {
								Sleep(0x64);
								E032C6AB3( &_v68, _t66,  &_v68);
								_t37 = _v64;
								_t56 = _v68;
								continue;
							}
						} else {
							__eflags = _t57 - _v16;
							if(_t57 >= _v16) {
								break;
							} else {
								goto L9;
							}
						}
						goto L16;
					}
					__eflags = _t71;
					if(_t71 >= 0) {
						goto L15;
					} else {
						L032BD915();
						_push( &_v68);
						_t40 =  &_v44;
						_push(_t40);
						_push(_t77);
						_v68 = 0x10;
						L032BD93F();
						_push(_v54);
						L032BD939();
						_push(_t40 & 0x0000ffff);
						_push(_t37);
						E032A3960(_t40);
						_push(_t77);
						L032BD945();
						__eflags = _v48 ^ _t82 + 0x00000008;
						return E032BD98D(_v48 ^ _t82 + 0x00000008);
					}
				}
				L16:
			}

































                                                                                                                                  0x032a7a20
                                                                                                                                  0x032a7a20
                                                                                                                                  0x032a7a20
                                                                                                                                  0x032a7a23
                                                                                                                                  0x032a7a2a
                                                                                                                                  0x032a7a2e
                                                                                                                                  0x032a7a33
                                                                                                                                  0x032a7a35
                                                                                                                                  0x032a7a37
                                                                                                                                  0x032a7a39
                                                                                                                                  0x032a7a3d
                                                                                                                                  0x032a7a42
                                                                                                                                  0x032a7a47
                                                                                                                                  0x032a7b7d
                                                                                                                                  0x032a7b82
                                                                                                                                  0x032a7b83
                                                                                                                                  0x032a7b92
                                                                                                                                  0x032a7b9c
                                                                                                                                  0x032a7a4d
                                                                                                                                  0x032a7a4e
                                                                                                                                  0x032a7a4e
                                                                                                                                  0x032a7a50
                                                                                                                                  0x032a7a57
                                                                                                                                  0x032a7a5c
                                                                                                                                  0x032a7a60
                                                                                                                                  0x032a7a60
                                                                                                                                  0x032a7a66
                                                                                                                                  0x032a7a67
                                                                                                                                  0x032a7a68
                                                                                                                                  0x032a7a6f
                                                                                                                                  0x032a7a71
                                                                                                                                  0x032a7a73
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7a75
                                                                                                                                  0x032a7a78
                                                                                                                                  0x032a7a7d
                                                                                                                                  0x032a7a80
                                                                                                                                  0x032a7a81
                                                                                                                                  0x032a7b5b
                                                                                                                                  0x032a7b63
                                                                                                                                  0x032a7b64
                                                                                                                                  0x032a7b72
                                                                                                                                  0x032a7b7c
                                                                                                                                  0x032a7a87
                                                                                                                                  0x032a7a87
                                                                                                                                  0x032a7a88
                                                                                                                                  0x032a7a8d
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7a8d
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7a81
                                                                                                                                  0x032a7a92
                                                                                                                                  0x032a7a93
                                                                                                                                  0x032a7a97
                                                                                                                                  0x032a7a99
                                                                                                                                  0x032a7a99
                                                                                                                                  0x032a7a9c
                                                                                                                                  0x032a7aa1
                                                                                                                                  0x032a7aa5
                                                                                                                                  0x032a7aa9
                                                                                                                                  0x032a7ab3
                                                                                                                                  0x032a7ab7
                                                                                                                                  0x032a7abb
                                                                                                                                  0x032a7abb
                                                                                                                                  0x032a7abe
                                                                                                                                  0x032a7ac2
                                                                                                                                  0x032a7ac6
                                                                                                                                  0x032a7ac8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7aca
                                                                                                                                  0x032a7ad2
                                                                                                                                  0x032a7ad2
                                                                                                                                  0x032a7ad6
                                                                                                                                  0x032a7ad8
                                                                                                                                  0x032a7ad9
                                                                                                                                  0x032a7ada
                                                                                                                                  0x032a7adf
                                                                                                                                  0x032a7ae1
                                                                                                                                  0x032a7ae3
                                                                                                                                  0x032a7b9d
                                                                                                                                  0x032a7ba7
                                                                                                                                  0x032a7bb1
                                                                                                                                  0x032a7ae9
                                                                                                                                  0x032a7aeb
                                                                                                                                  0x032a7af2
                                                                                                                                  0x032a7af7
                                                                                                                                  0x032a7afb
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7afb
                                                                                                                                  0x032a7acc
                                                                                                                                  0x032a7acc
                                                                                                                                  0x032a7ad0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7ad0
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7aca
                                                                                                                                  0x032a7b01
                                                                                                                                  0x032a7b03
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7b09
                                                                                                                                  0x032a7b09
                                                                                                                                  0x032a7b14
                                                                                                                                  0x032a7b15
                                                                                                                                  0x032a7b19
                                                                                                                                  0x032a7b1a
                                                                                                                                  0x032a7b1b
                                                                                                                                  0x032a7b23
                                                                                                                                  0x032a7b2c
                                                                                                                                  0x032a7b2d
                                                                                                                                  0x032a7b35
                                                                                                                                  0x032a7b36
                                                                                                                                  0x032a7b37
                                                                                                                                  0x032a7b3f
                                                                                                                                  0x032a7b40
                                                                                                                                  0x032a7b50
                                                                                                                                  0x032a7b5a
                                                                                                                                  0x032a7b5a
                                                                                                                                  0x032a7b03
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • socket.WS2_32(00000002,00000001,00000006), ref: 032A7A3D
                                                                                                                                  • bind.WS2_32(00000000,?,00000010), ref: 032A7A68
                                                                                                                                  • WSAGetLastError.WS2_32(00000000,?,00000010,?,?,?,?,?,?,?,?,?,?,?,032A7C30,?), ref: 032A7A78
                                                                                                                                  • connect.WS2_32(00000000,?,00000010), ref: 032A7ADA
                                                                                                                                  • Sleep.KERNEL32(00000064,00000000,?,00000010,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 032A7AEB
                                                                                                                                  • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 032A7B09
                                                                                                                                  • getsockname.WS2_32 ref: 032A7B23
                                                                                                                                  • htons.WS2_32(?), ref: 032A7B2D
                                                                                                                                  • closesocket.WS2_32(00000000), ref: 032A7B40
                                                                                                                                  • closesocket.WS2_32(00000000), ref: 032A7B64
                                                                                                                                  • WSAGetLastError.WS2_32(00000002,00000001,00000006,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 032A7B7D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$closesocket$Sleepbindconnectgetsocknamehtonssocket
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3349612191-0
                                                                                                                                  • Opcode ID: 99a6aff221b819a75d70ee7468f3e6497d41239f5eb9c82d9995dd381bcff5c7
                                                                                                                                  • Instruction ID: 8866519b9450dc4d0d84bdefeb84fbc6bf828ff452dbebb2c72916d1ca9b6eef
                                                                                                                                  • Opcode Fuzzy Hash: 99a6aff221b819a75d70ee7468f3e6497d41239f5eb9c82d9995dd381bcff5c7
                                                                                                                                  • Instruction Fuzzy Hash: 754128BA528B015BC304EF6C98819EFB3F4AFC8764F040A1DF5995B281EBB1D6848757
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B52F0 Relevance: 15.1, APIs: 10, Instructions: 87memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                  			E032B52F0(CHAR* _a4, CHAR* _a8, void** _a12) {
				long _v8;
				signed int _v12;
				char _v20;
				long _v32;
				long _v36;
				long _v40;
				long _v44;
				union _SID_NAME_USE _v48;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t23;
				void* _t27;
				void* _t31;
				void* _t38;
				void** _t46;
				void* _t49;
				signed int _t51;

				_push(0xfffffffe);
				_push(0x32e8c80);
				_push(E032BFA00);
				_push( *[fs:0x0]);
				_t23 =  *0x32ed474; // 0x444d31ba
				_v12 = _v12 ^ _t23;
				_push(_t23 ^ _t51);
				 *[fs:0x0] =  &_v20;
				_t49 = 0;
				_v36 = 0;
				_v40 = 0x80;
				_v32 = 0x10;
				_v44 = 0;
				_v8 = 0;
				_t27 = HeapAlloc(GetProcessHeap(), 0, 0x80);
				_t46 = _a12;
				 *_t46 = _t27;
				if(_t27 != 0) {
					_t31 = HeapAlloc(GetProcessHeap(), 0, _v32);
					while(1) {
						_t49 = _t31;
						_v36 = _t49;
						if(_t49 == 0) {
							goto L8;
						}
						if(LookupAccountNameA(_a4, _a8,  *_t46,  &_v40, _t49,  &_v32,  &_v48) != 0) {
							_v44 = 1;
						} else {
							if(GetLastError() == 0x7a) {
								_t38 = HeapReAlloc(GetProcessHeap(), 0,  *_t46, _v40);
								 *_t46 = _t38;
								if(_t38 != 0) {
									_t31 = HeapReAlloc(GetProcessHeap(), 0, _t49, _v32);
									continue;
								}
							}
						}
						goto L8;
					}
				}
				L8:
				_v8 = 0xfffffffe;
				E032B53F1(_t46, _t49);
				 *[fs:0x0] = _v20;
				return _t49;
			}





















                                                                                                                                  0x032b52f3
                                                                                                                                  0x032b52f5
                                                                                                                                  0x032b52fa
                                                                                                                                  0x032b5305
                                                                                                                                  0x032b530c
                                                                                                                                  0x032b5311
                                                                                                                                  0x032b5316
                                                                                                                                  0x032b531a
                                                                                                                                  0x032b5320
                                                                                                                                  0x032b5322
                                                                                                                                  0x032b5325
                                                                                                                                  0x032b532c
                                                                                                                                  0x032b5333
                                                                                                                                  0x032b5336
                                                                                                                                  0x032b5348
                                                                                                                                  0x032b534e
                                                                                                                                  0x032b5351
                                                                                                                                  0x032b5355
                                                                                                                                  0x032b535e
                                                                                                                                  0x032b5364
                                                                                                                                  0x032b5364
                                                                                                                                  0x032b5368
                                                                                                                                  0x032b536b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b538a
                                                                                                                                  0x032b53be
                                                                                                                                  0x032b538c
                                                                                                                                  0x032b5395
                                                                                                                                  0x032b53a1
                                                                                                                                  0x032b53a7
                                                                                                                                  0x032b53ab
                                                                                                                                  0x032b53b6
                                                                                                                                  0x00000000
                                                                                                                                  0x032b53b6
                                                                                                                                  0x032b53ab
                                                                                                                                  0x032b5395
                                                                                                                                  0x00000000
                                                                                                                                  0x032b538a
                                                                                                                                  0x032b5364
                                                                                                                                  0x032b53c5
                                                                                                                                  0x032b53c5
                                                                                                                                  0x032b53cc
                                                                                                                                  0x032b53d6
                                                                                                                                  0x032b53e4

                                                                                                                                  APIs
                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000080,444D31BA,76D81D30), ref: 032B5345
                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 032B5348
                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000010), ref: 032B535B
                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 032B535E
                                                                                                                                  • LookupAccountNameA.ADVAPI32(032B38AB,00000000,032B54C1,00000080,00000000,00000010,?), ref: 032B5382
                                                                                                                                  • GetLastError.KERNEL32 ref: 032B538C
                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,032B54C1,00000080), ref: 032B539E
                                                                                                                                  • HeapReAlloc.KERNEL32(00000000), ref: 032B53A1
                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,00000010), ref: 032B53B3
                                                                                                                                  • HeapReAlloc.KERNEL32(00000000), ref: 032B53B6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$AllocProcess$AccountErrorLastLookupName
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 649755156-0
                                                                                                                                  • Opcode ID: d0b41bbba215f5476309aac3ab5636dc6c61715f209ecb7ec6544e43005b43f5
                                                                                                                                  • Instruction ID: 8bb7c4b0a290b2594c9d29ff9033f1bfe0b7703651d8e4c9d0d70da5b928242d
                                                                                                                                  • Opcode Fuzzy Hash: d0b41bbba215f5476309aac3ab5636dc6c61715f209ecb7ec6544e43005b43f5
                                                                                                                                  • Instruction Fuzzy Hash: 4B311A7191132AAFDB11DFA4DC48ADEBBB8EB09B50F208115F811E6244D7759950CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C1D4E Relevance: 13.6, APIs: 9, Instructions: 79clipboardstringwindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031C1D4E(void* __ebx, void* __edi, void* __eflags, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				signed int _t15;
				void* _t20;
				intOrPtr _t30;
				long _t33;
				long _t35;
				void* _t36;
				CHAR* _t39;
				void* _t40;
				int _t41;

				_t15 = E031C103E(GetDlgCtrlID(_a4));
				if(_t15 >= 0) {
					_t40 = _t15 * 0x54 +  *0x31c6804;
					if(_a8 != 0x302 || OpenClipboard(_a4) == 0) {
						return CallWindowProcA( *(_t40 + 0x50), _a4, _a8, _a12, _a16);
					} else {
						_t20 = GetClipboardData(1);
						_a8 = _t20;
						if(_t20 == 0) {
							L15:
							CloseClipboard();
							return 0;
						}
						_t39 = GlobalLock(_t20);
						if(_t39 == 0) {
							goto L15;
						}
						_t41 = lstrlenA(_t39);
						_t5 = _t41 + 1; // 0x1
						_t33 = E031C1000(_t5);
						if(_t33 == 0) {
							L14:
							GlobalUnlock(_a8);
							goto L15;
						}
						_t36 = 0;
						if(_t41 <= 0) {
							L13:
							E031C100F(SendMessageA(_a4, 0xc2, 1, _t33), _t33);
							goto L14;
						}
						_t35 = _t33;
						do {
							_t30 =  *((intOrPtr*)(_t36 + _t39));
							if(_t30 >= 0x30 && _t30 <= 0x39) {
								 *_t35 = _t30;
								_t35 = _t35 + 1;
							}
							 *_t35 =  *_t35 & 0x00000000;
							_t36 = _t36 + 1;
						} while (_t36 < _t41);
						goto L13;
					}
				}
				return 0;
			}












                                                                                                                                  0x031c1d5c
                                                                                                                                  0x031c1d63
                                                                                                                                  0x031c1d7c
                                                                                                                                  0x031c1d7e
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1d95
                                                                                                                                  0x031c1d98
                                                                                                                                  0x031c1da0
                                                                                                                                  0x031c1da3
                                                                                                                                  0x031c1e0a
                                                                                                                                  0x031c1e0a
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1e12
                                                                                                                                  0x031c1dac
                                                                                                                                  0x031c1db0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1dba
                                                                                                                                  0x031c1dbc
                                                                                                                                  0x031c1dc5
                                                                                                                                  0x031c1dc9
                                                                                                                                  0x031c1e00
                                                                                                                                  0x031c1e03
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1e09
                                                                                                                                  0x031c1dcb
                                                                                                                                  0x031c1dcf
                                                                                                                                  0x031c1de9
                                                                                                                                  0x031c1dfb
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1dfb
                                                                                                                                  0x031c1dd1
                                                                                                                                  0x031c1dd3
                                                                                                                                  0x031c1dd3
                                                                                                                                  0x031c1dd8
                                                                                                                                  0x031c1dde
                                                                                                                                  0x031c1de0
                                                                                                                                  0x031c1de0
                                                                                                                                  0x031c1de1
                                                                                                                                  0x031c1de4
                                                                                                                                  0x031c1de5
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1dd3
                                                                                                                                  0x031c1d7e
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748522491.00000000031C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 031C0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748395968.00000000031C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748634965.00000000031C3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748656419.00000000031C4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748694802.00000000031C6000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748715226.00000000031C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_31c0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Clipboard$Global$CloseCtrlDataLockMessageOpenSendUnlocklstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 639725540-0
                                                                                                                                  • Opcode ID: ab4c1c8b4b83bbf60f1b1859776a618064eee6014cb64ad1805135d4b2f0247c
                                                                                                                                  • Instruction ID: 5003f6d24f35131592962c44cdad377594a3be344122f1e3f3e74f6a47ef773d
                                                                                                                                  • Opcode Fuzzy Hash: ab4c1c8b4b83bbf60f1b1859776a618064eee6014cb64ad1805135d4b2f0247c
                                                                                                                                  • Instruction Fuzzy Hash: 5221F836160285BBDB16AFB1DC08A9B7F6AFF5C741B04883DF556C9112D735C460DB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A7450 Relevance: 12.2, APIs: 8, Instructions: 169networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                  			E032A7450(intOrPtr __ebx, signed int __edx, intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int* _v0;
				intOrPtr _v4;
				signed int* _v8;
				signed int _v16;
				intOrPtr _v256;
				char _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v300;
				signed int* _t51;
				signed int _t54;
				intOrPtr _t65;
				signed int* _t66;
				signed int _t76;
				signed int _t87;
				signed int _t90;
				void* _t91;
				signed int* _t92;
				signed int _t103;

				_t65 = __ebx;
				_t92 =  &_v284;
				_t76 = __edx | 0xffffffff;
				_t90 = 0;
				_t91 = 0;
				_v276 = _t76;
				if(_a4 == 0) {
					L38:
					E032A3960(_t51);
					_v276 = _t76;
					return _t76;
				} else {
					_t51 = _a8;
					if(_t51 <= 0) {
						goto L38;
					} else {
						_t66 = _a12;
						if(_t66 == 0) {
							goto L38;
						} else {
							_t87 =  *_t51;
							_v280 = _t87;
							_v256 = __ebx;
							_v260 = 1;
							if(_a16 == 0) {
								_t54 =  *_t66;
								_v268 = _t54;
								_v264 = _t66[1];
							} else {
								_v268 = 0;
								_v264 = 0x493e0;
								_t54 = GetTickCount();
								_v272 = _t54;
							}
							_v284 = _t90;
							while(_t91 == 0 || _t90 < _v280) {
								if(_t87 > 0 && (_t91 == 0 || _t90 < _v284)) {
									_push( &_v268);
									_push(0);
									_push(0);
									_t54 =  &_v260;
									_push(_t54);
									_t20 = _t65 + 1; // 0x1
									L032BD921();
									_t103 = _t54;
									if(_t103 >= 0) {
										if(_t103 != 0) {
											_push(0);
											if(_t91 != 0) {
												_t54 = _v16;
												_push(_v300 - _t90);
												_push(_t90 + _t54);
												_push(_t65);
												L032BD92D();
												_t87 = _t54;
												if(_t87 > 0) {
													_t90 = _t90 + _t87;
												}
											} else {
												_push(4);
												_push(_t92 + _t90 + 0x14);
												_push(_t65);
												L032BD92D();
												_t87 = 4 - _t90;
												_t54 = _t87 + _t90;
												if(_t54 != 4) {
													if(_t87 > 0) {
														_t90 = _t54;
													}
												} else {
													_t37 = _t54 - 3; // -3
													_t91 = _t37;
													_t90 = 0;
												}
											}
											continue;
										} else {
											if(_v4 != 0) {
												_t54 = GetTickCount() - _v292;
												if( *_v8 * 0x3e8 > _t54) {
													_v4(_v0, 0);
													_t54 = GetTickCount() - _v300;
													if( *_v16 * 0x3e8 > _t54) {
														_t54 = _v288;
														if(_t54 < 0x40) {
															 *((intOrPtr*)(_t92 + 0x28 + _t54 * 4)) = _t65;
															_v288 = _v288 + 1;
														}
														continue;
													}
												}
											}
										}
									}
								}
								break;
							}
							_push( &_v260);
							_push(_t65);
							L032BD927();
							if(_t54 == 0 || _t91 == 0) {
								L33:
								_push( &_v268);
								_push(_t65);
								L032BD927();
								if(_t54 != 0 && _t87 > 0 && _t91 != 0) {
									_t54 = _v300;
								}
								E032A3960(_t54);
								return _v292;
							} else {
								_t54 = _v292;
								if(_t54 <= 0 || _t90 <= 0 || _t90 > _v288 || _t90 != _t54) {
									goto L33;
								} else {
									_push(_t90);
									E032A3960(_t54);
									 *_v0 = _t90;
									_v284 = 0;
									return _v284;
								}
							}
						}
					}
				}
			}




























                                                                                                                                  0x032a7450
                                                                                                                                  0x032a7450
                                                                                                                                  0x032a7458
                                                                                                                                  0x032a745b
                                                                                                                                  0x032a745d
                                                                                                                                  0x032a7467
                                                                                                                                  0x032a746b
                                                                                                                                  0x032a7678
                                                                                                                                  0x032a7678
                                                                                                                                  0x032a767f
                                                                                                                                  0x032a768c
                                                                                                                                  0x032a7471
                                                                                                                                  0x032a7471
                                                                                                                                  0x032a747a
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7480
                                                                                                                                  0x032a7480
                                                                                                                                  0x032a7489
                                                                                                                                  0x00000000
                                                                                                                                  0x032a748f
                                                                                                                                  0x032a7496
                                                                                                                                  0x032a7498
                                                                                                                                  0x032a749c
                                                                                                                                  0x032a74a0
                                                                                                                                  0x032a74a8
                                                                                                                                  0x032a74c2
                                                                                                                                  0x032a74c7
                                                                                                                                  0x032a74cb
                                                                                                                                  0x032a74aa
                                                                                                                                  0x032a74aa
                                                                                                                                  0x032a74ae
                                                                                                                                  0x032a74b6
                                                                                                                                  0x032a74bc
                                                                                                                                  0x032a74bc
                                                                                                                                  0x032a74cf
                                                                                                                                  0x032a74d3
                                                                                                                                  0x032a74e3
                                                                                                                                  0x032a74fb
                                                                                                                                  0x032a74fc
                                                                                                                                  0x032a74fe
                                                                                                                                  0x032a7500
                                                                                                                                  0x032a7504
                                                                                                                                  0x032a7505
                                                                                                                                  0x032a7509
                                                                                                                                  0x032a750e
                                                                                                                                  0x032a7510
                                                                                                                                  0x032a7516
                                                                                                                                  0x032a7596
                                                                                                                                  0x032a7598
                                                                                                                                  0x032a75d4
                                                                                                                                  0x032a75dd
                                                                                                                                  0x032a75e1
                                                                                                                                  0x032a75e2
                                                                                                                                  0x032a75e3
                                                                                                                                  0x032a75e8
                                                                                                                                  0x032a75ec
                                                                                                                                  0x032a75f2
                                                                                                                                  0x032a75f2
                                                                                                                                  0x032a759a
                                                                                                                                  0x032a75a1
                                                                                                                                  0x032a75a6
                                                                                                                                  0x032a75a7
                                                                                                                                  0x032a75a8
                                                                                                                                  0x032a75ad
                                                                                                                                  0x032a75af
                                                                                                                                  0x032a75b5
                                                                                                                                  0x032a75c3
                                                                                                                                  0x032a75c9
                                                                                                                                  0x032a75c9
                                                                                                                                  0x032a75b7
                                                                                                                                  0x032a75b7
                                                                                                                                  0x032a75b7
                                                                                                                                  0x032a75ba
                                                                                                                                  0x032a75ba
                                                                                                                                  0x032a75b5
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7518
                                                                                                                                  0x032a7520
                                                                                                                                  0x032a7535
                                                                                                                                  0x032a7541
                                                                                                                                  0x032a7551
                                                                                                                                  0x032a7567
                                                                                                                                  0x032a7573
                                                                                                                                  0x032a7579
                                                                                                                                  0x032a7580
                                                                                                                                  0x032a7586
                                                                                                                                  0x032a758a
                                                                                                                                  0x032a758a
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7580
                                                                                                                                  0x032a7573
                                                                                                                                  0x032a7541
                                                                                                                                  0x032a7520
                                                                                                                                  0x032a7516
                                                                                                                                  0x032a7510
                                                                                                                                  0x00000000
                                                                                                                                  0x032a74e3
                                                                                                                                  0x032a75fd
                                                                                                                                  0x032a75fe
                                                                                                                                  0x032a75ff
                                                                                                                                  0x032a7606
                                                                                                                                  0x032a764a
                                                                                                                                  0x032a764e
                                                                                                                                  0x032a764f
                                                                                                                                  0x032a7650
                                                                                                                                  0x032a7657
                                                                                                                                  0x032a7661
                                                                                                                                  0x032a7661
                                                                                                                                  0x032a7665
                                                                                                                                  0x032a7677
                                                                                                                                  0x032a760c
                                                                                                                                  0x032a760c
                                                                                                                                  0x032a7612
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7622
                                                                                                                                  0x032a7622
                                                                                                                                  0x032a7623
                                                                                                                                  0x032a7633
                                                                                                                                  0x032a7635
                                                                                                                                  0x032a7649
                                                                                                                                  0x032a7649
                                                                                                                                  0x032a7612
                                                                                                                                  0x032a7606
                                                                                                                                  0x032a7489
                                                                                                                                  0x032a747a

                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 032A74B6
                                                                                                                                  • select.WS2_32(00000001,?,00000000,00000000,?), ref: 032A7509
                                                                                                                                  • GetTickCount.KERNEL32 ref: 032A7526
                                                                                                                                  • GetTickCount.KERNEL32 ref: 032A7558
                                                                                                                                  • recv.WS2_32(00000000,?,00000004,00000000), ref: 032A75A8
                                                                                                                                  • recv.WS2_32(00000000,?,?,00000000), ref: 032A75E3
                                                                                                                                  • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 032A75FF
                                                                                                                                  • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 032A7650
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountTick$recv$select
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1199061815-0
                                                                                                                                  • Opcode ID: 255e1b050ed5fc57440e2fe10e2c13a12ab32da7c436f755f68687c71e2e0448
                                                                                                                                  • Instruction ID: 13e586fa7463502777a5605f3cd85beb7dbae1421038c6fbbc1ba975376a274e
                                                                                                                                  • Opcode Fuzzy Hash: 255e1b050ed5fc57440e2fe10e2c13a12ab32da7c436f755f68687c71e2e0448
                                                                                                                                  • Instruction Fuzzy Hash: 2F51C175528B029BC324DF9CD5807AFB7E9EFC4750F18492EE89587240D7B0D984CB96
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AE6D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                  			E032AE6D0() {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				struct _LUID _v36;
				void* __ebp;
				signed int _t14;
				signed int _t34;

				_t14 =  *0x32ed474; // 0x444d31ba
				_v8 = _t14 ^ _t34;
				if( *0x32efcc0 == 0) {
					if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0 && LookupPrivilegeValueA(0, "SeDebugPrivilege",  &_v36) != 0) {
						_v24.Privileges = _v36.LowPart;
						_v16 = _v36.HighPart;
						_v24.PrivilegeCount = 1;
						_v12 = 2;
						AdjustTokenPrivileges(_v28, 0,  &_v24, 0x10, 0, 0);
						_t32 =  !=  ? 1 :  *0x32efcc0;
						 *0x32efcc0 =  !=  ? 1 :  *0x32efcc0;
					}
					CloseHandle(_v28);
				}
				return E032BD98D(_v8 ^ _t34);
			}












                                                                                                                                  0x032ae6d6
                                                                                                                                  0x032ae6dd
                                                                                                                                  0x032ae6e7
                                                                                                                                  0x032ae6fe
                                                                                                                                  0x032ae71c
                                                                                                                                  0x032ae724
                                                                                                                                  0x032ae730
                                                                                                                                  0x032ae737
                                                                                                                                  0x032ae73e
                                                                                                                                  0x032ae751
                                                                                                                                  0x032ae754
                                                                                                                                  0x032ae754
                                                                                                                                  0x032ae75d
                                                                                                                                  0x032ae763
                                                                                                                                  0x032ae775

                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,032B1805), ref: 032AE6EF
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,032B1805), ref: 032AE6F6
                                                                                                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 032AE70B
                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 032AE73E
                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,032B1805), ref: 032AE75D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                                                                                  • String ID: SeDebugPrivilege
                                                                                                                                  • API String ID: 3038321057-2896544425
                                                                                                                                  • Opcode ID: e11538603f0498ba2b2e51e29e2dc921f4e344990bae410be33158b6c1c6514e
                                                                                                                                  • Instruction ID: ef7f78c9bdc66cc3305c2abbf1ec7165683134464eec6431a98c3ceb21f7f16b
                                                                                                                                  • Opcode Fuzzy Hash: e11538603f0498ba2b2e51e29e2dc921f4e344990bae410be33158b6c1c6514e
                                                                                                                                  • Instruction Fuzzy Hash: 1A112471E40219AFEB00DFA4ED4ABBEB7F8FB48701F108019E905D7284DB719940CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D5B1A Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1343COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __floor_pentium4
                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                  • API String ID: 4168288129-2761157908
                                                                                                                                  • Opcode ID: 8b5c668278387c53d876bebd6fda757c3454c09310f10ccd957ed0f8599600ed
                                                                                                                                  • Instruction ID: 780ce29596ef53a8082122155b5a65f36a5fbc299192d12c55a32b81e9220e90
                                                                                                                                  • Opcode Fuzzy Hash: 8b5c668278387c53d876bebd6fda757c3454c09310f10ccd957ed0f8599600ed
                                                                                                                                  • Instruction Fuzzy Hash: B9C23B71E246298FDB25CE28DD407E9B7B9EB49304F5841EAD84DE7240E775AEC18F40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A1780 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032A16C0: GetTickCount.KERNEL32 ref: 032A16CE
                                                                                                                                  • DeviceIoControl.KERNEL32 ref: 032A17FA
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?), ref: 032A1863
                                                                                                                                  • DeviceIoControl.KERNEL32 ref: 032A18B2
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?), ref: 032A1910
                                                                                                                                    • Part of subcall function 032A1590: CreateFileA.KERNELBASE(C0000000,C0000000,00000002,00000000,00000003,00000000,00000000,?,?,?,032A19D7,00000000,00005960,032AA3A6,00000000,00285F40), ref: 032A1614
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?), ref: 032A195D
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 032A199D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandle$ControlDevice$CountCreateFileTick
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 622260290-0
                                                                                                                                  • Opcode ID: b4ae919ff582747ccdfc7121f107c91e2f10f00e017c02837c7863ee329b5981
                                                                                                                                  • Instruction ID: bae4b95f495ffeaf4ac060f92a18351617f3d9e384038dc82c7830f7a6e822ad
                                                                                                                                  • Opcode Fuzzy Hash: b4ae919ff582747ccdfc7121f107c91e2f10f00e017c02837c7863ee329b5981
                                                                                                                                  • Instruction Fuzzy Hash: C2515C719683125FE324DB38E845BBBB7DC9B85720F08447EE48AC7282E674E5D8C752
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D51BA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLocaleInfoW.KERNEL32(51CEB70F,2000000B,00000000,00000002,00000000,?,?,?,032D54E0,?,00000000), ref: 032D5253
                                                                                                                                  • GetLocaleInfoW.KERNEL32(51CEB70F,20001004,00000000,00000002,00000000,?,?,?,032D54E0,?,00000000), ref: 032D527C
                                                                                                                                  • GetACP.KERNEL32(?,?,032D54E0,?,00000000), ref: 032D5291
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoLocale
                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                  • Opcode ID: eee1976d51a07b1ae34748d43a2d82701091ea519d9fc92c63c42e460d91d00a
                                                                                                                                  • Instruction ID: b8f36446ff65e3399dbbc646f6b530c3bcb15d532b7b57e5a77857fb9686aed6
                                                                                                                                  • Opcode Fuzzy Hash: eee1976d51a07b1ae34748d43a2d82701091ea519d9fc92c63c42e460d91d00a
                                                                                                                                  • Instruction Fuzzy Hash: 4021D831775102AAEB34CF55C809B97B7AABF46E20B7E8068E909C7204E7B2DDC5C750
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C9A43 Relevance: 7.9, APIs: 5, Instructions: 376timeCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$InformationTimeZone
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 597776487-0
                                                                                                                                  • Opcode ID: f8909215c517a3205979e4330938f6a8879c32d50977794c0ea9998ada2b5caf
                                                                                                                                  • Instruction ID: 0eae0ea86a988d44d5d89bf8fc1b4928cd6ef7a4659ca469fc0226d66d2acaf8
                                                                                                                                  • Opcode Fuzzy Hash: f8909215c517a3205979e4330938f6a8879c32d50977794c0ea9998ada2b5caf
                                                                                                                                  • Instruction Fuzzy Hash: 45C12D759302C5AFCB20EF79D844AA9B7BDEF46310F1843AED5459B280E7718AC1CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B6FA0 Relevance: 7.8, APIs: 5, Instructions: 253serviceCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnumServicesStatusExA.ADVAPI32(?,00000000,00000030,00000003,00000000,00000000,00000000,032B0A27,00000000,00000000), ref: 032B6FDD
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,032B6D6B), ref: 032B6FE9
                                                                                                                                  • CloseServiceHandle.ADVAPI32(?,?,?,?,?,?,032B6D6B), ref: 032B6FF5
                                                                                                                                  • EnumServicesStatusExA.ADVAPI32(?,00000000,00000030,00000003,00000000,00000000,00000000,00000000,00000000,00000000), ref: 032B7049
                                                                                                                                  • GetLastError.KERNEL32 ref: 032B7057
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnumErrorLastServicesStatus$CloseHandleService
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4062858364-0
                                                                                                                                  • Opcode ID: c7de2bc8158c9b6164512c95bed5c75be17220fb7846b18fa0ade7cc1a926517
                                                                                                                                  • Instruction ID: 8dfc216f0eef944dd3295d94dfb786b477f6669b77379417a0558c84976549a3
                                                                                                                                  • Opcode Fuzzy Hash: c7de2bc8158c9b6164512c95bed5c75be17220fb7846b18fa0ade7cc1a926517
                                                                                                                                  • Instruction Fuzzy Hash: 6C813675A202069FDB15CF7CDC44BEABBF9EF85350F1882ADD4519B280D731A945CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D5395 Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032CA3F1: GetLastError.KERNEL32(00000000,00000000,00000000,032D2CCB,00000000,?,032C9CEC,?), ref: 032CA3F6
                                                                                                                                    • Part of subcall function 032CA3F1: SetLastError.KERNEL32(00000000,00000008,000000FF,?,032C9CEC,?), ref: 032CA494
                                                                                                                                    • Part of subcall function 032CA3F1: _free.LIBCMT ref: 032CA453
                                                                                                                                    • Part of subcall function 032CA3F1: _free.LIBCMT ref: 032CA489
                                                                                                                                  • GetUserDefaultLCID.KERNEL32(00000055,?,?), ref: 032D54A1
                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 032D54EC
                                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 032D54FB
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,032CBF40,00000040,?,032CC060,00000055,00000000,?,?,00000055,00000000), ref: 032D5543
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,032CBFC0,00000040), ref: 032D5562
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 949163717-0
                                                                                                                                  • Opcode ID: 29e2363516e4ebe03abbb6f7ff58376b391929b8728b75897ca2c91d6785f1ff
                                                                                                                                  • Instruction ID: b95f40b30948cbe97a0e05ea757c30d854eef2afb9f4e1b799b2275c082a585b
                                                                                                                                  • Opcode Fuzzy Hash: 29e2363516e4ebe03abbb6f7ff58376b391929b8728b75897ca2c91d6785f1ff
                                                                                                                                  • Instruction Fuzzy Hash: DB51A3719203069FDB10EFA6DC44ABEB7B8FF45701F284569E904EB150EBF09980CB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D4A26 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 253COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032CA3F1: GetLastError.KERNEL32(00000000,00000000,00000000,032D2CCB,00000000,?,032C9CEC,?), ref: 032CA3F6
                                                                                                                                    • Part of subcall function 032CA3F1: SetLastError.KERNEL32(00000000,00000008,000000FF,?,032C9CEC,?), ref: 032CA494
                                                                                                                                  • GetACP.KERNEL32(00000055,?,?,?,?,?,032CBF47,?,?,?,?,?,?,00000004), ref: 032D4AE7
                                                                                                                                  • IsValidCodePage.KERNEL32(00000000,00000055,?,?,?,?,?,032CBF47,?,?,?,?,?,?,00000004), ref: 032D4B12
                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,032CBF47,00000000,032CC067), ref: 032D4C77
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                  • String ID: utf8
                                                                                                                                  • API String ID: 607553120-905460609
                                                                                                                                  • Opcode ID: 81c14c0cd93baa6206fa763c0e9b5b4863830350704eb2783255cf55df13629e
                                                                                                                                  • Instruction ID: 337512e9e0c80d291feefc45aec19b2df9ec676cc9dca529783800da97d0c94c
                                                                                                                                  • Opcode Fuzzy Hash: 81c14c0cd93baa6206fa763c0e9b5b4863830350704eb2783255cf55df13629e
                                                                                                                                  • Instruction Fuzzy Hash: 6871D935A30346AADB24FB76DC45BAAB3ACEF44700F184569E905DB180FFB1E9D08764
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00402020 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 74%
                                                                                                                                  			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E004056C6(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Program Files\\iba\\ibaAnalyzer\\Plugins");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409368, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409368, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                                                                  0x00402029
                                                                                                                                  0x00402033
                                                                                                                                  0x0040203c
                                                                                                                                  0x00402046
                                                                                                                                  0x0040204f
                                                                                                                                  0x00402059
                                                                                                                                  0x0040205d
                                                                                                                                  0x0040205d
                                                                                                                                  0x00402062
                                                                                                                                  0x00402073
                                                                                                                                  0x0040207b
                                                                                                                                  0x0040215b
                                                                                                                                  0x0040215b
                                                                                                                                  0x00402162
                                                                                                                                  0x00402081
                                                                                                                                  0x00402081
                                                                                                                                  0x00402092
                                                                                                                                  0x00402096
                                                                                                                                  0x0040209c
                                                                                                                                  0x004020a6
                                                                                                                                  0x004020a8
                                                                                                                                  0x004020b3
                                                                                                                                  0x004020b6
                                                                                                                                  0x004020c3
                                                                                                                                  0x004020c5
                                                                                                                                  0x004020c7
                                                                                                                                  0x004020ce
                                                                                                                                  0x004020d1
                                                                                                                                  0x004020d1
                                                                                                                                  0x004020d4
                                                                                                                                  0x004020de
                                                                                                                                  0x004020e6
                                                                                                                                  0x004020eb
                                                                                                                                  0x004020f7
                                                                                                                                  0x004020f7
                                                                                                                                  0x004020fa
                                                                                                                                  0x00402103
                                                                                                                                  0x00402106
                                                                                                                                  0x0040210f
                                                                                                                                  0x00402114
                                                                                                                                  0x00402126
                                                                                                                                  0x00402135
                                                                                                                                  0x00402137
                                                                                                                                  0x00402143
                                                                                                                                  0x00402143
                                                                                                                                  0x00402135
                                                                                                                                  0x00402145
                                                                                                                                  0x0040214b
                                                                                                                                  0x0040214b
                                                                                                                                  0x0040214e
                                                                                                                                  0x00402154
                                                                                                                                  0x00402159
                                                                                                                                  0x0040216e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402159
                                                                                                                                  0x00402164
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                  • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409368,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                                                                  Strings
                                                                                                                                  • C:\Program Files\iba\ibaAnalyzer\Plugins, xrefs: 004020AB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                  • String ID: C:\Program Files\iba\ibaAnalyzer\Plugins
                                                                                                                                  • API String ID: 123533781-3951075876
                                                                                                                                  • Opcode ID: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                                                                  • Instruction ID: 0b92ce9401c32f92a97655b67b17bc3e2e7042a2ba93bb40bff56c30807ccd12
                                                                                                                                  • Opcode Fuzzy Hash: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                                                                  • Instruction Fuzzy Hash: 94418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D4E3D Relevance: 4.7, APIs: 3, Instructions: 206COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032CA3F1: GetLastError.KERNEL32(00000000,00000000,00000000,032D2CCB,00000000,?,032C9CEC,?), ref: 032CA3F6
                                                                                                                                    • Part of subcall function 032CA3F1: SetLastError.KERNEL32(00000000,00000008,000000FF,?,032C9CEC,?), ref: 032CA494
                                                                                                                                    • Part of subcall function 032CA3F1: _free.LIBCMT ref: 032CA453
                                                                                                                                    • Part of subcall function 032CA3F1: _free.LIBCMT ref: 032CA489
                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 032D4E91
                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 032D4EDB
                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 032D4FA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoLocale$ErrorLast_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3140898709-0
                                                                                                                                  • Opcode ID: c6247a022e4029abc10de43aa8aa9d264b3e97a3061a8336e3d198a07e608db9
                                                                                                                                  • Instruction ID: 1395e4a2bb8d23cefd3e0d548f55bb8f864da9b01b342dc10cb92443963b4720
                                                                                                                                  • Opcode Fuzzy Hash: c6247a022e4029abc10de43aa8aa9d264b3e97a3061a8336e3d198a07e608db9
                                                                                                                                  • Instruction Fuzzy Hash: 6961C6759202179FDB24EF25DC81BBAB3A8EF05301F1841B9ED05CA194EBB8D9D5CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C925B Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 032C9353
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 032C935D
                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 032C936A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                  • Opcode ID: fe37d165239e54007129c4e0485f7b7be16dabcc0039d1c0425b8939fab22c72
                                                                                                                                  • Instruction ID: 4d4ed06200001e7800bd09a5af0ca23fdbc1604053321dfb084e08ebb0c4f5f9
                                                                                                                                  • Opcode Fuzzy Hash: fe37d165239e54007129c4e0485f7b7be16dabcc0039d1c0425b8939fab22c72
                                                                                                                                  • Instruction Fuzzy Hash: A931C2759112299BCB21DF64E8887DCBBB8BF08750F5442EAE41CAB250E7709BC1CF45
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C8252 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(032C9589,?,032C8251,032C9589,?,032C9589,032C9589,032C9589,00000002), ref: 032C8274
                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,032C8251,032C9589,?,032C9589,032C9589,032C9589,00000002), ref: 032C827B
                                                                                                                                  • ExitProcess.KERNEL32 ref: 032C828D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                  • Opcode ID: ed07929840b0b5f2c94f05dc229a922d1be562b3a6ebb83cfa3293590f147e8a
                                                                                                                                  • Instruction ID: 0d59cd042839ac2e814a76afd345ad84973ee227e26418466dbba7882a4792f6
                                                                                                                                  • Opcode Fuzzy Hash: ed07929840b0b5f2c94f05dc229a922d1be562b3a6ebb83cfa3293590f147e8a
                                                                                                                                  • Instruction Fuzzy Hash: 4BE086324215D4AFCF51BF54E90C9583F2AFF00341B048219F8048A120DB75D8D1CB41
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C7930 Relevance: 3.5, APIs: 2, Instructions: 452COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 52007fcc5b7bb751634e2d03693da1a6c577c15c7c92f029165aaedabb901676
                                                                                                                                  • Instruction ID: 00389591c27c9f36b999754995f340232d7e9f4d8be299fdb6f5c9c3427dc185
                                                                                                                                  • Opcode Fuzzy Hash: 52007fcc5b7bb751634e2d03693da1a6c577c15c7c92f029165aaedabb901676
                                                                                                                                  • Instruction Fuzzy Hash: 86022B71E2025A9FDF14CFACC8906ADF7B5EF48314F1982ADD919AB344D7319A418F90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BB350 Relevance: 3.0, APIs: 2, Instructions: 48timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?), ref: 032BB3A1
                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 032BB3B7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1518329722-0
                                                                                                                                  • Opcode ID: d6923bb8352c4bcd926fc896a2b7c70dab363c60b95ae5b1a42fc093769d6311
                                                                                                                                  • Instruction ID: f630ea17c725b344c43ce26f80a5f35b849bc7255c2aa8d19055ebe384c1c456
                                                                                                                                  • Opcode Fuzzy Hash: d6923bb8352c4bcd926fc896a2b7c70dab363c60b95ae5b1a42fc093769d6311
                                                                                                                                  • Instruction Fuzzy Hash: 3B012836520316EADB20EEA8D8489EAF734EF05361F544625E94497580D7B1B6E1C3E1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D94C3 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,032D94BE,?,?,00000008,?,?,032D791B,00000000), ref: 032D96F0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                  • Opcode ID: 01e26770a17b3611f2d5172334d31b7c17bbc036c2bc530a22088811a1a7b8c5
                                                                                                                                  • Instruction ID: 2628bfab7a5897d546a59287086b58c62a7586d27afabb3948f508466918d07b
                                                                                                                                  • Opcode Fuzzy Hash: 01e26770a17b3611f2d5172334d31b7c17bbc036c2bc530a22088811a1a7b8c5
                                                                                                                                  • Instruction Fuzzy Hash: 90B12B75620609DFEB15CF28C486B65BBA0FF45364F298658F89ACF2A1C335E9D1CB40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D1866 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c3b297af303133f2f15f1861febcc9b8b36133e7831079971801043cd795ff80
                                                                                                                                  • Instruction ID: 4e807abdb6d5cfcd7294a5723b602c6f34792e18e2cb48acd66e6f379c203041
                                                                                                                                  • Opcode Fuzzy Hash: c3b297af303133f2f15f1861febcc9b8b36133e7831079971801043cd795ff80
                                                                                                                                  • Instruction Fuzzy Hash: 6C4193B5814259AEDB20DF69DC89AEABBB9AB45300F1442DDE44DD7200DA349E84CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D5092 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032CA3F1: GetLastError.KERNEL32(00000000,00000000,00000000,032D2CCB,00000000,?,032C9CEC,?), ref: 032CA3F6
                                                                                                                                    • Part of subcall function 032CA3F1: SetLastError.KERNEL32(00000000,00000008,000000FF,?,032C9CEC,?), ref: 032CA494
                                                                                                                                    • Part of subcall function 032CA3F1: _free.LIBCMT ref: 032CA453
                                                                                                                                    • Part of subcall function 032CA3F1: _free.LIBCMT ref: 032CA489
                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 032D50E6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast_free$InfoLocale
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2003897158-0
                                                                                                                                  • Opcode ID: ce75792bbb3d92a15db9216da876123b194295b3687320995a8f43d8c19bbb19
                                                                                                                                  • Instruction ID: d2988dfddb57b61ae5bdade1e83739b4524713b9411a5b451539f3e25379c456
                                                                                                                                  • Opcode Fuzzy Hash: ce75792bbb3d92a15db9216da876123b194295b3687320995a8f43d8c19bbb19
                                                                                                                                  • Instruction Fuzzy Hash: CC21B6366312475BDB18DE25EC41ABA73ACEF06710F2441A9ED01CB140EBB5D980C750
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D4D17 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032CA3F1: GetLastError.KERNEL32(00000000,00000000,00000000,032D2CCB,00000000,?,032C9CEC,?), ref: 032CA3F6
                                                                                                                                    • Part of subcall function 032CA3F1: SetLastError.KERNEL32(00000000,00000008,000000FF,?,032C9CEC,?), ref: 032CA494
                                                                                                                                  • EnumSystemLocalesW.KERNEL32(032D4E3D,00000001,00000000,?,032CBF40,?,032D5475,00000000,00000055,?,?), ref: 032D4D89
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                  • Opcode ID: bf287c3266a70765477769f61569d5265918e0aa17a6f12acdf7dacb062d95e9
                                                                                                                                  • Instruction ID: 24d1b726621036d42329bdb196441113c8e305059b3f863ad079f9212555e060
                                                                                                                                  • Opcode Fuzzy Hash: bf287c3266a70765477769f61569d5265918e0aa17a6f12acdf7dacb062d95e9
                                                                                                                                  • Instruction Fuzzy Hash: 3B11293A2107015FDB18EF3AD89557AB795FF80358B19452DD98687A00D7716482C740
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D52C2 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032CA3F1: GetLastError.KERNEL32(00000000,00000000,00000000,032D2CCB,00000000,?,032C9CEC,?), ref: 032CA3F6
                                                                                                                                    • Part of subcall function 032CA3F1: SetLastError.KERNEL32(00000000,00000008,000000FF,?,032C9CEC,?), ref: 032CA494
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,032D5059,00000000,00000000,?), ref: 032D52EE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$InfoLocale
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3736152602-0
                                                                                                                                  • Opcode ID: 4e538f89f804167d495f11f5a646cff4e392ed34a7e2ba1e6472cb3cd630db4d
                                                                                                                                  • Instruction ID: 49b8636720522b15a0669e3d3112b1b9e37cd661fe2595389c4acddbac6f3239
                                                                                                                                  • Opcode Fuzzy Hash: 4e538f89f804167d495f11f5a646cff4e392ed34a7e2ba1e6472cb3cd630db4d
                                                                                                                                  • Instruction Fuzzy Hash: 57F04936A20257BBDB28DA29CC056BEB768EB01314F288468EC05A3540EBF0FD81C6D0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D4DB2 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032CA3F1: GetLastError.KERNEL32(00000000,00000000,00000000,032D2CCB,00000000,?,032C9CEC,?), ref: 032CA3F6
                                                                                                                                    • Part of subcall function 032CA3F1: SetLastError.KERNEL32(00000000,00000008,000000FF,?,032C9CEC,?), ref: 032CA494
                                                                                                                                  • EnumSystemLocalesW.KERNEL32(032D5092,00000001,?,?,032CBF40,?,032D5439,032CBF40,00000055,?,?,?,?,032CBF40,?,?), ref: 032D4DFC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                  • Opcode ID: ef784c314db1dfc3a5433577d7096532191a2f674df03de8dda643472a5cbcc3
                                                                                                                                  • Instruction ID: 7b8ed122a66b403432a3b12aecf4671ec2533b84e1ca29a270ad91f270da750d
                                                                                                                                  • Opcode Fuzzy Hash: ef784c314db1dfc3a5433577d7096532191a2f674df03de8dda643472a5cbcc3
                                                                                                                                  • Instruction Fuzzy Hash: 3CF04C362103051FC714AF76DC8067A7B94EF80328B19856CFA418B580CAB15C81CB40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D4CCC Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032CA3F1: GetLastError.KERNEL32(00000000,00000000,00000000,032D2CCB,00000000,?,032C9CEC,?), ref: 032CA3F6
                                                                                                                                    • Part of subcall function 032CA3F1: SetLastError.KERNEL32(00000000,00000008,000000FF,?,032C9CEC,?), ref: 032CA494
                                                                                                                                  • EnumSystemLocalesW.KERNEL32(032D4C23,00000001,?,?,?,032D5497,032CBF40,00000055,?,?,?,?,032CBF40,?,?,?), ref: 032D4D03
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                  • Opcode ID: da27aa576569a8c1c86e29e2e1e13a32c2cc02fa22e2eefe93c686c6c3f5c319
                                                                                                                                  • Instruction ID: 79f4f2068a91b62a68fea1dba62f77ae82fdd9b3905b083592a9952011e90dcd
                                                                                                                                  • Opcode Fuzzy Hash: da27aa576569a8c1c86e29e2e1e13a32c2cc02fa22e2eefe93c686c6c3f5c319
                                                                                                                                  • Instruction Fuzzy Hash: 46F0E53A71024557CB14FF7AE85976A7F94EFC1720B1A409DEE058F654CBB198C2C790
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0040263E Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 39%
                                                                                                                                  			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029F6(2), _t19 - 0x1a4) != 0xffffffff) {
					E00405AC4(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405B66();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                                                  0x00402656
                                                                                                                                  0x0040266a
                                                                                                                                  0x00402675
                                                                                                                                  0x00402676
                                                                                                                                  0x004027b1
                                                                                                                                  0x00402658
                                                                                                                                  0x00402658
                                                                                                                                  0x0040265a
                                                                                                                                  0x0040265c
                                                                                                                                  0x0040265c
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1974802433-0
                                                                                                                                  • Opcode ID: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                                                                  • Instruction ID: b3d2387cb92b068db8966d6a1439c3c253679041c8135bb289436d91baf53d0e
                                                                                                                                  • Opcode Fuzzy Hash: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                                                                  • Instruction Fuzzy Hash: 42F0A072A04201DBD700EBB49A89AEEB7789B51328F60067BE111F20C1C6B85A459B2E
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032CD1BB Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032CD14F: EnterCriticalSection.KERNEL32(-000418AC,?,032C7E9C,00000000,032E9450,0000000C,032C7E63,?,?,032CCAC7,?,?,032CA593,00000001,00000364,00000008), ref: 032CD15E
                                                                                                                                  • EnumSystemLocalesW.KERNEL32(032CD1AE,00000001,032E9658,0000000C,032CD611,00000000), ref: 032CD1F3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1272433827-0
                                                                                                                                  • Opcode ID: f18993b7af5c217b8424c2d5d12f3b0cadfa50808e1626d0d446e9ae2b55e1d9
                                                                                                                                  • Instruction ID: 849e85340964deb08d7de79feeff1c2b6a1e1f957f7e7addfde9f43b7e8aa401
                                                                                                                                  • Opcode Fuzzy Hash: f18993b7af5c217b8424c2d5d12f3b0cadfa50808e1626d0d446e9ae2b55e1d9
                                                                                                                                  • Instruction Fuzzy Hash: 4CF0B779A61244AFDB10EFA8E405B9D77B0AB18720F10826AE5149F2A1C7B499809B51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032CD76E Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,?,?,032CC06F,?,20001004,?,00000002,00000000,?,?), ref: 032CD7A2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoLocale
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                  • Opcode ID: 11b31bb3637e8be4098e28cc621377c3e50f2e937ab6263743035feab8b29ca4
                                                                                                                                  • Instruction ID: 4523615c6b37bbfe4a42d5ad8719439c7a8b7776dd443da4e262306ea2c5c861
                                                                                                                                  • Opcode Fuzzy Hash: 11b31bb3637e8be4098e28cc621377c3e50f2e937ab6263743035feab8b29ca4
                                                                                                                                  • Instruction Fuzzy Hash: E2E04F36561268BBCF127F60EC08AAEBF69EF44B61F048128FC0566151CB728961DA91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C440C Relevance: 1.5, Strings: 1, Instructions: 240COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 0
                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                  • Opcode ID: 431ea04bca6a6af9c0d6578a89adb7970e3d531536c8dcbe636dcd5887862d89
                                                                                                                                  • Instruction ID: 15d4b2b3011273ccf4b1aa723369132b7d8175caa631e124247358d6141a1aba
                                                                                                                                  • Opcode Fuzzy Hash: 431ea04bca6a6af9c0d6578a89adb7970e3d531536c8dcbe636dcd5887862d89
                                                                                                                                  • Instruction Fuzzy Hash: 12613A306303C656DB3AFA2B8470BFFF3A9AB51644F6C071ED442DB681DBA199C58341
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C3FA4 Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 0
                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                  • Opcode ID: 9f172b24f7267e7087ac84b397fb789b78a68804b573300c51c9ba2cb2957e84
                                                                                                                                  • Instruction ID: dc8705b44660112cc0c49f2f7d2a6196d92d09b5d2277931b839bd45d4bb7eca
                                                                                                                                  • Opcode Fuzzy Hash: 9f172b24f7267e7087ac84b397fb789b78a68804b573300c51c9ba2cb2957e84
                                                                                                                                  • Instruction Fuzzy Hash: D0519D341707CA5ADF3FF92B88B57BFA7AA9B11200F0C4B1DD986DB280C59699C4C351
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D44CD Relevance: .3, Instructions: 329COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastProcess_free$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4283097504-0
                                                                                                                                  • Opcode ID: c2b0efba40f614f17315312b4d0b634b78c1489e3490538d05cfc9cf5f25544b
                                                                                                                                  • Instruction ID: 2ed00a2320c2d958b99d9a6e34298f96da6fb68466fd6041eac20a6be54c35a6
                                                                                                                                  • Opcode Fuzzy Hash: c2b0efba40f614f17315312b4d0b634b78c1489e3490538d05cfc9cf5f25544b
                                                                                                                                  • Instruction Fuzzy Hash: F0B108396207468BDB34EF26CC81AB7B3ACEF45308F48456DDA87C6580EEB5A5C5CB10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A2970 Relevance: .3, Instructions: 321COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8deed4a39aa488fd06b3609e0c4159f57da39afdf195114021460e6af4bf1449
                                                                                                                                  • Instruction ID: 81f21592ae340e452bdb9b370c38e925ec28ef7d3c37856a00238117766a74dd
                                                                                                                                  • Opcode Fuzzy Hash: 8deed4a39aa488fd06b3609e0c4159f57da39afdf195114021460e6af4bf1449
                                                                                                                                  • Instruction Fuzzy Hash: A4E1D172D95A528FD318EF1DF89423673A2FFC8301F4A853DDA525B24ACA34B521DB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032CF8AE Relevance: .3, Instructions: 294COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b57c708537dd665b97f34c540f0c76e9d046ad0778cc4c5242876fd7856785db
                                                                                                                                  • Instruction ID: 6a77fe8095536360210730b1ebb0bf86478fe0cdf725d76857ff4736aedf0f03
                                                                                                                                  • Opcode Fuzzy Hash: b57c708537dd665b97f34c540f0c76e9d046ad0778cc4c5242876fd7856785db
                                                                                                                                  • Instruction Fuzzy Hash: 77B10221D3AF408DD623A6399836336B6ACAFBB2D5F51DB1BFC1738D16EB2185835140
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A2200 Relevance: .3, Instructions: 269COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3bcfb037c56f8722a7d7c8d549dcd59afe050f1b733cfbba8a3756f0718ad13a
                                                                                                                                  • Instruction ID: ed6f1616de804990669a262686b3cce5ba56b5d0986db9c633bf4ad78b60d0f5
                                                                                                                                  • Opcode Fuzzy Hash: 3bcfb037c56f8722a7d7c8d549dcd59afe050f1b733cfbba8a3756f0718ad13a
                                                                                                                                  • Instruction Fuzzy Hash: 29C16377E407024FE3A98E1D9C90A657393AFD8328F5F46BD8A445F7A3CD78B4518680
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A1DF0 Relevance: .3, Instructions: 269COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c80a86e7291041e35637b83b959a5d4f8994fca1feff34692fee2922afd5ee6f
                                                                                                                                  • Instruction ID: 6e0d2d8994abc76c5c63a1c3700509a6a8bc28018bd2404654043498210587b9
                                                                                                                                  • Opcode Fuzzy Hash: c80a86e7291041e35637b83b959a5d4f8994fca1feff34692fee2922afd5ee6f
                                                                                                                                  • Instruction Fuzzy Hash: B2C16377E407024FE3A98E1D9C90A657393AFD8328F5F46BD8A445F7A3CD78B4518680
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032DB348 Relevance: .3, Instructions: 254COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                  • Instruction ID: 226ec40b6b407f6b233d6099e050ff6592d1a550e2932933dc15c12d11fbcbc5
                                                                                                                                  • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                  • Instruction Fuzzy Hash: 9591517222D0E34ADB69C63A957443EFFE15A423A231F079EE4F2CA5D1EE64C1D4D620
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032DB603 Relevance: .2, Instructions: 244COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                  • Instruction ID: 52eb05d9ec0fe4f728d2da842720c80603f32a15894ae9cecc9e00ca95350590
                                                                                                                                  • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                  • Instruction Fuzzy Hash: 4C9163736290A34AEB69C67A957403EFFE15E422A170F079ED4F2CB5C5EE24C1A4D620
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032DB081 Relevance: .2, Instructions: 240COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                  • Instruction ID: fa26f9d7824458f0f09fb960f55d8226bf4285cc53c3f251082d182bdedb056e
                                                                                                                                  • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                  • Instruction Fuzzy Hash: C09160732280A34ADB69C67A947803EFFE55A426A270F079ED4F3CB5C5EE14D1E4D620
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032DADD7 Relevance: .2, Instructions: 232COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                  • Instruction ID: 268f17944c64cddf95a9872ba5eb3c9b80fa732fe3b18a7867891aa8e1808898
                                                                                                                                  • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                  • Instruction Fuzzy Hash: 0981717262D0A34DDB69C63A957483EFFE15A412A230E07EEE4F2CA5C1EE2581D4D660
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C41D8 Relevance: .2, Instructions: 217COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1d81e9536823f38a20f61949ad5a3fe80a8290e3d70fb52b61c5b2e810559d09
                                                                                                                                  • Instruction ID: c4776fba2602ea16749470b902532df9ebfa3f41e8ae8001ec739968377c14ca
                                                                                                                                  • Opcode Fuzzy Hash: 1d81e9536823f38a20f61949ad5a3fe80a8290e3d70fb52b61c5b2e810559d09
                                                                                                                                  • Instruction Fuzzy Hash: BB517C706307CA56DB3BF96B58B67BFA79DAB82204F5C031DCC46DB281C691A9C5C243
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A5220 Relevance: .2, Instructions: 192COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                  • Opcode ID: a24080180cd2c948463891bf752d768b3895cbbda9a043adcfe2f5b11928d2f2
                                                                                                                                  • Instruction ID: 9a22512a08acc98b217d960e9d0a20b7f3aeee50426fbc90ab431b331e0473df
                                                                                                                                  • Opcode Fuzzy Hash: a24080180cd2c948463891bf752d768b3895cbbda9a043adcfe2f5b11928d2f2
                                                                                                                                  • Instruction Fuzzy Hash: 3A51C5E7620B0C5BC310EA6EDCC1A6FB3D9EF95200F5C892CE945C7701FAB5E9458A51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A2EE0 Relevance: .2, Instructions: 182COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6eb638d8aa0f9f1b1b76290e4130abc0daf07ab93260ad87a047963ac96a39b7
                                                                                                                                  • Instruction ID: dd7c00b799f824cad3eb6ecc5bd2b6e753547569a8cbc219f952f33a7727380a
                                                                                                                                  • Opcode Fuzzy Hash: 6eb638d8aa0f9f1b1b76290e4130abc0daf07ab93260ad87a047963ac96a39b7
                                                                                                                                  • Instruction Fuzzy Hash: 28718C76A187458FC324DF29C8403A6B7E1FFC8314F19896DE998CB306DB35E9418B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D7EA8 Relevance: .1, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b59bfd458c06ef4a6936b04daa573e522e3557e31b2581ed05ccd183ccbeed07
                                                                                                                                  • Instruction ID: 550807c61618442b42977ba451505a554eaa84661c210b8d18ff73062dad401a
                                                                                                                                  • Opcode Fuzzy Hash: b59bfd458c06ef4a6936b04daa573e522e3557e31b2581ed05ccd183ccbeed07
                                                                                                                                  • Instruction Fuzzy Hash: E421A473F205384B770CC47E8C5627DB6E1C68C511745827AE8A6DA2C1D968D917E2E4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D7D84 Relevance: .1, Instructions: 82COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 01ebfbd2213c4057f8cbf227c2be9f0ea47a8c075aa571b31c4b14d6c222d2cf
                                                                                                                                  • Instruction ID: 42eff7a0d6c4309f6b34b080878c1470344532c0d56d0e7c52d916b4b1ae5da6
                                                                                                                                  • Opcode Fuzzy Hash: 01ebfbd2213c4057f8cbf227c2be9f0ea47a8c075aa571b31c4b14d6c222d2cf
                                                                                                                                  • Instruction Fuzzy Hash: 3B11A723F30C295B675C816D8C1727AA2D6DBD815074F437AD826E72C4E9A4DE23C290
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D1474 Relevance: .0, Instructions: 30COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6f9dc9ec5d7839a1bb0f9fdbadf62a42b0888fa6d4059242e2288b8c1becf9d7
                                                                                                                                  • Instruction ID: e16e797e62d6b4c82ea1ff6abdd4d4b4c7ed8f03524791cc65e5fa546ecb3aee
                                                                                                                                  • Opcode Fuzzy Hash: 6f9dc9ec5d7839a1bb0f9fdbadf62a42b0888fa6d4059242e2288b8c1becf9d7
                                                                                                                                  • Instruction Fuzzy Hash: A6F0A032A25224AFCB22CA4CD904B58B3BCEB05B31F1141EAF5049B240C6B0AD9087C0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D14BA Relevance: .0, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 42d99ae79b02f14fcd499137df985bb59328b7a5ae115a2c0dc09bb60456210f
                                                                                                                                  • Instruction ID: bc3b7fa14fc23a428c2850c769ec73be407631efc1ed2ece0a433c5de46963e8
                                                                                                                                  • Opcode Fuzzy Hash: 42d99ae79b02f14fcd499137df985bb59328b7a5ae115a2c0dc09bb60456210f
                                                                                                                                  • Instruction Fuzzy Hash: 69E08C32926228EBC725DBCCD90499AF3ECEB49B10F1545AAF908D3610C2B0EE50C7D0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B53E5 Relevance: .0, Instructions: 3COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 378fa423a6dc4dee230e671ecbf391852f7d16aca553d1efe2005a9cd913559f
                                                                                                                                  • Instruction ID: fd2c49e487870f3ec0cea2d8f72df024890eb17b1109a264aa266051abd5d848
                                                                                                                                  • Opcode Fuzzy Hash: 378fa423a6dc4dee230e671ecbf391852f7d16aca553d1efe2005a9cd913559f
                                                                                                                                  • Instruction Fuzzy Hash: 03A0017A9013798B8F00DE40E9854897371BB4CA60B1A4440DD10333098238BC21CEB1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AE000 Relevance: 135.2, APIs: 67, Strings: 10, Instructions: 488windowmemorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 95%
                                                                                                                                  			E032AE000(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, struct HWND__* _a8, int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				struct tagPOINT _v24;
				struct tagRECT _v40;
				struct tagPOINT _v56;
				long _v64;
				long _v68;
				void* _v72;
				long _v76;
				void* _v104;
				int _v108;
				intOrPtr _v116;
				int _v128;
				int _v132;
				void* _v136;
				struct tagMSG _v164;
				char* _v196;
				intOrPtr _v200;
				int _v204;
				void* _v208;
				void* __ebp;
				void* _t107;
				signed int _t113;
				char* _t180;
				char* _t190;
				intOrPtr _t196;
				intOrPtr _t199;
				CHAR* _t203;
				CHAR* _t206;
				void* _t209;
				void* _t213;
				struct HICON__* _t218;
				intOrPtr _t221;
				int _t234;
				CHAR* _t265;
				void* _t270;
				intOrPtr _t280;
				intOrPtr* _t298;
				intOrPtr* _t299;
				void* _t302;
				struct HWND__* _t309;
				intOrPtr* _t321;
				void* _t322;
				intOrPtr* _t324;
				void* _t328;
				signed int _t329;

				 *0x32efcc4 = _a4;
				_t107 = E032AE6D0();
				if(_t107 != 0) {
					 *0x32efccc = _a8;
					 *0x32efcd0 = _a12;
					 *0x32efcd4 = _a20;
					 *0x32efcd8 = _a16;
					E032AF900(_t270, _a24);
					_t329 = _t328 + 4;
					_pop(_t326);
					_t327 = _t329;
					_t113 =  *0x32ed474; // 0x444d31ba
					_v8 = _t113 ^ _t329;
					SendMessageA( *0x32ee1dc, 0x30, SendMessageA( *0x32efccc, 0x31, 0, 0), 1);
					GetWindowRect(GetDlgItem( *0x32efccc, 0x3fa),  &_v24);
					MapWindowPoints(0,  *0x32efccc,  &_v24, 2);
					MoveWindow( *0x32ee1dc, _v24.x, _v24.y, _v16 - _v24.x, _v12 - _v24.y, 0);
					 *0x32ee1f4 = GetDlgItem( *0x32ee1dc, 0x4bd);
					 *0x32ee1f8 = GetDlgItem( *0x32ee1dc, 0x4ca);
					 *0x32ee1e0 = GetDlgItem( *0x32ee1dc, 0x4bc);
					 *0x32ee1e4 = GetDlgItem( *0x32ee1dc, 0x4cb);
					 *0x32ee1e8 = GetDlgItem( *0x32efccc, 1);
					 *0x32ee1f0 = GetDlgItem( *0x32efccc, 2);
					 *0x32ee1ec = GetDlgItem( *0x32efccc, 3);
					EnableWindow( *0x32ee1e8, 0);
					_t309 = GetDlgItem( *0x32ee1dc, 0x4bb);
					GetWindowRect(_t309,  &_v40);
					SetWindowPos(_t309, 0, 0, 0, _v16 - _v24.x, _v40.bottom - _v40.top, 6);
					GetWindowRect( *0x32ee1f4,  &_v40);
					SetWindowPos( *0x32ee1f4, 0, 0, 0, _v16 - _v24.x, _v40.bottom - _v40.top, 6);
					GetWindowRect( *0x32ee1f8,  &_v40);
					SetWindowPos( *0x32ee1f8, 0, 0, 0, _v16 - _v24.x, _v40.bottom - _v40.top, 6);
					GetWindowRect( *0x32ee1e0,  &_v40);
					GetWindowRect( *0x32ee1e4,  &_v56);
					MapWindowPoints(0,  *0x32efccc,  &_v56, 2);
					MapWindowPoints(0,  *0x32efccc,  &_v40, 2);
					SetWindowPos( *0x32ee1e4, 0, 0, 0, _v16 - _v24.x, _v12 - _v56.y, 6);
					SetWindowPos( *0x32ee1e0, 0, 0, 0, _v16 - _v24, _v56.y - _v40.top, 6);
					GetClientRect( *0x32ee1e0,  &_v40);
					_v204 = 6;
					_v196 = ((0x55555556 * (_v40.right - GetSystemMetrics(0x15)) >> 0x20 >> 0x1f) + (0x55555556 * (_v40.right - GetSystemMetrics(0x15)) >> 0x20)) * 2 - 1;
					_t180 =  *0x32efc94;
					if(_t180 == 0) {
						L7:
						_v196 = "Application";
					} else {
						_v196 = _t180;
						if( *_t180 == 0) {
							goto L7;
						}
					}
					SendMessageA( *0x32ee1e0, 0x101b, 0,  &_v208);
					_v200 = (0x55555556 * (_v40.top - GetSystemMetrics(0x15)) >> 0x20 >> 0x1f) - 1 + (0x55555556 * (_v40.top - GetSystemMetrics(0x15)) >> 0x20);
					_t190 =  *0x32efc98;
					if(_t190 == 0) {
						L10:
						_v196 = "Process";
					} else {
						_v196 = _t190;
						if( *_t190 == 0) {
							goto L10;
						}
					}
					SendMessageA( *0x32ee1e0, 0x101b, 1,  &_v208);
					_t193 =  *0x32efca4;
					_t302 = 0;
					if( *0x32efca4 != 0) {
						_t64 = E032B0E70(_t193) - 1; // -1
						_t302 = _t64;
					}
					_t280 =  *0x32efc70;
					_t297 =  !=  ? _t280 : "Please close the following programs before continuing with setup...";
					SetWindowTextA(GetDlgItem( *0x32ee1dc, 0x4bb),  !=  ? _t280 : "Please close the following programs before continuing with setup...");
					_t196 =  *0x32efca8;
					_t282 =  !=  ? _t196 : "Close the following programs, or click on next to kill the processes.";
					SetWindowTextA(GetDlgItem( *0x32ee1dc, 0x4ca),  !=  ? _t196 : "Close the following programs, or click on next to kill the processes.");
					_t199 =  *0x32efcac;
					_t284 =  !=  ? _t199 : "Automatically close the listed applications";
					SetWindowTextA(GetDlgItem( *0x32ee1dc, 0x4cb),  !=  ? _t199 : "Automatically close the listed applications");
					SendMessageA( *0x32ee1e0, 0x1036, 0, 0x4020);
					_t203 =  *0x32ee21c;
					if(_t203 != 0) {
						GetWindowTextA( *0x32ee1e8, _t203,  *0x32efcd0);
					}
					if( *0x32ee230 == 0) {
						ExtractIconExA("shell32.dll", 0xf, 0,  &_v64, 1);
						_t206 = _v64;
					} else {
						_t206 = LoadImageA(0, "info.ico", 1, 0, 0, 0x50);
						_v64 = _t206;
					}
					if(_t206 == 0) {
						_v64 = LoadImageA(GetModuleHandleA(_t206), 0x67, 1, _t206, _t206, 0x40);
					}
					if( *0x32ee230 == 0) {
						ExtractIconExA("shell32.dll", 0x16, 0,  &_v68, 1);
						_t209 = _v68;
					} else {
						_t209 = LoadImageA(0, "search.ico", 1, 0, 0, 0x50);
					}
					_t210 =  ==  ? _v64 : _t209;
					_v68 =  ==  ? _v64 : _t209;
					ExtractIconExA("shell32.dll", 2, 0,  &_v76, 1);
					_t213 = ImageList_Create(0x10, 0x10, 0x21, 8, 0x38);
					_v72 = _t213;
					ImageList_ReplaceIcon(_t213, 0xffffffff, _v64);
					ImageList_ReplaceIcon(_v72, 0xffffffff, _v68);
					ImageList_ReplaceIcon(_v72, 0xffffffff, _v76);
					DestroyIcon(_v64);
					_t218 = _v68;
					if(_t218 != _v64) {
						DestroyIcon(_t218);
					}
					DestroyIcon(_v76);
					SendMessageA( *0x32ee1e0, 0x1003, 1, _v72);
					_t221 =  *0x32efc78;
					_v136 = 7;
					_v132 = 0;
					_t286 =  !=  ? _t221 : "0% Searching, please wait...";
					_v128 = 0;
					_v116 =  !=  ? _t221 : "0% Searching, please wait...";
					_v104 = 0;
					_v108 = 1;
					SendMessageA( *0x32ee1e0, 0x1007, 0,  &_v136);
					SendMessageA( *0x32ee1e0, 0x1013, 0, 0);
					 *0x32ee1fc = SetWindowLongA( *0x32efccc, 4, E032AFE80);
					 *0x32ee200 = SetWindowLongA( *0x32ee1e0, 0xfffffffc, E032AF8C0);
					SendMessageA( *0x32efccc, 0x40d,  *0x32ee1dc, 0);
					ShowWindow( *0x32ee1dc, 5);
					 *0x32ee208 = 0;
					 *0x32ee204 = 0;
					 *0x32efc60 = CreateThread(0, 0, E032AEC10, _t302, 0, 0);
					while( *0x32ee204 == 0 ||  *0x32ee208 == 0) {
						if(GetMessageA( &_v164, 0, 0, 0) == 0 || IsDialogMessageA( *0x32ee1dc,  &_v164) != 0 || IsDialogMessageA( *0x32efccc,  &_v164) != 0) {
							continue;
						} else {
							if(_v164.message != 0x12) {
								TranslateMessage( &_v164);
								DispatchMessageA( &_v164);
								continue;
							}
						}
						break;
					}
					CloseHandle( *0x32efc60);
					 *0x32efc60 = 0;
					_t234 = SendMessageA( *0x32ee1e0, 0x1004, 0, 0) - 1;
					_v136 = 4;
					_v132 = _t234;
					if(_t234 >= 0) {
						do {
							SendMessageA( *0x32ee1e0, 0x1005, 0,  &_v136);
							_t322 = _v104;
							if(_t322 != 0) {
								GlobalFree( *_t322);
								GlobalFree(_t322);
							}
							_t102 =  &_v132;
							 *_t102 = _v132 - 1;
						} while ( *_t102 >= 0);
					}
					if( *0x32ee214 == 0) {
						if( *0x32ee20c == 0) {
							if( *0x32ee210 == 0) {
								if( *0x32efc84 == 0 ||  *0x32efc58 <= 0) {
									_push("next");
								} else {
									_push("ignore");
								}
							} else {
								_push("back");
							}
						} else {
							_push("cancel");
						}
						E032B1000();
					} else {
						if( *0x32efcd4 != 0) {
							_t321 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
							_t104 = _t321 + 4; // 0x4
							lstrcpynA(_t104, "ignore",  *0x32efcd0);
							_t298 =  *0x32efcd4;
							 *_t321 =  *_t298;
							 *_t298 = _t321;
						}
					}
					SetWindowLongA( *0x32ee1e0, 0xfffffffc,  *0x32ee200);
					SetWindowLongA( *0x32efccc, 4,  *0x32ee1fc);
					DestroyWindow( *0x32ee1dc);
					E032AFFD0();
					return E032BD98D(_v12 ^ _t327);
				} else {
					if( *0x32efcd4 != _t107) {
						_t324 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t2 = _t324 + 4; // 0x4
						_t265 = lstrcpynA(_t2, "error",  *0x32efcd0);
						_t299 =  *0x32efcd4;
						 *_t324 =  *_t299;
						 *_t299 = _t324;
						return _t265;
					}
					return _t107;
				}
			}


















































                                                                                                                                  0x032ae006
                                                                                                                                  0x032ae00b
                                                                                                                                  0x032ae012
                                                                                                                                  0x032ae05a
                                                                                                                                  0x032ae062
                                                                                                                                  0x032ae06a
                                                                                                                                  0x032ae072
                                                                                                                                  0x032ae077
                                                                                                                                  0x032ae07c
                                                                                                                                  0x032ae07f
                                                                                                                                  0x032b0061
                                                                                                                                  0x032b0069
                                                                                                                                  0x032b0070
                                                                                                                                  0x032b0095
                                                                                                                                  0x032b00b5
                                                                                                                                  0x032b00cb
                                                                                                                                  0x032b00e9
                                                                                                                                  0x032b0107
                                                                                                                                  0x032b0119
                                                                                                                                  0x032b012b
                                                                                                                                  0x032b013a
                                                                                                                                  0x032b0149
                                                                                                                                  0x032b0158
                                                                                                                                  0x032b0167
                                                                                                                                  0x032b016c
                                                                                                                                  0x032b017f
                                                                                                                                  0x032b0186
                                                                                                                                  0x032b01a5
                                                                                                                                  0x032b01b1
                                                                                                                                  0x032b01cf
                                                                                                                                  0x032b01db
                                                                                                                                  0x032b01f9
                                                                                                                                  0x032b0205
                                                                                                                                  0x032b0211
                                                                                                                                  0x032b0221
                                                                                                                                  0x032b0231
                                                                                                                                  0x032b024f
                                                                                                                                  0x032b026d
                                                                                                                                  0x032b0279
                                                                                                                                  0x032b0287
                                                                                                                                  0x032b02ad
                                                                                                                                  0x032b02b3
                                                                                                                                  0x032b02ba
                                                                                                                                  0x032b02c7
                                                                                                                                  0x032b02c7
                                                                                                                                  0x032b02bc
                                                                                                                                  0x032b02bf
                                                                                                                                  0x032b02c5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b02c5
                                                                                                                                  0x032b02eb
                                                                                                                                  0x032b0305
                                                                                                                                  0x032b030b
                                                                                                                                  0x032b0312
                                                                                                                                  0x032b031f
                                                                                                                                  0x032b031f
                                                                                                                                  0x032b0314
                                                                                                                                  0x032b0317
                                                                                                                                  0x032b031d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b031d
                                                                                                                                  0x032b033d
                                                                                                                                  0x032b033f
                                                                                                                                  0x032b0344
                                                                                                                                  0x032b0348
                                                                                                                                  0x032b0350
                                                                                                                                  0x032b0350
                                                                                                                                  0x032b0350
                                                                                                                                  0x032b0353
                                                                                                                                  0x032b0360
                                                                                                                                  0x032b037c
                                                                                                                                  0x032b037e
                                                                                                                                  0x032b038a
                                                                                                                                  0x032b03a0
                                                                                                                                  0x032b03a2
                                                                                                                                  0x032b03ae
                                                                                                                                  0x032b03c4
                                                                                                                                  0x032b03d8
                                                                                                                                  0x032b03da
                                                                                                                                  0x032b03e1
                                                                                                                                  0x032b03f0
                                                                                                                                  0x032b03f0
                                                                                                                                  0x032b0403
                                                                                                                                  0x032b042a
                                                                                                                                  0x032b0430
                                                                                                                                  0x032b0405
                                                                                                                                  0x032b0414
                                                                                                                                  0x032b0416
                                                                                                                                  0x032b0416
                                                                                                                                  0x032b0435
                                                                                                                                  0x032b0449
                                                                                                                                  0x032b0449
                                                                                                                                  0x032b0453
                                                                                                                                  0x032b0483
                                                                                                                                  0x032b0485
                                                                                                                                  0x032b0455
                                                                                                                                  0x032b0464
                                                                                                                                  0x032b0466
                                                                                                                                  0x032b048c
                                                                                                                                  0x032b0490
                                                                                                                                  0x032b04a0
                                                                                                                                  0x032b04ac
                                                                                                                                  0x032b04be
                                                                                                                                  0x032b04c1
                                                                                                                                  0x032b04cb
                                                                                                                                  0x032b04d5
                                                                                                                                  0x032b04e0
                                                                                                                                  0x032b04e2
                                                                                                                                  0x032b04e8
                                                                                                                                  0x032b04eb
                                                                                                                                  0x032b04eb
                                                                                                                                  0x032b04f0
                                                                                                                                  0x032b0502
                                                                                                                                  0x032b0504
                                                                                                                                  0x032b0510
                                                                                                                                  0x032b0517
                                                                                                                                  0x032b051e
                                                                                                                                  0x032b0521
                                                                                                                                  0x032b052b
                                                                                                                                  0x032b053c
                                                                                                                                  0x032b0543
                                                                                                                                  0x032b054a
                                                                                                                                  0x032b055b
                                                                                                                                  0x032b057f
                                                                                                                                  0x032b058e
                                                                                                                                  0x032b059e
                                                                                                                                  0x032b05a8
                                                                                                                                  0x032b05bc
                                                                                                                                  0x032b05c6
                                                                                                                                  0x032b05e2
                                                                                                                                  0x032b05e7
                                                                                                                                  0x032b060a
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0632
                                                                                                                                  0x032b0639
                                                                                                                                  0x032b0642
                                                                                                                                  0x032b064f
                                                                                                                                  0x00000000
                                                                                                                                  0x032b064f
                                                                                                                                  0x032b0639
                                                                                                                                  0x00000000
                                                                                                                                  0x032b060a
                                                                                                                                  0x032b065d
                                                                                                                                  0x032b0672
                                                                                                                                  0x032b067e
                                                                                                                                  0x032b0681
                                                                                                                                  0x032b0688
                                                                                                                                  0x032b068b
                                                                                                                                  0x032b0693
                                                                                                                                  0x032b06a4
                                                                                                                                  0x032b06a6
                                                                                                                                  0x032b06ab
                                                                                                                                  0x032b06af
                                                                                                                                  0x032b06b2
                                                                                                                                  0x032b06b2
                                                                                                                                  0x032b06b4
                                                                                                                                  0x032b06b4
                                                                                                                                  0x032b06b4
                                                                                                                                  0x032b0693
                                                                                                                                  0x032b06c1
                                                                                                                                  0x032b0709
                                                                                                                                  0x032b0719
                                                                                                                                  0x032b0729
                                                                                                                                  0x032b073b
                                                                                                                                  0x032b0734
                                                                                                                                  0x032b0734
                                                                                                                                  0x032b0734
                                                                                                                                  0x032b071b
                                                                                                                                  0x032b071b
                                                                                                                                  0x032b071b
                                                                                                                                  0x032b070b
                                                                                                                                  0x032b070b
                                                                                                                                  0x032b070b
                                                                                                                                  0x032b0740
                                                                                                                                  0x032b06c3
                                                                                                                                  0x032b06ca
                                                                                                                                  0x032b06e3
                                                                                                                                  0x032b06ea
                                                                                                                                  0x032b06ee
                                                                                                                                  0x032b06f4
                                                                                                                                  0x032b06fc
                                                                                                                                  0x032b06fe
                                                                                                                                  0x032b06fe
                                                                                                                                  0x032b06ca
                                                                                                                                  0x032b075c
                                                                                                                                  0x032b076c
                                                                                                                                  0x032b0774
                                                                                                                                  0x032b077a
                                                                                                                                  0x032b078f
                                                                                                                                  0x032ae014
                                                                                                                                  0x032ae01a
                                                                                                                                  0x032ae034
                                                                                                                                  0x032ae03b
                                                                                                                                  0x032ae03f
                                                                                                                                  0x032ae045
                                                                                                                                  0x032ae04d
                                                                                                                                  0x032ae04f
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae051
                                                                                                                                  0x032ae053
                                                                                                                                  0x032ae053

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032AE6D0: GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,032B1805), ref: 032AE6EF
                                                                                                                                    • Part of subcall function 032AE6D0: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,032B1805), ref: 032AE6F6
                                                                                                                                    • Part of subcall function 032AE6D0: LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 032AE70B
                                                                                                                                    • Part of subcall function 032AE6D0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 032AE73E
                                                                                                                                    • Part of subcall function 032AE6D0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,032B1805), ref: 032AE75D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,032B256D,?,?,?,?,?), ref: 032AE028
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error,?,?,032B256D,?,?,?,?,?), ref: 032AE03F
                                                                                                                                  • SendMessageA.USER32 ref: 032B008A
                                                                                                                                  • SendMessageA.USER32 ref: 032B0095
                                                                                                                                  • GetDlgItem.USER32 ref: 032B00AC
                                                                                                                                  • GetWindowRect.USER32 ref: 032B00B5
                                                                                                                                  • MapWindowPoints.USER32 ref: 032B00CB
                                                                                                                                  • MoveWindow.USER32(?,?,?,?,00000000), ref: 032B00E9
                                                                                                                                  • GetDlgItem.USER32 ref: 032B00FA
                                                                                                                                  • GetDlgItem.USER32 ref: 032B010C
                                                                                                                                  • GetDlgItem.USER32 ref: 032B011E
                                                                                                                                  • GetDlgItem.USER32 ref: 032B0130
                                                                                                                                  • GetDlgItem.USER32 ref: 032B013F
                                                                                                                                  • GetDlgItem.USER32 ref: 032B014E
                                                                                                                                  • GetDlgItem.USER32 ref: 032B015D
                                                                                                                                  • EnableWindow.USER32(00000000), ref: 032B016C
                                                                                                                                  • GetDlgItem.USER32 ref: 032B017D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Item$Window$MessageProcessSendToken$AdjustAllocCloseCurrentEnableGlobalHandleLookupMoveOpenPointsPrivilegePrivilegesRectValuelstrcpyn
                                                                                                                                  • String ID: 0% Searching, please wait...$Automatically close the listed applications$Close the following programs, or click on next to kill the processes.$Please close the following programs before continuing with setup...$VUUU$VUUU$error$info.ico$search.ico$shell32.dll
                                                                                                                                  • API String ID: 62032182-2527858884
                                                                                                                                  • Opcode ID: c79aa7dabfffb693b5cfd957519f922bce513d61244c64d49857452ff3d9c562
                                                                                                                                  • Instruction ID: 731a1499816d5ef45b4fa726ca5bcfafc2479291bb1addc92253c48424f5917c
                                                                                                                                  • Opcode Fuzzy Hash: c79aa7dabfffb693b5cfd957519f922bce513d61244c64d49857452ff3d9c562
                                                                                                                                  • Instruction Fuzzy Hash: 6D024E71A50219BFEB10EFA4FD4AF9E7BB9EB08700F118115FA04AA1D4DBB1A950CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AF900 Relevance: 121.2, APIs: 50, Strings: 19, Instructions: 425memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 95%
                                                                                                                                  			E032AF900(void* __ecx, intOrPtr _a4) {
				void* _v8;
				void* __esi;
				void* _t12;
				struct HWND__* _t14;
				void _t15;
				int _t34;
				void _t72;
				void* _t84;
				intOrPtr _t85;
				void _t88;
				void* _t99;
				void* _t106;
				CHAR* _t108;
				void* _t110;
				void* _t111;
				CHAR* _t112;
				void* _t113;
				void* _t114;
				void* _t116;
				void* _t119;
				void _t121;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;

				asm("xorps xmm0, xmm0");
				asm("movups [0x32efc70], xmm0");
				asm("movups [0x32efc80], xmm0");
				asm("movups [0x32efc90], xmm0");
				asm("movups [0x32efca0], xmm0");
				asm("movq [0x32efcb0], xmm0");
				_t12 = GlobalAlloc(0x40,  *0x32efcd0);
				_t119 = lstrcmpiA;
				_t116 = _t12;
				asm("o16 nop [eax+eax]");
				while(1) {
					_t99 =  *0x32efcd4;
					if(_t99 == 0) {
						break;
					}
					_t15 =  *_t99;
					_v8 = _t15;
					if(_t15 == 0) {
						break;
					}
					lstrcpyA(_t116, _t15 + 4);
					_t110 = _v8;
					 *( *0x32efcd4) =  *_t110;
					GlobalFree(_t110);
					if(lstrcmpiA(_t116, "/cbaddress") != 0) {
						if(lstrcmpiA(_t116, "/progress") != 0) {
							if(lstrcmpiA(_t116, "/forcetext") != 0) {
								if(lstrcmpiA(_t116, "/heading") != 0) {
									if(lstrcmpiA(_t116, "/noprograms") != 0) {
										if(lstrcmpiA(_t116, "/searching") != 0) {
											if(lstrcmpiA(_t116, "/endsearch") != 0) {
												if(lstrcmpiA(_t116, "/endmonitor") != 0) {
													if(lstrcmpiA(_t116, "/caption") != 0) {
														if(lstrcmpiA(_t116, "/captionservicestop") != 0) {
															if(lstrcmpiA(_t116, "/menuitemsservice") != 0) {
																if(lstrcmpiA(_t116, "/menuitems") != 0) {
																	if(lstrcmpiA(_t116, "/ignore") != 0) {
																		if(lstrcmpiA(_t116, "/autoclose") == 0 || lstrcmpiA(_t116, "/autoclosesilent") == 0) {
																			_t34 = lstrcmpiA(_t116, "/autoclose");
																			 *0x32ee224 = (0 | _t34 != 0x00000000) + 1;
																			if(_t34 == 0) {
																				_t39 =  *0x32efc8c;
																				if( *0x32efc8c == 0) {
																					 *0x32efc8c = GlobalAlloc(0x40,  *0x32efcd0);
																				}
																				E032B0FC0(_t39);
																				_t41 =  *0x32efc90;
																				_t124 = _t122 + 4;
																				if( *0x32efc90 == 0) {
																					 *0x32efc90 = GlobalAlloc(0x40,  *0x32efcd0);
																				}
																				E032B0FC0(_t41);
																				_t122 = _t124 + 4;
																			}
																			_t35 =  *0x32efc88;
																			if( *0x32efc88 == 0) {
																				 *0x32efc88 = GlobalAlloc(0x40,  *0x32efcd0);
																			}
																			E032B0FC0(_t35);
																			_t37 =  *0x32efc84;
																			_t123 = _t122 + 4;
																			if( *0x32efc84 == 0) {
																				 *0x32efc84 = GlobalAlloc(0x40,  *0x32efcd0);
																			}
																			E032B0FC0(_t37);
																			_t122 = _t123 + 4;
																		} else {
																			if(lstrcmpiA(_t116, "/colheadings") != 0) {
																				if(lstrcmpiA(_t116, "/usericons") != 0) {
																					if(lstrcmpiA(_t116, "/autonext") != 0) {
																						if(lstrcmpiA(_t116, "/ignorebtn") != 0) {
																							if( *0x32efcd4 != 0) {
																								_t121 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
																								_t11 = _t121 + 4; // 0x4
																								lstrcpynA(_t11, _t116,  *0x32efcd0);
																								_t111 =  *0x32efcd4;
																								 *_t121 =  *_t111;
																								 *_t111 = _t121;
																							}
																							break;
																						}
																						 *0x32ee220 = E032B0F40(_t119);
																						continue;
																					}
																					 *0x32ee234 = 1;
																					continue;
																				}
																				 *0x32ee230 = 1;
																				continue;
																			}
																			_t53 =  *0x32efc94;
																			if( *0x32efc94 == 0) {
																				 *0x32efc94 = GlobalAlloc(0x40,  *0x32efcd0);
																			}
																			E032B0FC0(_t53);
																			_t55 =  *0x32efc98;
																			_t125 = _t122 + 4;
																			if( *0x32efc98 == 0) {
																				 *0x32efc98 = GlobalAlloc(0x40,  *0x32efcd0);
																			}
																			E032B0FC0(_t55);
																			_t122 = _t125 + 4;
																		}
																		continue;
																	}
																	_t57 =  *0x32efc84;
																	if( *0x32efc84 == 0) {
																		 *0x32efc84 = GlobalAlloc(0x40,  *0x32efcd0);
																	}
																	E032B0FC0(_t57);
																	_t122 = _t122 + 4;
																	if( *0x32ee21c == 0) {
																		 *0x32ee21c = GlobalAlloc(0x40,  *0x32efcd0);
																	}
																	continue;
																}
																_t60 =  *0x32efc9c;
																if( *0x32efc9c == 0) {
																	 *0x32efc9c = GlobalAlloc(0x40,  *0x32efcd0);
																}
																E032B0FC0(_t60);
																_t62 =  *0x32efca0;
																_t126 = _t122 + 4;
																if( *0x32efca0 == 0) {
																	 *0x32efca0 = GlobalAlloc(0x40,  *0x32efcd0);
																}
																E032B0FC0(_t62);
																_t122 = _t126 + 4;
																continue;
															}
															_t64 =  *0x32efcb0;
															if( *0x32efcb0 == 0) {
																 *0x32efcb0 = GlobalAlloc(0x40,  *0x32efcd0);
															}
															E032B0FC0(_t64);
															_t122 = _t122 + 4;
															continue;
														}
														_t66 =  *0x32efcb4;
														if( *0x32efcb4 == 0) {
															 *0x32efcb4 = GlobalAlloc(0x40,  *0x32efcd0);
														}
														E032B0FC0(_t66);
														_t122 = _t122 + 4;
														continue;
													}
													E032B0FC0(_t116);
													_t122 = _t122 + 4;
													SetWindowTextA( *0x32efccc, _t116);
													continue;
												}
												_t70 =  *0x32efc80;
												if( *0x32efc80 == 0) {
													 *0x32efc80 = GlobalAlloc(0x40,  *0x32efcd0);
												}
												E032B0FC0(_t70);
												_t122 = _t122 + 4;
												continue;
											}
											_t112 =  *0x32efc7c;
											if(_t112 == 0) {
												_t112 = GlobalAlloc(0x40,  *0x32efcd0);
												 *0x32efc7c = _t112;
											}
											goto L28;
										}
										_t112 =  *0x32efc78;
										if(_t112 == 0) {
											_t112 = GlobalAlloc(0x40,  *0x32efcd0);
											 *0x32efc78 = _t112;
										}
										goto L28;
									}
									_t112 =  *0x32efc74;
									if(_t112 == 0) {
										_t112 = GlobalAlloc(0x40,  *0x32efcd0);
										 *0x32efc74 = _t112;
									}
									goto L28;
								}
								_t112 =  *0x32efc70;
								if(_t112 == 0) {
									_t112 = GlobalAlloc(0x40,  *0x32efcd0);
									 *0x32efc70 = _t112;
								}
								goto L28;
							}
							_t112 =  *0x32efcac;
							if(_t112 == 0) {
								_t112 = GlobalAlloc(0x40,  *0x32efcd0);
								 *0x32efcac = _t112;
							}
							goto L28;
						} else {
							_t112 =  *0x32efca8;
							if(_t112 == 0) {
								_t112 = GlobalAlloc(0x40,  *0x32efcd0);
								 *0x32efca8 = _t112;
							}
							L28:
							_t106 =  *0x32efcd4;
							if(_t106 != 0) {
								_t72 =  *_t106;
								_v8 = _t72;
								if(_t72 != 0) {
									lstrcpyA(_t112, _t72 + 4);
									_t113 = _v8;
									 *( *0x32efcd4) =  *_t113;
									GlobalFree(_t113);
								}
							}
							continue;
						}
					} else {
						_t108 =  *0x32efca4;
						if(_t108 == 0) {
							_t108 = GlobalAlloc(0x40,  *0x32efcd0);
							 *0x32efca4 = _t108;
						}
						_t84 =  *0x32efcd4;
						if(_t84 != 0) {
							_t88 =  *_t84;
							_v8 = _t88;
							if(_t88 != 0) {
								lstrcpyA(_t108, _t88 + 4);
								_t114 = _v8;
								 *( *0x32efcd4) =  *_t114;
								GlobalFree(_t114);
							}
						}
						_t85 = _a4;
						 *0x32ee1d8 = _t85;
						 *((intOrPtr*)( *((intOrPtr*)(_t85 + 0xc))))( *0x32efcc4, E032AFFB0);
						continue;
					}
				}
				GlobalFree(_t116);
				_t14 = CreateDialogParamA( *0x32efcc4, 0x65,  *0x32efccc, E032AE090, 0);
				 *0x32ee1dc = _t14;
				return _t14;
			}





























                                                                                                                                  0x032af90b
                                                                                                                                  0x032af916
                                                                                                                                  0x032af91f
                                                                                                                                  0x032af926
                                                                                                                                  0x032af92d
                                                                                                                                  0x032af934
                                                                                                                                  0x032af93c
                                                                                                                                  0x032af93e
                                                                                                                                  0x032af944
                                                                                                                                  0x032af946
                                                                                                                                  0x032af950
                                                                                                                                  0x032af950
                                                                                                                                  0x032af958
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032af95e
                                                                                                                                  0x032af960
                                                                                                                                  0x032af965
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032af970
                                                                                                                                  0x032af976
                                                                                                                                  0x032af981
                                                                                                                                  0x032af983
                                                                                                                                  0x032af993
                                                                                                                                  0x032afa09
                                                                                                                                  0x032afa3a
                                                                                                                                  0x032afa6b
                                                                                                                                  0x032afa99
                                                                                                                                  0x032afac3
                                                                                                                                  0x032afaed
                                                                                                                                  0x032afb54
                                                                                                                                  0x032afb86
                                                                                                                                  0x032afbad
                                                                                                                                  0x032afbdf
                                                                                                                                  0x032afc11
                                                                                                                                  0x032afc64
                                                                                                                                  0x032afcb2
                                                                                                                                  0x032afd76
                                                                                                                                  0x032afd80
                                                                                                                                  0x032afd88
                                                                                                                                  0x032afd8a
                                                                                                                                  0x032afd91
                                                                                                                                  0x032afd9d
                                                                                                                                  0x032afd9d
                                                                                                                                  0x032afda3
                                                                                                                                  0x032afda8
                                                                                                                                  0x032afdad
                                                                                                                                  0x032afdb2
                                                                                                                                  0x032afdbe
                                                                                                                                  0x032afdbe
                                                                                                                                  0x032afdc4
                                                                                                                                  0x032afdc9
                                                                                                                                  0x032afdc9
                                                                                                                                  0x032afdcc
                                                                                                                                  0x032afdd3
                                                                                                                                  0x032afddf
                                                                                                                                  0x032afddf
                                                                                                                                  0x032afde5
                                                                                                                                  0x032afdea
                                                                                                                                  0x032afdef
                                                                                                                                  0x032afdf4
                                                                                                                                  0x032afe00
                                                                                                                                  0x032afe00
                                                                                                                                  0x032afe06
                                                                                                                                  0x032afe0b
                                                                                                                                  0x032afcc8
                                                                                                                                  0x032afcd2
                                                                                                                                  0x032afd25
                                                                                                                                  0x032afd40
                                                                                                                                  0x032afd5b
                                                                                                                                  0x032afe1a
                                                                                                                                  0x032afe2f
                                                                                                                                  0x032afe32
                                                                                                                                  0x032afe36
                                                                                                                                  0x032afe3c
                                                                                                                                  0x032afe44
                                                                                                                                  0x032afe46
                                                                                                                                  0x032afe46
                                                                                                                                  0x00000000
                                                                                                                                  0x032afe1a
                                                                                                                                  0x032afd66
                                                                                                                                  0x00000000
                                                                                                                                  0x032afd66
                                                                                                                                  0x032afd42
                                                                                                                                  0x00000000
                                                                                                                                  0x032afd42
                                                                                                                                  0x032afd27
                                                                                                                                  0x00000000
                                                                                                                                  0x032afd27
                                                                                                                                  0x032afcd4
                                                                                                                                  0x032afcdb
                                                                                                                                  0x032afce7
                                                                                                                                  0x032afce7
                                                                                                                                  0x032afced
                                                                                                                                  0x032afcf2
                                                                                                                                  0x032afcf7
                                                                                                                                  0x032afcfc
                                                                                                                                  0x032afd08
                                                                                                                                  0x032afd08
                                                                                                                                  0x032afd0e
                                                                                                                                  0x032afd13
                                                                                                                                  0x032afd13
                                                                                                                                  0x00000000
                                                                                                                                  0x032afcb2
                                                                                                                                  0x032afc66
                                                                                                                                  0x032afc6d
                                                                                                                                  0x032afc79
                                                                                                                                  0x032afc79
                                                                                                                                  0x032afc7f
                                                                                                                                  0x032afc84
                                                                                                                                  0x032afc8e
                                                                                                                                  0x032afc9e
                                                                                                                                  0x032afc9e
                                                                                                                                  0x00000000
                                                                                                                                  0x032afc8e
                                                                                                                                  0x032afc13
                                                                                                                                  0x032afc1a
                                                                                                                                  0x032afc26
                                                                                                                                  0x032afc26
                                                                                                                                  0x032afc2c
                                                                                                                                  0x032afc31
                                                                                                                                  0x032afc36
                                                                                                                                  0x032afc3b
                                                                                                                                  0x032afc47
                                                                                                                                  0x032afc47
                                                                                                                                  0x032afc4d
                                                                                                                                  0x032afc52
                                                                                                                                  0x00000000
                                                                                                                                  0x032afc52
                                                                                                                                  0x032afbe1
                                                                                                                                  0x032afbe8
                                                                                                                                  0x032afbf4
                                                                                                                                  0x032afbf4
                                                                                                                                  0x032afbfa
                                                                                                                                  0x032afbff
                                                                                                                                  0x00000000
                                                                                                                                  0x032afbff
                                                                                                                                  0x032afbaf
                                                                                                                                  0x032afbb6
                                                                                                                                  0x032afbc2
                                                                                                                                  0x032afbc2
                                                                                                                                  0x032afbc8
                                                                                                                                  0x032afbcd
                                                                                                                                  0x00000000
                                                                                                                                  0x032afbcd
                                                                                                                                  0x032afb89
                                                                                                                                  0x032afb8e
                                                                                                                                  0x032afb98
                                                                                                                                  0x00000000
                                                                                                                                  0x032afb98
                                                                                                                                  0x032afb56
                                                                                                                                  0x032afb5d
                                                                                                                                  0x032afb69
                                                                                                                                  0x032afb69
                                                                                                                                  0x032afb6f
                                                                                                                                  0x032afb74
                                                                                                                                  0x00000000
                                                                                                                                  0x032afb74
                                                                                                                                  0x032afaef
                                                                                                                                  0x032afaf7
                                                                                                                                  0x032afb03
                                                                                                                                  0x032afb05
                                                                                                                                  0x032afb05
                                                                                                                                  0x00000000
                                                                                                                                  0x032afaf7
                                                                                                                                  0x032afac5
                                                                                                                                  0x032afacd
                                                                                                                                  0x032afad9
                                                                                                                                  0x032afadb
                                                                                                                                  0x032afadb
                                                                                                                                  0x00000000
                                                                                                                                  0x032afacd
                                                                                                                                  0x032afa9b
                                                                                                                                  0x032afaa3
                                                                                                                                  0x032afaaf
                                                                                                                                  0x032afab1
                                                                                                                                  0x032afab1
                                                                                                                                  0x00000000
                                                                                                                                  0x032afaa3
                                                                                                                                  0x032afa6d
                                                                                                                                  0x032afa75
                                                                                                                                  0x032afa85
                                                                                                                                  0x032afa87
                                                                                                                                  0x032afa87
                                                                                                                                  0x00000000
                                                                                                                                  0x032afa75
                                                                                                                                  0x032afa3c
                                                                                                                                  0x032afa44
                                                                                                                                  0x032afa54
                                                                                                                                  0x032afa56
                                                                                                                                  0x032afa56
                                                                                                                                  0x00000000
                                                                                                                                  0x032afa0b
                                                                                                                                  0x032afa0b
                                                                                                                                  0x032afa13
                                                                                                                                  0x032afa23
                                                                                                                                  0x032afa25
                                                                                                                                  0x032afa25
                                                                                                                                  0x032afb0b
                                                                                                                                  0x032afb0b
                                                                                                                                  0x032afb13
                                                                                                                                  0x032afb19
                                                                                                                                  0x032afb1b
                                                                                                                                  0x032afb20
                                                                                                                                  0x032afb30
                                                                                                                                  0x032afb32
                                                                                                                                  0x032afb3d
                                                                                                                                  0x032afb3f
                                                                                                                                  0x032afb3f
                                                                                                                                  0x032afb20
                                                                                                                                  0x00000000
                                                                                                                                  0x032afb13
                                                                                                                                  0x032af995
                                                                                                                                  0x032af995
                                                                                                                                  0x032af99d
                                                                                                                                  0x032af9a9
                                                                                                                                  0x032af9ab
                                                                                                                                  0x032af9ab
                                                                                                                                  0x032af9b1
                                                                                                                                  0x032af9b8
                                                                                                                                  0x032af9ba
                                                                                                                                  0x032af9bc
                                                                                                                                  0x032af9c1
                                                                                                                                  0x032af9cd
                                                                                                                                  0x032af9cf
                                                                                                                                  0x032af9da
                                                                                                                                  0x032af9dc
                                                                                                                                  0x032af9dc
                                                                                                                                  0x032af9c1
                                                                                                                                  0x032af9e2
                                                                                                                                  0x032af9f0
                                                                                                                                  0x032af9f8
                                                                                                                                  0x00000000
                                                                                                                                  0x032af9f8
                                                                                                                                  0x032af993
                                                                                                                                  0x032afe49
                                                                                                                                  0x032afe64
                                                                                                                                  0x032afe6c
                                                                                                                                  0x032afe75

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AF93C
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,-00000004,?,?,?,?,?,032B199F,?), ref: 032AF970
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF983
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/cbaddress,?,?,?,?,?,032B199F,?), ref: 032AF98F
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032AF9A7
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF9DC
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/progress,?,?,?,?,?,032B199F,?), ref: 032AFA05
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFA21
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/forcetext,?,?,?,?,?,032B199F,?), ref: 032AFA36
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFA52
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/heading,?,?,?,?,?,032B199F,?), ref: 032AFA67
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFA83
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/noprograms,?,?,?,?,?,032B199F,?), ref: 032AFA95
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFAAD
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/searching,?,?,?,?,?,032B199F,?), ref: 032AFABF
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFAD7
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/endsearch,?,?,?,?,?,032B199F,?), ref: 032AFAE9
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFB01
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AFB3F
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/endmonitor,?,?,?,?,?,032B199F,?), ref: 032AFB50
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFB67
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/caption,?,?,?,?,?,032B199F,?), ref: 032AFB82
                                                                                                                                  • SetWindowTextA.USER32(00000000), ref: 032AFB98
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/captionservicestop,?,?,?,?,?,032B199F,?), ref: 032AFBA9
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFBC0
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/menuitemsservice,?,?,?,?,?,032B199F,?), ref: 032AFBDB
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFBF2
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/menuitems,?,?,?,?,?,032B199F,?), ref: 032AFC0D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFC24
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032AFC45
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/ignore,?,?,?,?,?,032B199F,?), ref: 032AFC60
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFC77
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032AFC9C
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/autoclose,?,?,?,?,?,032B199F,?), ref: 032AFCAE
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/autoclosesilent,?,?,?,?,?,032B199F,?), ref: 032AFCBE
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/colheadings,?,?,?,?,?,032B199F,?), ref: 032AFCCE
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFCE5
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032AFD06
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/usericons,?,?,?,?,?,032B199F,?), ref: 032AFD21
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/autonext,?,?,?,?,?,032B199F,?), ref: 032AFD3C
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/ignorebtn,?,?,?,?,?,032B199F,?), ref: 032AFD57
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/autoclose,?,?,?,?,?,032B199F,?), ref: 032AFD76
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFD9B
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032AFDBC
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFDDD
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032AFDFE
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,032B199F,?), ref: 032AFE27
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,00000000,?,?,?,?,?,032B199F,?), ref: 032AFE36
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AFE49
                                                                                                                                  • CreateDialogParamA.USER32(00000065,032AE090,00000000,?,?), ref: 032AFE64
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloc$lstrcmpi$Free$CreateDialogParamTextWindowlstrcpylstrcpyn
                                                                                                                                  • String ID: /autoclose$/autoclosesilent$/autonext$/caption$/captionservicestop$/cbaddress$/colheadings$/endmonitor$/endsearch$/forcetext$/heading$/ignore$/ignorebtn$/menuitems$/menuitemsservice$/noprograms$/progress$/searching$/usericons
                                                                                                                                  • API String ID: 2214819487-913234180
                                                                                                                                  • Opcode ID: 9d1dce9984a060d634aa8ed69bf48b3e208f03d51d1e5b00bd12b2faa0edff10
                                                                                                                                  • Instruction ID: 566428849fa7bb6333b66098d153c3c2ab118faccf40664ac3cde3a2d42cfc21
                                                                                                                                  • Opcode Fuzzy Hash: 9d1dce9984a060d634aa8ed69bf48b3e208f03d51d1e5b00bd12b2faa0edff10
                                                                                                                                  • Instruction Fuzzy Hash: 7DE1D671A60623BFD711EB39BF4AF2A36A8BB49704F15D428ED04DA248EF75D481CB11
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AE0C8 Relevance: 79.1, APIs: 41, Strings: 4, Instructions: 346windowmemoryclipboardCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                  			E032AE0C8() {
				CHAR* _t96;
				CHAR* _t102;
				long _t106;
				intOrPtr _t108;
				CHAR* _t112;
				void* _t114;
				CHAR* _t117;
				CHAR* _t119;
				int _t137;
				struct HWND__** _t142;
				struct HWND__* _t148;
				int _t154;
				intOrPtr _t162;
				intOrPtr _t165;
				int _t171;
				long _t174;
				struct HMENU__* _t175;
				void* _t177;
				signed int _t178;
				void* _t179;
				void* _t183;
				CHAR* _t195;
				void* _t198;
				unsigned int _t199;
				struct HWND__** _t202;
				CHAR* _t203;
				signed int _t204;
				signed int _t205;
				void* _t207;
				void* _t209;
				void* _t210;

				if( *((intOrPtr*)(_t205 + 0x10)) !=  *0x32ee1e0) {
					L52:
					return E032BD98D( *(_t205 - 4) ^ _t205);
				}
				_t96 = GlobalAlloc(0x40,  *0x32efcd0);
				 *(_t205 - 0x3c) = _t96;
				if(_t96 == 0) {
					goto L52;
				}
				_t198 = SendMessageA;
				 *(_t205 - 0x80) = 1;
				 *(_t205 - 0x78) = 1;
				 *(_t205 - 0x6c) = _t96;
				 *(_t205 - 0x68) =  *0x32efcd0;
				_t174 = SendMessageA( *0x32ee1e0, 0x1004, 0, 0);
				 *(_t205 - 0x7c) = 0;
				if(_t174 <= 0) {
					L51:
					GlobalFree( *(_t205 - 0x3c));
					goto L52;
				} else {
					goto L3;
				}
				while(1) {
					L3:
					SendMessageA( *0x32ee1e0, 0x1005, 0, _t205 - 0x80);
					if( *( *(_t205 - 0x6c)) != 0) {
						break;
					}
					_t171 =  *(_t205 - 0x7c) + 1;
					 *(_t205 - 0x7c) = _t171;
					if(_t171 < _t174) {
						continue;
					} else {
						GlobalFree( *(_t205 - 0x3c));
						goto L52;
					}
				}
				if(_t199 != 0xffffffff) {
					_t102 = _t199;
					_t183 = _t199 >> 0x10;
				} else {
					GetWindowRect( *0x32ee1e0, _t205 - 0x2c);
					_t102 =  *(_t205 - 0x2c);
					_t183 =  *(_t205 - 0x28);
				}
				 *(_t205 - 0x30) = _t102;
				 *(_t205 - 0x1c) = _t102;
				 *(_t205 - 0x34) = _t183;
				 *((intOrPtr*)(_t205 - 0x14)) = 0xe;
				 *(_t205 - 0x18) = _t183;
				ScreenToClient( *0x32ee1e0, _t205 - 0x1c);
				_t202 = 0;
				_t106 = SendMessageA( *0x32ee1e0, 0x1012, 0, _t205 - 0x1c);
				 *(_t205 - 0x7c) = _t106;
				if(_t106 != 0xffffffff) {
					 *(_t205 - 0x80) = 4;
					 *(_t205 - 0x78) = 0;
					SendMessageA( *0x32ee1e0, 0x1005, 0, _t205 - 0x80);
					_t202 =  *(_t205 - 0x60);
					if(_t202 != 0) {
						if(_t202[1] == 0) {
							_t202 =  *_t202;
						} else {
							_t202 = 0;
						}
					}
				}
				_t175 = CreatePopupMenu();
				if(_t202 == 0) {
					L20:
					_t108 =  *0x32efca0;
					_t185 =  !=  ? _t108 : "Copy List";
					AppendMenuA(_t175, 0, 2,  !=  ? _t108 : "Copy List");
					 *(_t205 - 0x40) = TrackPopupMenu(_t175, 0x180,  *(_t205 - 0x30),  *(_t205 - 0x34), 0,  *0x32ee1e0, 0);
					DestroyMenu(_t175);
					_t112 =  *(_t205 - 0x40);
					if(_t112 != 1) {
						if(_t112 != 3) {
							if(_t112 != 2) {
								goto L51;
							}
							 *(_t205 - 0x38) = SendMessageA( *0x32ee1e0, 0x1004, 0, 0);
							_t114 = GlobalAlloc(0x40,  *0x32efcd0);
							 *(_t205 - 0x34) = _t114;
							if(_t114 == 0) {
								goto L51;
							}
							_t203 = GlobalAlloc(0x40, 5);
							 *(_t205 - 0x84) = _t203;
							if(_t203 == 0) {
								L50:
								GlobalFree( *(_t205 - 0x34));
								goto L51;
							}
							_t117 = GlobalAlloc(0x40,  *0x32efcd0);
							 *(_t205 - 0x30) = _t117;
							if(_t117 == 0) {
								L49:
								GlobalFree(_t203);
								goto L50;
							}
							_t119 = GlobalAlloc(0x40,  *0x32efcd0);
							 *(_t205 - 0x44) = _t119;
							if(_t119 == 0) {
								L48:
								GlobalFree( *(_t205 - 0x30));
								goto L49;
							}
							_t195 = GlobalAlloc(0x40,  *0x32efcd0 *  *(_t205 - 0x38));
							 *(_t205 - 0x40) = _t195;
							if(_t195 == 0) {
								L47:
								GlobalFree( *(_t205 - 0x44));
								goto L48;
							}
							 *(_t205 - 0x68) =  *0x32efcd0;
							 *(_t205 - 0x80) = 1;
							 *(_t205 - 0x78) = 0;
							 *(_t205 - 0x6c) =  *(_t205 - 0x3c);
							E032BEF40(_t198, _t195, 0,  *0x32efcd0 *  *(_t205 - 0x38));
							_t177 = 0;
							_t209 = _t207 + 0xc;
							 *(_t205 - 0x7c) = 0;
							if( *(_t205 - 0x38) <= 0) {
								L36:
								wsprintfA( *(_t205 - 0x44), "%%-2d [%%-4s] - %%-%ds - %%s\r\n", _t177);
								_t178 =  *(_t205 - 0x38);
								_t210 = _t209 + 0xc;
								 *(_t205 - 0x7c) = 0;
								if(_t178 <= 0) {
									L46:
									OpenClipboard( *0x32efccc);
									EmptyClipboard();
									_t179 =  *(_t205 - 0x40);
									SetClipboardData(1, _t179);
									CloseClipboard();
									GlobalFree(_t179);
									goto L47;
								}
								asm("o16 nop [eax+eax]");
								do {
									 *(_t205 - 0x6c) =  *(_t205 - 0x34);
									 *(_t205 - 0x68) =  *0x32efcd0;
									 *(_t205 - 0x80) = 1;
									 *(_t205 - 0x78) = 1;
									SendMessageA( *0x32ee1e0, 0x1005, 0, _t205 - 0x80);
									if( *( *(_t205 - 0x6c)) == 0) {
										goto L45;
									}
									 *(_t205 - 0x6c) =  *(_t205 - 0x3c);
									 *(_t205 - 0x68) =  *0x32efcd0;
									 *(_t205 - 0x80) = 5;
									 *(_t205 - 0x78) = 0;
									SendMessageA( *0x32ee1e0, 0x1005, 0, _t205 - 0x80);
									_t142 =  *(_t205 - 0x60);
									if(_t142 == 0 || _t142[1] != 0) {
										L43:
										lstrcpyA(_t203, "?");
										goto L44;
									} else {
										_t148 =  *_t142;
										if(_t148 == 0) {
											goto L43;
										}
										wsprintfA(_t203, "%u",  *((intOrPtr*)(_t148 + 4)));
										_t210 = _t210 + 0xc;
										L44:
										wsprintfA( *(_t205 - 0x30),  *(_t205 - 0x44),  *(_t205 - 0x7c) + 1, _t203,  *(_t205 - 0x3c),  *(_t205 - 0x34));
										_t210 = _t210 + 0x18;
										lstrcatA( *(_t205 - 0x40),  *(_t205 - 0x30));
									}
									L45:
									_t137 =  *(_t205 - 0x7c) + 1;
									 *(_t205 - 0x7c) = _t137;
								} while (_t137 < _t178);
								goto L46;
							}
							_t204 =  *(_t205 - 0x38);
							do {
								SendMessageA( *0x32ee1e0, 0x1005, 0, _t205 - 0x80);
								_t177 =  >  ? lstrlenA( *(_t205 - 0x6c)) : _t177;
								_t154 =  *(_t205 - 0x7c) + 1;
								 *(_t205 - 0x7c) = _t154;
							} while (_t154 < _t204);
							_t203 =  *(_t205 - 0x84);
							goto L36;
						}
						if( *0x32efc68 == 0) {
							goto L51;
						}
						asm("movups xmm0, [esi+0xc]");
						asm("movups [edx], xmm0");
						asm("movups xmm0, [esi+0x1c]");
						asm("movups [edx+0x10], xmm0");
						asm("movq xmm0, [esi+0x2c]");
						asm("movq [edx+0x20], xmm0");
						 *(_t207 - 0x2c + 0x28) = _t202[0xd];
						E032B74A0();
						GlobalFree( *(_t205 - 0x3c));
						goto L52;
					}
					if(IsWindow( *_t202) == 0) {
						goto L51;
					}
					E032ADD80( *_t202);
					GlobalFree( *(_t205 - 0x3c));
					goto L52;
				} else {
					if(IsWindow( *_t202) == 0) {
						if(_t202[2] == 0) {
							goto L20;
						}
						_t162 =  *0x32efcb0;
						_t192 =  !=  ? _t162 : "Stop this service";
						_push( !=  ? _t162 : "Stop this service");
						_push(3);
						L19:
						AppendMenuA(_t175, 0, ??, ??);
						goto L20;
					}
					_t165 =  *0x32efc9c;
					_t194 =  !=  ? _t165 : "Close";
					_push( !=  ? _t165 : "Close");
					_push(1);
					goto L19;
				}
			}


































                                                                                                                                  0x032ae0d1
                                                                                                                                  0x032ae5bb
                                                                                                                                  0x032ae5cd
                                                                                                                                  0x032ae5cd
                                                                                                                                  0x032ae0df
                                                                                                                                  0x032ae0e5
                                                                                                                                  0x032ae0ea
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae0f6
                                                                                                                                  0x032ae10b
                                                                                                                                  0x032ae112
                                                                                                                                  0x032ae119
                                                                                                                                  0x032ae11c
                                                                                                                                  0x032ae121
                                                                                                                                  0x032ae123
                                                                                                                                  0x032ae12c
                                                                                                                                  0x032ae550
                                                                                                                                  0x032ae553
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae132
                                                                                                                                  0x032ae132
                                                                                                                                  0x032ae143
                                                                                                                                  0x032ae14b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae150
                                                                                                                                  0x032ae151
                                                                                                                                  0x032ae156
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae158
                                                                                                                                  0x032ae15b
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae15b
                                                                                                                                  0x032ae156
                                                                                                                                  0x032ae169
                                                                                                                                  0x032ae183
                                                                                                                                  0x032ae189
                                                                                                                                  0x032ae16b
                                                                                                                                  0x032ae175
                                                                                                                                  0x032ae17b
                                                                                                                                  0x032ae17e
                                                                                                                                  0x032ae17e
                                                                                                                                  0x032ae18c
                                                                                                                                  0x032ae18f
                                                                                                                                  0x032ae19c
                                                                                                                                  0x032ae19f
                                                                                                                                  0x032ae1a6
                                                                                                                                  0x032ae1a9
                                                                                                                                  0x032ae1b2
                                                                                                                                  0x032ae1c1
                                                                                                                                  0x032ae1c3
                                                                                                                                  0x032ae1c9
                                                                                                                                  0x032ae1ce
                                                                                                                                  0x032ae1e2
                                                                                                                                  0x032ae1e5
                                                                                                                                  0x032ae1e7
                                                                                                                                  0x032ae1ec
                                                                                                                                  0x032ae1f2
                                                                                                                                  0x032ae1f8
                                                                                                                                  0x032ae1f4
                                                                                                                                  0x032ae1f4
                                                                                                                                  0x032ae1f4
                                                                                                                                  0x032ae1f2
                                                                                                                                  0x032ae1ec
                                                                                                                                  0x032ae200
                                                                                                                                  0x032ae204
                                                                                                                                  0x032ae248
                                                                                                                                  0x032ae248
                                                                                                                                  0x032ae254
                                                                                                                                  0x032ae25d
                                                                                                                                  0x032ae280
                                                                                                                                  0x032ae283
                                                                                                                                  0x032ae289
                                                                                                                                  0x032ae28f
                                                                                                                                  0x032ae2bc
                                                                                                                                  0x032ae306
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae32b
                                                                                                                                  0x032ae32e
                                                                                                                                  0x032ae330
                                                                                                                                  0x032ae335
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae341
                                                                                                                                  0x032ae343
                                                                                                                                  0x032ae34b
                                                                                                                                  0x032ae547
                                                                                                                                  0x032ae54a
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae54a
                                                                                                                                  0x032ae359
                                                                                                                                  0x032ae35b
                                                                                                                                  0x032ae360
                                                                                                                                  0x032ae540
                                                                                                                                  0x032ae541
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae541
                                                                                                                                  0x032ae36e
                                                                                                                                  0x032ae370
                                                                                                                                  0x032ae375
                                                                                                                                  0x032ae537
                                                                                                                                  0x032ae53a
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae53a
                                                                                                                                  0x032ae38a
                                                                                                                                  0x032ae38c
                                                                                                                                  0x032ae391
                                                                                                                                  0x032ae52e
                                                                                                                                  0x032ae531
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae531
                                                                                                                                  0x032ae3a0
                                                                                                                                  0x032ae3a7
                                                                                                                                  0x032ae3ae
                                                                                                                                  0x032ae3b5
                                                                                                                                  0x032ae3bc
                                                                                                                                  0x032ae3c1
                                                                                                                                  0x032ae3c3
                                                                                                                                  0x032ae3c6
                                                                                                                                  0x032ae3cc
                                                                                                                                  0x032ae403
                                                                                                                                  0x032ae40c
                                                                                                                                  0x032ae412
                                                                                                                                  0x032ae415
                                                                                                                                  0x032ae418
                                                                                                                                  0x032ae421
                                                                                                                                  0x032ae503
                                                                                                                                  0x032ae509
                                                                                                                                  0x032ae50f
                                                                                                                                  0x032ae515
                                                                                                                                  0x032ae51b
                                                                                                                                  0x032ae521
                                                                                                                                  0x032ae528
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae528
                                                                                                                                  0x032ae427
                                                                                                                                  0x032ae430
                                                                                                                                  0x032ae433
                                                                                                                                  0x032ae43b
                                                                                                                                  0x032ae44f
                                                                                                                                  0x032ae456
                                                                                                                                  0x032ae45d
                                                                                                                                  0x032ae465
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae46e
                                                                                                                                  0x032ae476
                                                                                                                                  0x032ae48a
                                                                                                                                  0x032ae491
                                                                                                                                  0x032ae498
                                                                                                                                  0x032ae49a
                                                                                                                                  0x032ae49f
                                                                                                                                  0x032ae4c1
                                                                                                                                  0x032ae4c7
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae4a7
                                                                                                                                  0x032ae4a7
                                                                                                                                  0x032ae4ab
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae4b6
                                                                                                                                  0x032ae4bc
                                                                                                                                  0x032ae4cd
                                                                                                                                  0x032ae4df
                                                                                                                                  0x032ae4e5
                                                                                                                                  0x032ae4ee
                                                                                                                                  0x032ae4ee
                                                                                                                                  0x032ae4f4
                                                                                                                                  0x032ae4f7
                                                                                                                                  0x032ae4f8
                                                                                                                                  0x032ae4fb
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae430
                                                                                                                                  0x032ae3ce
                                                                                                                                  0x032ae3d1
                                                                                                                                  0x032ae3e2
                                                                                                                                  0x032ae3ef
                                                                                                                                  0x032ae3f5
                                                                                                                                  0x032ae3f6
                                                                                                                                  0x032ae3f9
                                                                                                                                  0x032ae3fd
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae3fd
                                                                                                                                  0x032ae2c6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae2cc
                                                                                                                                  0x032ae2d8
                                                                                                                                  0x032ae2db
                                                                                                                                  0x032ae2df
                                                                                                                                  0x032ae2e3
                                                                                                                                  0x032ae2e8
                                                                                                                                  0x032ae2ed
                                                                                                                                  0x032ae2f0
                                                                                                                                  0x032ae2f8
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae2f8
                                                                                                                                  0x032ae29b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae2a3
                                                                                                                                  0x032ae2ae
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae206
                                                                                                                                  0x032ae210
                                                                                                                                  0x032ae22a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae22c
                                                                                                                                  0x032ae238
                                                                                                                                  0x032ae23b
                                                                                                                                  0x032ae23c
                                                                                                                                  0x032ae23e
                                                                                                                                  0x032ae246
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae246
                                                                                                                                  0x032ae212
                                                                                                                                  0x032ae21e
                                                                                                                                  0x032ae221
                                                                                                                                  0x032ae222
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae222

                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$MessageSend$Alloc$ClipboardMenu$Windowwsprintf$Popup$AppendClientCloseCreateDataDestroyEmptyOpenRectScreenTracklstrcatlstrcpylstrlen
                                                                                                                                  • String ID: %%-2d [%%-4s] - %%-%ds - %%s$Close$Copy List$Stop this service
                                                                                                                                  • API String ID: 2503073370-3666377964
                                                                                                                                  • Opcode ID: 202d2135fbf6391861492290510f9e288314853db971a98a3cb2384199b3f664
                                                                                                                                  • Instruction ID: 4d83b83955344e63cd0fda9eeda0db9c095ec012470fe41b3e5f0a076c74d55f
                                                                                                                                  • Opcode Fuzzy Hash: 202d2135fbf6391861492290510f9e288314853db971a98a3cb2384199b3f664
                                                                                                                                  • Instruction Fuzzy Hash: 37D15070D10625AFEB11EFA8EC89BADBBB4FF08700F158019F915AB294DB719891CF10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AEC10 Relevance: 72.2, APIs: 35, Strings: 6, Instructions: 427windowsleepmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 80%
                                                                                                                                  			E032AEC10(void* _a4) {
				int _v8;
				char _v12;
				char* _v40;
				int _v44;
				intOrPtr _v52;
				int _v64;
				int _v68;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				int _t56;
				CHAR* _t57;
				int _t58;
				intOrPtr _t61;
				CHAR* _t69;
				CHAR* _t71;
				char* _t74;
				char* _t75;
				char* _t81;
				int _t82;
				int _t83;
				char* _t84;
				char* _t92;
				int _t94;
				char* _t95;
				char* _t96;
				char* _t98;
				void* _t99;
				int _t105;
				char* _t106;
				char* _t111;
				void* _t112;
				long _t117;
				char* _t118;
				signed int _t124;
				intOrPtr _t127;
				void* _t134;
				intOrPtr* _t144;
				char _t145;
				void* _t150;
				void* _t152;
				char* _t154;
				void* _t156;
				char* _t157;
				char* _t158;
				struct HWND__** _t159;
				struct HWND__* _t160;
				void* _t161;
				void* _t162;

				_t139 =  >  ? _a4 : 0;
				E032B0900(_t134, _t150, _t152, 0,  >  ? _a4 : 0);
				_t162 = _t161 + 8;
				_t56 = SendMessageA( *0x32ee1e0, 0x1004, 0, 0) + 0xffffffff;
				 *0x32ee238 = _t56;
				_v64 = 0;
				if(_t56 != 0) {
					_t57 =  *0x32efc84;
					__eflags = _t57;
					if(_t57 != 0) {
						__eflags =  *_t57;
						if( *_t57 != 0) {
							SetWindowTextA( *0x32ee1e8, _t57);
						}
					}
					_t58 = SendMessageA( *0x32ee1e4, 0xf0, 0, 0);
					__eflags = _t58 - 1;
					if(_t58 == 1) {
						__eflags =  *0x32ee23c;
						if( *0x32ee23c != 0) {
							EnableWindow( *0x32ee1e8, _t58);
						}
					}
				} else {
					EnableWindow( *0x32ee1e8, 1);
					if( *0x32ee234 != 0) {
						 *0x32ee224 = 0;
						PostMessageA( *0x32efccc, 0x408, 1, 0);
					}
				}
				SendMessageA( *0x32ee1e0, 0x1008,  *0x32ee238, 0);
				if( *0x32ee204 == 0) {
					__eflags =  *0x32ee238;
					if( *0x32ee238 <= 0) {
						L84:
						_v68 =  *0x32ee238;
						_t61 =  *0x32efc74;
						_v72 = 3;
						_t141 =  !=  ? _t61 : "No programs that have to be closed are running";
						_v44 = 0;
						_v52 =  !=  ? _t61 : "No programs that have to be closed are running";
						SendMessageA( *0x32ee1e0, 0x1007, 0,  &_v72);
						if( *0x32ee228 != 0 ||  *0x32ee234 != 0) {
							 *0x32ee224 = 0;
							PostMessageA( *0x32efccc, 0x408, 1, 0);
						} else {
							EnableWindow( *0x32ee1e8, 1);
							_t69 =  *0x32ee21c;
							if(_t69 != 0 &&  *_t69 != 0) {
								SetWindowTextA( *0x32ee1e8, _t69);
							}
						}
						L90:
						SendMessageA( *0x32ee1e0, 0x1013,  *0x32ee238, 0);
						 *0x32ee208 = 1;
						PostMessageA( *0x32ee1dc, 0x10, 0, 0);
						return 0;
					}
					_t71 = GlobalAlloc(0x40, 0x100);
					_a4 = _t71;
					GetWindowTextA( *0x32efccc, _t71, 0x100);
					__eflags =  *0x32ee238;
					_v72 = 4;
					if( *0x32ee238 <= 0) {
						L80:
						GlobalFree(_a4);
						_t74 =  *0x32ee238;
						__eflags = _t74;
						if(_t74 == 0) {
							L83:
							if( *0x32ee204 != 0) {
								goto L90;
							}
							goto L84;
						}
						_v68 = _t74;
						_t75 =  *0x32efc80;
						__eflags = _t75;
						_v72 = 3;
						_t143 =  !=  ? _t75 : "Ending program monitoring, please wait...";
						_v44 = 0;
						_v52 =  !=  ? _t75 : "Ending program monitoring, please wait...";
						_push( &_v72);
						_push(0);
						_push(0x1007);
						L82:
						SendMessageA( *0x32ee1e0, ??, ??, ??);
						goto L83;
					}
					_t144 = MessageBoxA;
					while(1) {
						L14:
						__eflags =  *0x32ee204;
						if( *0x32ee204 != 0) {
							break;
						}
						__eflags =  *0x32ee228 - 1;
						if( *0x32ee228 != 1) {
							__eflags =  *0x32ee228 - 2;
							if( *0x32ee228 != 2) {
								__eflags =  *0x32ee228 - 3;
								if( *0x32ee228 != 3) {
									L58:
									__eflags =  *0x32ee238;
									_v68 = 0;
									if( *0x32ee238 <= 0) {
										L72:
										_t154 = 0;
										__eflags = 0;
										while(1) {
											__eflags =  *0x32ee204;
											if( *0x32ee204 != 0) {
												break;
											}
											__eflags =  *0x32ee238;
											if(__eflags == 0) {
												L78:
												_t144 = MessageBoxA;
												if(__eflags > 0) {
													goto L14;
												}
												goto L79;
											}
											__eflags =  *0x32ee228;
											if( *0x32ee228 != 0) {
												break;
											}
											Sleep(0xa);
											_t154 = _t154 + 1;
											__eflags = _t154 - 0x64;
											if(_t154 < 0x64) {
												continue;
											}
											break;
										}
										__eflags =  *0x32ee238;
										goto L78;
									}
									asm("o16 nop [eax+eax]");
									while(1) {
										__eflags =  *0x32ee204;
										if( *0x32ee204 != 0) {
											goto L72;
										}
										SendMessageA( *0x32ee1e0, 0x1005, 0,  &_v72);
										_t81 = _v40;
										__eflags = _t81;
										if(_t81 == 0) {
											L70:
											_t82 = _v68;
											L71:
											_t83 = _t82 + 1;
											_v68 = _t83;
											__eflags = _t83 -  *0x32ee238;
											if(_t83 <  *0x32ee238) {
												continue;
											}
											goto L72;
										}
										__eflags = _t81[4];
										_t145 =  *_t81;
										if(_t81[4] != 0) {
											_t117 = E032AF7B0(_t145,  *_t145);
											_t162 = _t162 + 4;
										} else {
											_v8 = 0;
											_v12 =  *((intOrPtr*)(_t145 + 4));
											_t124 = E032B79F0(_t145, E032AEAA0,  &_v12);
											asm("sbb eax, eax");
											_t117 =  ~_t124 + 1;
										}
										__eflags = _t117;
										if(_t117 != 0) {
											goto L70;
										} else {
											_t118 = SendMessageA( *0x32ee1e0, 0x1008, _v68, _t117);
											__eflags = _t118;
											if(_t118 == 0) {
												goto L70;
											}
											_t156 = _v40;
											__eflags = _t156;
											if(_t156 != 0) {
												GlobalFree( *_t156);
												GlobalFree(_t156);
											}
											 *0x32ee238 =  *0x32ee238 - 1;
											_t82 = _v68 - 1;
											goto L71;
										}
									}
									goto L72;
								}
								_t84 =  *0x32efc88;
								__eflags = _t84;
								if(_t84 == 0) {
									L56:
									_t84 = "Not all processes appear to be closed.\r\nPlease close them manually to proceed with setup.";
									L57:
									 *_t144( *0x32efccc, _t84, _a4, 0x10);
									EnableWindow( *0x32ee1e8, 1);
									EnableWindow( *0x32ee1ec, 1);
									EnableWindow( *0x32ee1f0, 1);
									 *0x32ee228 = 0;
									goto L58;
								}
								__eflags =  *_t84;
								if( *_t84 != 0) {
									goto L57;
								}
								goto L56;
							}
							__eflags =  *0x32ee224 - 1;
							if( *0x32ee224 != 1) {
								L44:
								__eflags =  *0x32ee238;
								_v68 = 0;
								if( *0x32ee238 <= 0) {
									L52:
									 *0x32ee228 = 3;
									goto L58;
								}
								asm("o16 nop [eax+eax]");
								do {
									SendMessageA( *0x32ee1e0, 0x1005, 0,  &_v72);
									_t92 = _v40;
									__eflags = _t92;
									if(_t92 != 0) {
										__eflags = _t92[4];
										if(_t92[4] == 0) {
											_t95 =  *_t92;
											__eflags = _t95;
											if(_t95 != 0) {
												_t96 = _t95[4];
												__eflags = _t96;
												if(_t96 != 0) {
													E032AF880(_t96);
													_t162 = _t162 + 4;
												}
											}
										}
									}
									_t94 = _v68 + 1;
									_v68 = _t94;
									__eflags = _t94 -  *0x32ee238;
								} while (_t94 <  *0x32ee238);
								goto L52;
							}
							_t98 =  *0x32efc90;
							__eflags = _t98;
							if(_t98 == 0) {
								L41:
								_t98 = "Some processes could not be closed safely.\r\nWould you like to kill them?\r\n\r\nWARNING: Any unsaved data will be lost!";
								L42:
								_t99 =  *_t144( *0x32efccc, _t98, _a4, 0x34);
								__eflags = _t99 - 7;
								if(_t99 != 7) {
									goto L44;
								}
								E032AE6A0(1);
								_t162 = _t162 + 4;
								 *0x32ee228 = 0;
								goto L58;
							}
							__eflags =  *_t98;
							if( *_t98 != 0) {
								goto L42;
							}
							goto L41;
						}
						__eflags =  *0x32ee224 - 1;
						if( *0x32ee224 != 1) {
							L22:
							__eflags =  *0x32ee238;
							_v68 = 0;
							if( *0x32ee238 <= 0) {
								L31:
								_t157 = 0;
								__eflags = 0;
								while(1) {
									__eflags =  *0x32ee204;
									if( *0x32ee204 != 0) {
										break;
									}
									__eflags =  *0x32ee238;
									if( *0x32ee238 == 0) {
										break;
									}
									__eflags =  *0x32ee228;
									if( *0x32ee228 != 0) {
										break;
									}
									Sleep(0xa);
									_t157 = _t157 + 1;
									__eflags = _t157 - 0x64;
									if(_t157 < 0x64) {
										continue;
									}
									break;
								}
								 *0x32ee228 = 2;
								goto L58;
							} else {
								goto L23;
							}
							do {
								L23:
								SendMessageA( *0x32ee1e0, 0x1005, 0,  &_v72);
								_t158 = _v40;
								__eflags = _t158;
								if(_t158 != 0) {
									__eflags = _t158[4];
									if(_t158[4] == 0) {
										_t159 =  *_t158;
										__eflags = _t159;
										if(_t159 != 0) {
											_t106 = IsWindow( *_t159);
											__eflags = _t106;
											if(_t106 == 0) {
												__eflags = _t159[2];
												if(_t159[2] != 0) {
													asm("movups xmm0, [esi+0xc]");
													_t162 = _t162 - 0x2c;
													asm("movups [ecx], xmm0");
													asm("movups xmm0, [esi+0x1c]");
													asm("movups [ecx+0x10], xmm0");
													asm("movq xmm0, [esi+0x2c]");
													asm("movq [ecx+0x20], xmm0");
													 *(_t162 + 0x28) = _t159[0xd];
													E032B74A0();
												}
											} else {
												_t160 =  *_t159;
												SetActiveWindow(_t160);
												SendMessageTimeoutA(_t160, 0x10, 0, 0, 3, 0x3e8, 0);
											}
										}
									}
								}
								_t105 = _v68 + 1;
								_v68 = _t105;
								__eflags = _t105 -  *0x32ee238;
							} while (_t105 <  *0x32ee238);
							goto L31;
						}
						_t111 =  *0x32efc8c;
						__eflags = _t111;
						if(_t111 == 0) {
							L19:
							_t111 = "To continue with setup, the listed processes must be closed.\r\nWould you like to close them now?";
							L20:
							_t112 =  *_t144( *0x32efccc, _t111, _a4, 0x34);
							__eflags = _t112 - 7;
							if(_t112 != 7) {
								goto L22;
							}
							EnableWindow( *0x32ee1e8, 1);
							EnableWindow( *0x32ee1ec, 1);
							EnableWindow( *0x32ee1f0, 1);
							 *0x32ee228 = 0;
							goto L58;
						}
						__eflags =  *_t111;
						if( *_t111 != 0) {
							goto L20;
						}
						goto L19;
					}
					L79:
					goto L80;
				}
				_v68 =  *0x32ee238;
				_t127 =  *0x32efc7c;
				_v72 = 3;
				_t149 =  !=  ? _t127 : "Cancelling search, please wait...";
				_v44 = 0;
				_v52 =  !=  ? _t127 : "Cancelling search, please wait...";
				SendMessageA( *0x32ee1e0, 0x1007, 0,  &_v72);
				_push(0);
				_push( *0x32ee238);
				_push(0x1013);
				goto L82;
			}





















































                                                                                                                                  0x032aec20
                                                                                                                                  0x032aec26
                                                                                                                                  0x032aec31
                                                                                                                                  0x032aec4b
                                                                                                                                  0x032aec54
                                                                                                                                  0x032aec59
                                                                                                                                  0x032aec60
                                                                                                                                  0x032aec92
                                                                                                                                  0x032aec97
                                                                                                                                  0x032aec99
                                                                                                                                  0x032aec9b
                                                                                                                                  0x032aec9e
                                                                                                                                  0x032aeca7
                                                                                                                                  0x032aeca7
                                                                                                                                  0x032aec9e
                                                                                                                                  0x032aecbc
                                                                                                                                  0x032aecbe
                                                                                                                                  0x032aecc1
                                                                                                                                  0x032aecc3
                                                                                                                                  0x032aecca
                                                                                                                                  0x032aecd3
                                                                                                                                  0x032aecd3
                                                                                                                                  0x032aecca
                                                                                                                                  0x032aec62
                                                                                                                                  0x032aec6a
                                                                                                                                  0x032aec73
                                                                                                                                  0x032aec84
                                                                                                                                  0x032aec8e
                                                                                                                                  0x032aec8e
                                                                                                                                  0x032aec73
                                                                                                                                  0x032aece8
                                                                                                                                  0x032aecf1
                                                                                                                                  0x032aed40
                                                                                                                                  0x032aed47
                                                                                                                                  0x032af159
                                                                                                                                  0x032af163
                                                                                                                                  0x032af166
                                                                                                                                  0x032af16d
                                                                                                                                  0x032af174
                                                                                                                                  0x032af177
                                                                                                                                  0x032af181
                                                                                                                                  0x032af192
                                                                                                                                  0x032af19b
                                                                                                                                  0x032af1dc
                                                                                                                                  0x032af1e6
                                                                                                                                  0x032af1a6
                                                                                                                                  0x032af1ae
                                                                                                                                  0x032af1b0
                                                                                                                                  0x032af1b7
                                                                                                                                  0x032af1c5
                                                                                                                                  0x032af1c5
                                                                                                                                  0x032af1b7
                                                                                                                                  0x032af1e8
                                                                                                                                  0x032af1fb
                                                                                                                                  0x032af209
                                                                                                                                  0x032af213
                                                                                                                                  0x032af21d
                                                                                                                                  0x032af21d
                                                                                                                                  0x032aed54
                                                                                                                                  0x032aed66
                                                                                                                                  0x032aed69
                                                                                                                                  0x032aed6f
                                                                                                                                  0x032aed76
                                                                                                                                  0x032aed7d
                                                                                                                                  0x032af104
                                                                                                                                  0x032af107
                                                                                                                                  0x032af10d
                                                                                                                                  0x032af112
                                                                                                                                  0x032af114
                                                                                                                                  0x032af14c
                                                                                                                                  0x032af153
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032af153
                                                                                                                                  0x032af116
                                                                                                                                  0x032af11e
                                                                                                                                  0x032af123
                                                                                                                                  0x032af125
                                                                                                                                  0x032af12c
                                                                                                                                  0x032af12f
                                                                                                                                  0x032af139
                                                                                                                                  0x032af13c
                                                                                                                                  0x032af13d
                                                                                                                                  0x032af13f
                                                                                                                                  0x032af144
                                                                                                                                  0x032af14a
                                                                                                                                  0x00000000
                                                                                                                                  0x032af14a
                                                                                                                                  0x032aed83
                                                                                                                                  0x032aed90
                                                                                                                                  0x032aed90
                                                                                                                                  0x032aed90
                                                                                                                                  0x032aed97
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032aed9d
                                                                                                                                  0x032aeda4
                                                                                                                                  0x032aeee8
                                                                                                                                  0x032aeeef
                                                                                                                                  0x032aefa1
                                                                                                                                  0x032aefa8
                                                                                                                                  0x032aeff3
                                                                                                                                  0x032aeff3
                                                                                                                                  0x032aeffa
                                                                                                                                  0x032af001
                                                                                                                                  0x032af0b9
                                                                                                                                  0x032af0b9
                                                                                                                                  0x032af0b9
                                                                                                                                  0x032af0c0
                                                                                                                                  0x032af0c0
                                                                                                                                  0x032af0c7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032af0c9
                                                                                                                                  0x032af0d0
                                                                                                                                  0x032af0ec
                                                                                                                                  0x032af0f2
                                                                                                                                  0x032af0f8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032af0f8
                                                                                                                                  0x032af0d2
                                                                                                                                  0x032af0d9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032af0dd
                                                                                                                                  0x032af0df
                                                                                                                                  0x032af0e0
                                                                                                                                  0x032af0e3
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032af0e3
                                                                                                                                  0x032af0e5
                                                                                                                                  0x00000000
                                                                                                                                  0x032af0e5
                                                                                                                                  0x032af007
                                                                                                                                  0x032af010
                                                                                                                                  0x032af010
                                                                                                                                  0x032af017
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032af02e
                                                                                                                                  0x032af030
                                                                                                                                  0x032af033
                                                                                                                                  0x032af035
                                                                                                                                  0x032af0a6
                                                                                                                                  0x032af0a6
                                                                                                                                  0x032af0a9
                                                                                                                                  0x032af0a9
                                                                                                                                  0x032af0aa
                                                                                                                                  0x032af0ad
                                                                                                                                  0x032af0b3
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032af0b3
                                                                                                                                  0x032af037
                                                                                                                                  0x032af03b
                                                                                                                                  0x032af03d
                                                                                                                                  0x032af063
                                                                                                                                  0x032af068
                                                                                                                                  0x032af03f
                                                                                                                                  0x032af03f
                                                                                                                                  0x032af049
                                                                                                                                  0x032af055
                                                                                                                                  0x032af05c
                                                                                                                                  0x032af05e
                                                                                                                                  0x032af05e
                                                                                                                                  0x032af06b
                                                                                                                                  0x032af06d
                                                                                                                                  0x00000000
                                                                                                                                  0x032af06f
                                                                                                                                  0x032af07e
                                                                                                                                  0x032af080
                                                                                                                                  0x032af082
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032af084
                                                                                                                                  0x032af087
                                                                                                                                  0x032af089
                                                                                                                                  0x032af08d
                                                                                                                                  0x032af094
                                                                                                                                  0x032af094
                                                                                                                                  0x032af09d
                                                                                                                                  0x032af0a3
                                                                                                                                  0x00000000
                                                                                                                                  0x032af0a3
                                                                                                                                  0x032af06d
                                                                                                                                  0x00000000
                                                                                                                                  0x032af010
                                                                                                                                  0x032aefaa
                                                                                                                                  0x032aefaf
                                                                                                                                  0x032aefb1
                                                                                                                                  0x032aefb8
                                                                                                                                  0x032aefb8
                                                                                                                                  0x032aefbd
                                                                                                                                  0x032aefc9
                                                                                                                                  0x032aefd3
                                                                                                                                  0x032aefdd
                                                                                                                                  0x032aefe7
                                                                                                                                  0x032aefe9
                                                                                                                                  0x00000000
                                                                                                                                  0x032aefe9
                                                                                                                                  0x032aefb3
                                                                                                                                  0x032aefb6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032aefb6
                                                                                                                                  0x032aeef5
                                                                                                                                  0x032aeefc
                                                                                                                                  0x032aef3a
                                                                                                                                  0x032aef3a
                                                                                                                                  0x032aef41
                                                                                                                                  0x032aef48
                                                                                                                                  0x032aef95
                                                                                                                                  0x032aef9a
                                                                                                                                  0x00000000
                                                                                                                                  0x032aef9a
                                                                                                                                  0x032aef4a
                                                                                                                                  0x032aef50
                                                                                                                                  0x032aef61
                                                                                                                                  0x032aef63
                                                                                                                                  0x032aef66
                                                                                                                                  0x032aef68
                                                                                                                                  0x032aef6a
                                                                                                                                  0x032aef6e
                                                                                                                                  0x032aef70
                                                                                                                                  0x032aef72
                                                                                                                                  0x032aef74
                                                                                                                                  0x032aef76
                                                                                                                                  0x032aef79
                                                                                                                                  0x032aef7b
                                                                                                                                  0x032aef7e
                                                                                                                                  0x032aef83
                                                                                                                                  0x032aef83
                                                                                                                                  0x032aef7b
                                                                                                                                  0x032aef74
                                                                                                                                  0x032aef6e
                                                                                                                                  0x032aef89
                                                                                                                                  0x032aef8a
                                                                                                                                  0x032aef8d
                                                                                                                                  0x032aef8d
                                                                                                                                  0x00000000
                                                                                                                                  0x032aef50
                                                                                                                                  0x032aeefe
                                                                                                                                  0x032aef03
                                                                                                                                  0x032aef05
                                                                                                                                  0x032aef0c
                                                                                                                                  0x032aef0c
                                                                                                                                  0x032aef11
                                                                                                                                  0x032aef1d
                                                                                                                                  0x032aef1f
                                                                                                                                  0x032aef22
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032aef26
                                                                                                                                  0x032aef2b
                                                                                                                                  0x032aef30
                                                                                                                                  0x00000000
                                                                                                                                  0x032aef30
                                                                                                                                  0x032aef07
                                                                                                                                  0x032aef0a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032aef0a
                                                                                                                                  0x032aedaa
                                                                                                                                  0x032aedb1
                                                                                                                                  0x032aee03
                                                                                                                                  0x032aee03
                                                                                                                                  0x032aee0a
                                                                                                                                  0x032aee11
                                                                                                                                  0x032aeeb2
                                                                                                                                  0x032aeeb2
                                                                                                                                  0x032aeeb2
                                                                                                                                  0x032aeeb4
                                                                                                                                  0x032aeeb4
                                                                                                                                  0x032aeebb
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032aeebd
                                                                                                                                  0x032aeec4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032aeec6
                                                                                                                                  0x032aeecd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032aeed1
                                                                                                                                  0x032aeed3
                                                                                                                                  0x032aeed4
                                                                                                                                  0x032aeed7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032aeed7
                                                                                                                                  0x032aeede
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032aee17
                                                                                                                                  0x032aee17
                                                                                                                                  0x032aee28
                                                                                                                                  0x032aee2a
                                                                                                                                  0x032aee2d
                                                                                                                                  0x032aee2f
                                                                                                                                  0x032aee31
                                                                                                                                  0x032aee35
                                                                                                                                  0x032aee37
                                                                                                                                  0x032aee39
                                                                                                                                  0x032aee3b
                                                                                                                                  0x032aee3f
                                                                                                                                  0x032aee45
                                                                                                                                  0x032aee47
                                                                                                                                  0x032aee6a
                                                                                                                                  0x032aee6e
                                                                                                                                  0x032aee70
                                                                                                                                  0x032aee77
                                                                                                                                  0x032aee7c
                                                                                                                                  0x032aee7f
                                                                                                                                  0x032aee83
                                                                                                                                  0x032aee87
                                                                                                                                  0x032aee8c
                                                                                                                                  0x032aee91
                                                                                                                                  0x032aee9a
                                                                                                                                  0x032aee9a
                                                                                                                                  0x032aee49
                                                                                                                                  0x032aee49
                                                                                                                                  0x032aee4c
                                                                                                                                  0x032aee62
                                                                                                                                  0x032aee62
                                                                                                                                  0x032aee47
                                                                                                                                  0x032aee3b
                                                                                                                                  0x032aee35
                                                                                                                                  0x032aeea2
                                                                                                                                  0x032aeea3
                                                                                                                                  0x032aeea6
                                                                                                                                  0x032aeea6
                                                                                                                                  0x00000000
                                                                                                                                  0x032aee17
                                                                                                                                  0x032aedb3
                                                                                                                                  0x032aedb8
                                                                                                                                  0x032aedba
                                                                                                                                  0x032aedc1
                                                                                                                                  0x032aedc1
                                                                                                                                  0x032aedc6
                                                                                                                                  0x032aedd2
                                                                                                                                  0x032aedd4
                                                                                                                                  0x032aedd7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032aede1
                                                                                                                                  0x032aedeb
                                                                                                                                  0x032aedf5
                                                                                                                                  0x032aedf9
                                                                                                                                  0x00000000
                                                                                                                                  0x032aedf9
                                                                                                                                  0x032aedbc
                                                                                                                                  0x032aedbf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032aedbf
                                                                                                                                  0x032af0fe
                                                                                                                                  0x00000000
                                                                                                                                  0x032af0fe
                                                                                                                                  0x032aecfd
                                                                                                                                  0x032aed00
                                                                                                                                  0x032aed07
                                                                                                                                  0x032aed0e
                                                                                                                                  0x032aed11
                                                                                                                                  0x032aed1b
                                                                                                                                  0x032aed2c
                                                                                                                                  0x032aed2e
                                                                                                                                  0x032aed30
                                                                                                                                  0x032aed36
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032B0900: GetCurrentProcessId.KERNEL32(444D31BA), ref: 032B093A
                                                                                                                                    • Part of subcall function 032B0900: LoadImageA.USER32 ref: 032B096E
                                                                                                                                    • Part of subcall function 032B0900: GetCursorPos.USER32(?), ref: 032B0980
                                                                                                                                    • Part of subcall function 032B0900: SetCursorPos.USER32(?,?), ref: 032B0994
                                                                                                                                  • SendMessageA.USER32 ref: 032AEC43
                                                                                                                                  • EnableWindow.USER32(00000001), ref: 032AEC6A
                                                                                                                                  • PostMessageA.USER32 ref: 032AEC8E
                                                                                                                                  • SetWindowTextA.USER32(?), ref: 032AECA7
                                                                                                                                  • SendMessageA.USER32 ref: 032AECBC
                                                                                                                                  • EnableWindow.USER32(00000000), ref: 032AECD3
                                                                                                                                  • SendMessageA.USER32 ref: 032AECE8
                                                                                                                                  • SendMessageA.USER32 ref: 032AED2C
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000100), ref: 032AED54
                                                                                                                                  • GetWindowTextA.USER32 ref: 032AED69
                                                                                                                                  • EnableWindow.USER32(00000001), ref: 032AEDE1
                                                                                                                                  • EnableWindow.USER32(00000001), ref: 032AEDEB
                                                                                                                                  • EnableWindow.USER32(00000001), ref: 032AEDF5
                                                                                                                                  • SendMessageA.USER32 ref: 032AEE28
                                                                                                                                  • IsWindow.USER32(?), ref: 032AEE3F
                                                                                                                                  • SetActiveWindow.USER32(?), ref: 032AEE4C
                                                                                                                                  • SendMessageTimeoutA.USER32(?,00000010,00000000,00000000,00000003,000003E8,00000000), ref: 032AEE62
                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 032AEED1
                                                                                                                                  • SendMessageA.USER32 ref: 032AEF61
                                                                                                                                  • EnableWindow.USER32(00000001), ref: 032AEFD3
                                                                                                                                  • EnableWindow.USER32(00000001), ref: 032AEFDD
                                                                                                                                  • EnableWindow.USER32(00000001), ref: 032AEFE7
                                                                                                                                  • SendMessageA.USER32 ref: 032AF02E
                                                                                                                                  • SendMessageA.USER32 ref: 032AF07E
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF08D
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF094
                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 032AF0DD
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF107
                                                                                                                                  • SendMessageA.USER32 ref: 032AF14A
                                                                                                                                  • SendMessageA.USER32 ref: 032AF192
                                                                                                                                  • EnableWindow.USER32(00000001), ref: 032AF1AE
                                                                                                                                  • SetWindowTextA.USER32(?), ref: 032AF1C5
                                                                                                                                  • PostMessageA.USER32 ref: 032AF1E6
                                                                                                                                  • SendMessageA.USER32 ref: 032AF1FB
                                                                                                                                  • PostMessageA.USER32 ref: 032AF213
                                                                                                                                  Strings
                                                                                                                                  • To continue with setup, the listed processes must be closed.Would you like to close them now?, xrefs: 032AEDC1, 032AEDCB
                                                                                                                                  • Cancelling search, please wait..., xrefs: 032AECF8
                                                                                                                                  • Some processes could not be closed safely.Would you like to kill them?WARNING: Any unsaved data will be lost!, xrefs: 032AEF0C, 032AEF16
                                                                                                                                  • Ending program monitoring, please wait..., xrefs: 032AF119
                                                                                                                                  • No programs that have to be closed are running, xrefs: 032AF15E
                                                                                                                                  • Not all processes appear to be closed.Please close them manually to proceed with setup., xrefs: 032AEFB8, 032AEFC2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$Window$Send$Enable$Global$FreePostText$CursorSleep$ActiveAllocCurrentImageLoadProcessTimeout
                                                                                                                                  • String ID: Cancelling search, please wait...$Ending program monitoring, please wait...$No programs that have to be closed are running$Not all processes appear to be closed.Please close them manually to proceed with setup.$Some processes could not be closed safely.Would you like to kill them?WARNING: Any unsaved data will be lost!$To continue with setup, the listed processes must be closed.Would you like to close them now?
                                                                                                                                  • API String ID: 3100962590-739583062
                                                                                                                                  • Opcode ID: 8e63277fa1f86bc4b085cc0809cdd7dd2a6d6e8457e506286e461b4c14ab4c94
                                                                                                                                  • Instruction ID: 8a15733da0de4f07c76f028f5df9ec41e964fb7f3f021c7433cc9c67036fb71a
                                                                                                                                  • Opcode Fuzzy Hash: 8e63277fa1f86bc4b085cc0809cdd7dd2a6d6e8457e506286e461b4c14ab4c94
                                                                                                                                  • Instruction Fuzzy Hash: EDF17F70A20615EFEB21EF58FD4AB68BBB4FB04714F168119F504AE1E8D7B1A8C1CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B5D10 Relevance: 70.3, APIs: 34, Strings: 6, Instructions: 291memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E032B5D10() {
				struct HWND__* _t11;
				void _t22;
				void _t28;
				void* _t30;
				void* _t31;
				void* _t62;
				void** _t63;
				void* _t65;
				void* _t68;
				CHAR* _t76;
				CHAR* _t78;
				CHAR* _t80;
				CHAR* _t82;
				void* _t85;
				void* _t87;
				void** _t88;
				void* _t89;
				void* _t90;
				void* _t91;
				void* _t92;
				void* _t93;
				void* _t95;
				void* _t96;
				void* _t99;
				void* _t100;

				asm("xorps xmm0, xmm0");
				asm("movups [0x32eff3c], xmm0");
				asm("movups [0x32eff4c], xmm0");
				 *0x32eff6c = 0;
				asm("movups [0x32eff5c], xmm0");
				_t62 = GlobalAlloc(0x40,  *0x32eff78);
				while(1) {
					L1:
					_t63 =  *0x32eff7c;
					L2:
					while(_t63 != 0) {
						_t85 =  *_t63;
						if(_t85 == 0) {
							break;
						}
						_t1 = _t85 + 4; // 0x76d86904
						lstrcpyA(_t62, _t1);
						 *( *0x32eff7c) =  *_t85;
						GlobalFree(_t85);
						if(lstrcmpiA(_t62, "/header") != 0) {
							if(lstrcmpiA(_t62, "/pwd") != 0) {
								if(lstrcmpiA(_t62, "/next") != 0) {
									if(lstrcmpiA(_t62, "/user") != 0) {
										if(lstrcmpiA(_t62, "/domain") != 0) {
											if(lstrcmpiA(_t62, "/errors") != 0) {
												_t74 =  *0x32eff64;
												if( *0x32eff64 == 0) {
													_t31 = GlobalAlloc(0x40,  *0x32eff78);
													_t74 = _t31;
													 *0x32eff64 = _t31;
												}
												_t65 = _t62;
												_t6 = _t65 + 1; // 0x1
												_t87 = _t6;
												do {
													_t22 =  *_t65;
													_t65 = _t65 + 1;
												} while (_t22 != 0);
												E032BF440(_t74, _t62, _t65 - _t87);
												_t88 =  *0x32eff7c;
												if(_t88 == 0) {
													break;
												}
												_t89 =  *_t88;
												if(_t89 == 0) {
													break;
												}
												lstrcpyA(_t62, _t89 + 4);
												 *( *0x32eff7c) =  *_t89;
												GlobalFree(_t89);
												_t75 =  *0x32eff6c;
												if( *0x32eff6c == 0) {
													_t30 = GlobalAlloc(0x40,  *0x32eff78);
													_t75 = _t30;
													 *0x32eff6c = _t30;
												}
												_t68 = _t62;
												_t8 = _t68 + 1; // 0x1
												_t95 = _t8;
												do {
													_t28 =  *_t68;
													_t68 = _t68 + 1;
												} while (_t28 != 0);
												E032BF440(_t75, _t62, _t68 - _t95);
												break;
											}
											_t32 =  *0x32eff58;
											if( *0x32eff58 == 0) {
												 *0x32eff58 = GlobalAlloc(0x40,  *0x32eff78);
											}
											E032B67D0(_t32);
											_t34 =  *0x32eff5c;
											_t99 = _t96 + 4;
											if( *0x32eff5c == 0) {
												 *0x32eff5c = GlobalAlloc(0x40,  *0x32eff78);
											}
											E032B67D0(_t34);
											_t36 =  *0x32eff60;
											_t100 = _t99 + 4;
											if( *0x32eff60 == 0) {
												 *0x32eff60 = GlobalAlloc(0x40,  *0x32eff78);
											}
											E032B67D0(_t36);
											_t96 = _t100 + 4;
											goto L1;
										}
										_t78 =  *0x32eff4c;
										if(_t78 == 0) {
											_t78 = GlobalAlloc(0x40,  *0x32eff78);
											 *0x32eff4c = _t78;
										}
										_t63 =  *0x32eff7c;
										if(_t63 != 0) {
											_t91 =  *_t63;
											if(_t91 != 0) {
												_t4 = _t91 + 4; // 0x76d86904
												lstrcpyA(_t78, _t4);
												 *( *0x32eff7c) =  *_t91;
												GlobalFree(_t91);
												_t63 =  *0x32eff7c;
											}
										}
										if( *0x32eff50 != 0) {
											goto L35;
										} else {
											_t82 = GlobalAlloc(0x40,  *0x32eff78);
											 *0x32eff50 = _t82;
											goto L34;
										}
									}
									_t80 =  *0x32eff40;
									if(_t80 == 0) {
										_t80 = GlobalAlloc(0x40,  *0x32eff78);
										 *0x32eff40 = _t80;
									}
									_t63 =  *0x32eff7c;
									if(_t63 != 0) {
										_t92 =  *_t63;
										if(_t92 != 0) {
											_t3 = _t92 + 4; // 0x76d86904
											lstrcpyA(_t80, _t3);
											 *( *0x32eff7c) =  *_t92;
											GlobalFree(_t92);
											_t63 =  *0x32eff7c;
										}
									}
									if( *0x32eff44 != 0) {
										goto L35;
									} else {
										_t82 = GlobalAlloc(0x40,  *0x32eff78);
										 *0x32eff44 = _t82;
										goto L34;
									}
								}
								_t82 =  *0x32eff54;
								if(_t82 == 0) {
									_t82 = GlobalAlloc(0x40,  *0x32eff78);
									 *0x32eff54 = _t82;
								}
								goto L34;
							}
							_t82 =  *0x32eff48;
							if(_t82 == 0) {
								_t82 = GlobalAlloc(0x40,  *0x32eff78);
								 *0x32eff48 = _t82;
							}
							goto L34;
						} else {
							_t76 =  *0x32eff3c;
							if(_t76 == 0) {
								_t76 = GlobalAlloc(0x40,  *0x32eff78);
								 *0x32eff3c = _t76;
							}
							_t63 =  *0x32eff7c;
							if(_t63 != 0) {
								_t93 =  *_t63;
								if(_t93 != 0) {
									_t2 = _t93 + 4; // 0x76d86904
									lstrcpyA(_t76, _t2);
									 *( *0x32eff7c) =  *_t93;
									GlobalFree(_t93);
									_t63 =  *0x32eff7c;
								}
							}
							if( *0x32eff68 != 0) {
								L35:
								if(_t63 == 0) {
									break;
								}
								_t90 =  *_t63;
								if(_t90 == 0) {
									continue;
								}
								_t5 = _t90 + 4; // 0x76d86904
								lstrcpyA(_t82, _t5);
								 *( *0x32eff7c) =  *_t90;
								GlobalFree(_t90);
								while(1) {
									L1:
									_t63 =  *0x32eff7c;
									goto L2;
								}
							}
							_t82 = GlobalAlloc(0x40,  *0x32eff78);
							 *0x32eff68 = _t82;
							L34:
							_t63 =  *0x32eff7c;
							goto L35;
						}
					}
					GlobalFree(_t62);
					_t11 = CreateDialogParamA( *0x32eff70, 0x66,  *0x32eff74, E032B5BF0, 0);
					 *0x32eff00 = _t11;
					return _t11;
				}
			}




























                                                                                                                                  0x032b5d18
                                                                                                                                  0x032b5d22
                                                                                                                                  0x032b5d2b
                                                                                                                                  0x032b5d32
                                                                                                                                  0x032b5d3c
                                                                                                                                  0x032b5d45
                                                                                                                                  0x032b5d47
                                                                                                                                  0x032b5d47
                                                                                                                                  0x032b5d47
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5d50
                                                                                                                                  0x032b5d58
                                                                                                                                  0x032b5d5c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5d62
                                                                                                                                  0x032b5d67
                                                                                                                                  0x032b5d75
                                                                                                                                  0x032b5d77
                                                                                                                                  0x032b5d8d
                                                                                                                                  0x032b5e0b
                                                                                                                                  0x032b5e3c
                                                                                                                                  0x032b5e6d
                                                                                                                                  0x032b5ee8
                                                                                                                                  0x032b5f99
                                                                                                                                  0x032b6003
                                                                                                                                  0x032b600b
                                                                                                                                  0x032b6015
                                                                                                                                  0x032b6017
                                                                                                                                  0x032b6019
                                                                                                                                  0x032b6019
                                                                                                                                  0x032b601f
                                                                                                                                  0x032b6021
                                                                                                                                  0x032b6021
                                                                                                                                  0x032b6024
                                                                                                                                  0x032b6024
                                                                                                                                  0x032b6026
                                                                                                                                  0x032b6027
                                                                                                                                  0x032b6030
                                                                                                                                  0x032b6035
                                                                                                                                  0x032b6040
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b6042
                                                                                                                                  0x032b6046
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b604d
                                                                                                                                  0x032b605b
                                                                                                                                  0x032b605d
                                                                                                                                  0x032b6063
                                                                                                                                  0x032b606b
                                                                                                                                  0x032b6075
                                                                                                                                  0x032b6077
                                                                                                                                  0x032b6079
                                                                                                                                  0x032b6079
                                                                                                                                  0x032b607f
                                                                                                                                  0x032b6081
                                                                                                                                  0x032b6081
                                                                                                                                  0x032b6084
                                                                                                                                  0x032b6084
                                                                                                                                  0x032b6086
                                                                                                                                  0x032b6087
                                                                                                                                  0x032b6090
                                                                                                                                  0x00000000
                                                                                                                                  0x032b6095
                                                                                                                                  0x032b5f9b
                                                                                                                                  0x032b5fa2
                                                                                                                                  0x032b5fae
                                                                                                                                  0x032b5fae
                                                                                                                                  0x032b5fb4
                                                                                                                                  0x032b5fb9
                                                                                                                                  0x032b5fbe
                                                                                                                                  0x032b5fc3
                                                                                                                                  0x032b5fcf
                                                                                                                                  0x032b5fcf
                                                                                                                                  0x032b5fd5
                                                                                                                                  0x032b5fda
                                                                                                                                  0x032b5fdf
                                                                                                                                  0x032b5fe4
                                                                                                                                  0x032b5ff0
                                                                                                                                  0x032b5ff0
                                                                                                                                  0x032b5ff6
                                                                                                                                  0x032b5ffb
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5ffb
                                                                                                                                  0x032b5eee
                                                                                                                                  0x032b5ef6
                                                                                                                                  0x032b5f02
                                                                                                                                  0x032b5f04
                                                                                                                                  0x032b5f04
                                                                                                                                  0x032b5f0a
                                                                                                                                  0x032b5f12
                                                                                                                                  0x032b5f14
                                                                                                                                  0x032b5f18
                                                                                                                                  0x032b5f1a
                                                                                                                                  0x032b5f1f
                                                                                                                                  0x032b5f2d
                                                                                                                                  0x032b5f2f
                                                                                                                                  0x032b5f35
                                                                                                                                  0x032b5f35
                                                                                                                                  0x032b5f18
                                                                                                                                  0x032b5f43
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5f45
                                                                                                                                  0x032b5f4f
                                                                                                                                  0x032b5f51
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5f51
                                                                                                                                  0x032b5f43
                                                                                                                                  0x032b5e6f
                                                                                                                                  0x032b5e77
                                                                                                                                  0x032b5e83
                                                                                                                                  0x032b5e85
                                                                                                                                  0x032b5e85
                                                                                                                                  0x032b5e8b
                                                                                                                                  0x032b5e93
                                                                                                                                  0x032b5e95
                                                                                                                                  0x032b5e99
                                                                                                                                  0x032b5e9b
                                                                                                                                  0x032b5ea0
                                                                                                                                  0x032b5eae
                                                                                                                                  0x032b5eb0
                                                                                                                                  0x032b5eb6
                                                                                                                                  0x032b5eb6
                                                                                                                                  0x032b5e99
                                                                                                                                  0x032b5ec4
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5eca
                                                                                                                                  0x032b5ed4
                                                                                                                                  0x032b5ed6
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5ed6
                                                                                                                                  0x032b5ec4
                                                                                                                                  0x032b5e3e
                                                                                                                                  0x032b5e46
                                                                                                                                  0x032b5e56
                                                                                                                                  0x032b5e58
                                                                                                                                  0x032b5e58
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5e46
                                                                                                                                  0x032b5e0d
                                                                                                                                  0x032b5e15
                                                                                                                                  0x032b5e25
                                                                                                                                  0x032b5e27
                                                                                                                                  0x032b5e27
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5d8f
                                                                                                                                  0x032b5d8f
                                                                                                                                  0x032b5d97
                                                                                                                                  0x032b5da3
                                                                                                                                  0x032b5da5
                                                                                                                                  0x032b5da5
                                                                                                                                  0x032b5dab
                                                                                                                                  0x032b5db3
                                                                                                                                  0x032b5db5
                                                                                                                                  0x032b5db9
                                                                                                                                  0x032b5dbb
                                                                                                                                  0x032b5dc0
                                                                                                                                  0x032b5dce
                                                                                                                                  0x032b5dd0
                                                                                                                                  0x032b5dd6
                                                                                                                                  0x032b5dd6
                                                                                                                                  0x032b5db9
                                                                                                                                  0x032b5de4
                                                                                                                                  0x032b5f5d
                                                                                                                                  0x032b5f5f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5f65
                                                                                                                                  0x032b5f69
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5f6f
                                                                                                                                  0x032b5f74
                                                                                                                                  0x032b5f82
                                                                                                                                  0x032b5f84
                                                                                                                                  0x032b5d47
                                                                                                                                  0x032b5d47
                                                                                                                                  0x032b5d47
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5d47
                                                                                                                                  0x032b5d47
                                                                                                                                  0x032b5df4
                                                                                                                                  0x032b5df6
                                                                                                                                  0x032b5f57
                                                                                                                                  0x032b5f57
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5f57
                                                                                                                                  0x032b5d8d
                                                                                                                                  0x032b6099
                                                                                                                                  0x032b60b4
                                                                                                                                  0x032b60bc
                                                                                                                                  0x032b60c2
                                                                                                                                  0x032b60c2

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5D43
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5D67
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B5D77
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/header,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5D89
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032B5DA1
                                                                                                                                  • lstrcpyA.KERNEL32(?,76D86904), ref: 032B5DC0
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B5DD0
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032B5DF2
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/pwd,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5E07
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5E23
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/next,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5E38
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5E54
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/user,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5E69
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5E81
                                                                                                                                  • lstrcpyA.KERNEL32(?,76D86904,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5EA0
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B5EB0
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5ED2
                                                                                                                                  • lstrcpyA.KERNEL32(?,76D86904), ref: 032B5F74
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B5F84
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/errors,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5F95
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5FAC
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032B5FCD
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032B5FEE
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B6015
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B604D
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B605D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032B6075
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B6099
                                                                                                                                  • CreateDialogParamA.USER32(00000066,032B5BF0,00000000), ref: 032B60B4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloc$Free$lstrcmpilstrcpy$CreateDialogParam
                                                                                                                                  • String ID: /domain$/errors$/header$/next$/pwd$/user
                                                                                                                                  • API String ID: 2370566556-738949782
                                                                                                                                  • Opcode ID: 7f0a408fafb732d817d14e28f69ce98b593c63ce80b088f9e954e76b9d08780c
                                                                                                                                  • Instruction ID: 2c183c4786d64c18b90a5c1e666fb964e81b0e5943034549bfdb91174e7e081c
                                                                                                                                  • Opcode Fuzzy Hash: 7f0a408fafb732d817d14e28f69ce98b593c63ce80b088f9e954e76b9d08780c
                                                                                                                                  • Instruction Fuzzy Hash: 4FA1C274A20206BFD714EF35F94AA66B77ABB8B740726C119E905DF2C8EB719840CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B6440 Relevance: 70.3, APIs: 39, Strings: 1, Instructions: 255windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                  			E032B6440(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, struct HWND__* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				struct HWND__* _v8;
				char _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				struct tagPOINT _v36;
				int _v40;
				void* _v44;
				struct tagMSG _v76;
				void* __ebp;
				signed int _t34;
				signed int _t35;
				struct HWND__* _t49;
				int _t69;
				void* _t71;
				intOrPtr _t72;
				void* _t116;
				signed int _t117;
				void* _t121;

				_t121 = __eflags;
				_push(_a24);
				 *0x32eff70 = _a4;
				 *0x32eff74 = _a8;
				 *0x32eff78 = _a12;
				 *0x32eff7c = _a20;
				 *0x32eff80 = _a16;
				E032B5D10();
				_t117 = _t116 + 4;
				_pop(_t114);
				_t115 = _t117;
				_push(0xffffffff);
				_push(E032DBB7F);
				_push( *[fs:0x0]);
				_t34 =  *0x32ed474; // 0x444d31ba
				_t35 = _t34 ^ _t117;
				_v20 = _t35;
				_push(_t35);
				 *[fs:0x0] =  &_v16;
				SendMessageA( *0x32eff00, 0x30, SendMessageA( *0x32eff74, 0x31, 0, 0), 1);
				GetWindowRect(GetDlgItem( *0x32eff74, 0x3fa),  &_v36);
				MapWindowPoints(0,  *0x32eff74,  &_v36, 2);
				MoveWindow( *0x32eff00, _v36.x, _v36.y, _v28 - _v36.x, _v24 - _v36.y, 0);
				_t49 = GetDlgItem( *0x32eff74, 1);
				 *0x32eff0c = _t49;
				EnableWindow(_t49, 1);
				 *0x32eff10 = GetDlgItem( *0x32eff00, 0x4bf);
				 *0x32eff14 = GetDlgItem( *0x32eff00, 0x4d1);
				 *0x32eff18 = GetDlgItem( *0x32eff00, 0x4be);
				 *0x32eff1c = GetDlgItem( *0x32eff00, 0x4cc);
				 *0x32eff20 = GetDlgItem( *0x32eff00, 0x4c0);
				 *0x32eff24 = GetDlgItem( *0x32eff00, 0x4c1);
				 *0x32eff28 = GetDlgItem( *0x32eff00, 0x4cd);
				 *0x32eff2c = GetDlgItem( *0x32eff00, 0x4c2);
				 *0x32eff30 = GetDlgItem( *0x32eff00, 0x4cf);
				SetWindowTextA( *0x32eff10,  *0x32eff3c);
				SetWindowTextA( *0x32eff14,  *0x32eff68);
				SetWindowTextA( *0x32eff18,  *0x32eff40);
				SetWindowTextA( *0x32eff1c,  *0x32eff4c);
				SetWindowTextA( *0x32eff20,  *0x32eff48);
				SetWindowTextA( *0x32eff24,  *0x32eff44);
				SetWindowTextA( *0x32eff28,  *0x32eff50);
				 *0x32eff34 = 1;
				SendMessageA( *0x32eff10, 0xf1, 1, 0);
				ShowWindow( *0x32eff30, 0);
				_t69 = CreateFontA(0x10, 0, 0, 0, 0x2bc, 0, 0, 0, 1, 8, 0, 5, 2, "ARIAL");
				_v40 = _t69;
				SendMessageA( *0x32eff30, 0x30, _t69, 1);
				_push(0x20);
				_t71 = E032BD99E(_t121);
				_v44 = _t71;
				_v8 = 0;
				if(_t71 == 0) {
					_t72 = 0;
					__eflags = 0;
				} else {
					_t72 = E032B5550(_t71);
				}
				 *0x32eff38 = _t72;
				 *0x32eff04 = SetWindowLongA( *0x32eff74, 4, E032B60D0);
				SendMessageA( *0x32eff74, 0x40d,  *0x32eff00, 0);
				ShowWindow( *0x32eff00, 5);
				 *0x32eff08 = 0;
				do {
					if(GetMessageA( &_v76, 0, 0, 0) == 0 || IsDialogMessageA( *0x32eff00,  &_v76) != 0 || IsDialogMessageA( *0x32eff74,  &_v76) != 0) {
						goto L10;
					} else {
						if(_v76.message != 0x12) {
							TranslateMessage( &_v76);
							DispatchMessageA( &_v76);
							goto L10;
						}
					}
					break;
					L10:
				} while ( *0x32eff08 == 0);
				_t112 =  *0x32eff38;
				if( *0x32eff38 != 0) {
					E032B5590(_t112);
					_push(0x20);
					E032BD9CE(_t112);
				}
				DeleteObject(_v44);
				SetWindowLongA( *0x32eff74, 4,  *0x32eff04);
				DestroyWindow( *0x32eff00);
				 *[fs:0x0] = _v20;
				return E032BD98D(_v24 ^ _t115);
			}






















                                                                                                                                  0x032b6440
                                                                                                                                  0x032b6446
                                                                                                                                  0x032b6449
                                                                                                                                  0x032b6451
                                                                                                                                  0x032b6459
                                                                                                                                  0x032b6461
                                                                                                                                  0x032b6469
                                                                                                                                  0x032b646e
                                                                                                                                  0x032b6473
                                                                                                                                  0x032b6476
                                                                                                                                  0x032b6481
                                                                                                                                  0x032b6483
                                                                                                                                  0x032b6485
                                                                                                                                  0x032b6490
                                                                                                                                  0x032b6494
                                                                                                                                  0x032b6499
                                                                                                                                  0x032b649b
                                                                                                                                  0x032b64a1
                                                                                                                                  0x032b64a5
                                                                                                                                  0x032b64ca
                                                                                                                                  0x032b64e4
                                                                                                                                  0x032b64f8
                                                                                                                                  0x032b651a
                                                                                                                                  0x032b6528
                                                                                                                                  0x032b652d
                                                                                                                                  0x032b6532
                                                                                                                                  0x032b6550
                                                                                                                                  0x032b6562
                                                                                                                                  0x032b6574
                                                                                                                                  0x032b6586
                                                                                                                                  0x032b6598
                                                                                                                                  0x032b65aa
                                                                                                                                  0x032b65bc
                                                                                                                                  0x032b65ce
                                                                                                                                  0x032b65d5
                                                                                                                                  0x032b65ec
                                                                                                                                  0x032b65fa
                                                                                                                                  0x032b6608
                                                                                                                                  0x032b6616
                                                                                                                                  0x032b6624
                                                                                                                                  0x032b6632
                                                                                                                                  0x032b6640
                                                                                                                                  0x032b6651
                                                                                                                                  0x032b665b
                                                                                                                                  0x032b666b
                                                                                                                                  0x032b668f
                                                                                                                                  0x032b66a0
                                                                                                                                  0x032b66a3
                                                                                                                                  0x032b66a5
                                                                                                                                  0x032b66a7
                                                                                                                                  0x032b66af
                                                                                                                                  0x032b66b2
                                                                                                                                  0x032b66bb
                                                                                                                                  0x032b66c6
                                                                                                                                  0x032b66c6
                                                                                                                                  0x032b66bd
                                                                                                                                  0x032b66bf
                                                                                                                                  0x032b66bf
                                                                                                                                  0x032b66d5
                                                                                                                                  0x032b66e8
                                                                                                                                  0x032b66f8
                                                                                                                                  0x032b6702
                                                                                                                                  0x032b6716
                                                                                                                                  0x032b6720
                                                                                                                                  0x032b672e
                                                                                                                                  0x00000000
                                                                                                                                  0x032b6750
                                                                                                                                  0x032b6754
                                                                                                                                  0x032b675a
                                                                                                                                  0x032b6760
                                                                                                                                  0x00000000
                                                                                                                                  0x032b6760
                                                                                                                                  0x032b6754
                                                                                                                                  0x00000000
                                                                                                                                  0x032b6766
                                                                                                                                  0x032b6766
                                                                                                                                  0x032b676f
                                                                                                                                  0x032b6777
                                                                                                                                  0x032b677b
                                                                                                                                  0x032b6780
                                                                                                                                  0x032b6783
                                                                                                                                  0x032b6788
                                                                                                                                  0x032b678e
                                                                                                                                  0x032b67a2
                                                                                                                                  0x032b67ae
                                                                                                                                  0x032b67b7
                                                                                                                                  0x032b67cf

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032B5D10: GlobalAlloc.KERNEL32(00000040,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5D43
                                                                                                                                    • Part of subcall function 032B5D10: lstrcpyA.KERNEL32(00000000,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5D67
                                                                                                                                    • Part of subcall function 032B5D10: GlobalFree.KERNEL32 ref: 032B5D77
                                                                                                                                    • Part of subcall function 032B5D10: lstrcmpiA.KERNEL32(00000000,/header,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5D89
                                                                                                                                    • Part of subcall function 032B5D10: GlobalAlloc.KERNEL32(00000040), ref: 032B5DA1
                                                                                                                                    • Part of subcall function 032B5D10: lstrcpyA.KERNEL32(?,76D86904), ref: 032B5DC0
                                                                                                                                    • Part of subcall function 032B5D10: GlobalFree.KERNEL32 ref: 032B5DD0
                                                                                                                                    • Part of subcall function 032B5D10: GlobalAlloc.KERNEL32(00000040), ref: 032B5DF2
                                                                                                                                    • Part of subcall function 032B5D10: lstrcmpiA.KERNEL32(00000000,/pwd,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5E07
                                                                                                                                    • Part of subcall function 032B5D10: GlobalAlloc.KERNEL32(00000040,?,?,?,?,032B6473,?,?,032B472D,?,?,?,?,?), ref: 032B5E23
                                                                                                                                    • Part of subcall function 032B5D10: lstrcpyA.KERNEL32(?,76D86904), ref: 032B5F74
                                                                                                                                    • Part of subcall function 032B5D10: GlobalFree.KERNEL32 ref: 032B5F84
                                                                                                                                  • SendMessageA.USER32 ref: 032B64BF
                                                                                                                                  • SendMessageA.USER32 ref: 032B64CA
                                                                                                                                  • GetDlgItem.USER32 ref: 032B64E1
                                                                                                                                  • GetWindowRect.USER32 ref: 032B64E4
                                                                                                                                  • MapWindowPoints.USER32 ref: 032B64F8
                                                                                                                                  • MoveWindow.USER32(?,?,?,?,00000000), ref: 032B651A
                                                                                                                                  • GetDlgItem.USER32 ref: 032B6528
                                                                                                                                  • EnableWindow.USER32(00000000,00000001), ref: 032B6532
                                                                                                                                  • GetDlgItem.USER32 ref: 032B6543
                                                                                                                                  • GetDlgItem.USER32 ref: 032B6555
                                                                                                                                  • GetDlgItem.USER32 ref: 032B6567
                                                                                                                                  • GetDlgItem.USER32 ref: 032B6579
                                                                                                                                  • GetDlgItem.USER32 ref: 032B658B
                                                                                                                                  • GetDlgItem.USER32 ref: 032B659D
                                                                                                                                  • GetDlgItem.USER32 ref: 032B65AF
                                                                                                                                  • GetDlgItem.USER32 ref: 032B65C1
                                                                                                                                  • GetDlgItem.USER32 ref: 032B65D3
                                                                                                                                  • SetWindowTextA.USER32 ref: 032B65EC
                                                                                                                                  • SetWindowTextA.USER32 ref: 032B65FA
                                                                                                                                  • SetWindowTextA.USER32 ref: 032B6608
                                                                                                                                  • SetWindowTextA.USER32 ref: 032B6616
                                                                                                                                  • SetWindowTextA.USER32 ref: 032B6624
                                                                                                                                  • SetWindowTextA.USER32 ref: 032B6632
                                                                                                                                  • SetWindowTextA.USER32 ref: 032B6640
                                                                                                                                  • SendMessageA.USER32 ref: 032B665B
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 032B666B
                                                                                                                                  • CreateFontA.GDI32(00000010,00000000,00000000,00000000,000002BC,00000000,00000000,00000000,00000001,00000008,00000000,00000005,00000002,ARIAL), ref: 032B668F
                                                                                                                                  • SendMessageA.USER32 ref: 032B66A3
                                                                                                                                  • SetWindowLongA.USER32 ref: 032B66DA
                                                                                                                                  • SendMessageA.USER32 ref: 032B66F8
                                                                                                                                  • ShowWindow.USER32(00000005), ref: 032B6702
                                                                                                                                  • GetMessageA.USER32 ref: 032B672A
                                                                                                                                  • IsDialogMessageA.USER32(?), ref: 032B673A
                                                                                                                                  • IsDialogMessageA.USER32(?), ref: 032B674A
                                                                                                                                  • TranslateMessage.USER32(?), ref: 032B675A
                                                                                                                                  • DispatchMessageA.USER32 ref: 032B6760
                                                                                                                                  • DeleteObject.GDI32(?), ref: 032B678E
                                                                                                                                  • SetWindowLongA.USER32 ref: 032B67A2
                                                                                                                                  • DestroyWindow.USER32 ref: 032B67AE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Item$Message$GlobalText$Send$Alloc$Freelstrcpy$DialogLongShowlstrcmpi$CreateDeleteDestroyDispatchEnableFontMoveObjectPointsRectTranslate
                                                                                                                                  • String ID: ARIAL
                                                                                                                                  • API String ID: 650193780-737576061
                                                                                                                                  • Opcode ID: 207195cb209b8aeec4d38616a4a0c53eac03fa77d36805e7c3058e35e6341965
                                                                                                                                  • Instruction ID: 880c4a6fb3ef7c431c4cc1e3d2c9d530f280c16fb8fdb158bb51ced3f067a187
                                                                                                                                  • Opcode Fuzzy Hash: 207195cb209b8aeec4d38616a4a0c53eac03fa77d36805e7c3058e35e6341965
                                                                                                                                  • Instruction Fuzzy Hash: E5A13871A51218BBEB11BFA0FE4EF997F76FB49740F018026FA04AA2D8D7B15910DB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B2040 Relevance: 63.4, APIs: 34, Strings: 2, Instructions: 431registrymemorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                  			E032B2040(int _a8, void* _a12, char* _a16) {
				void* _v8;
				intOrPtr _v12;
				void* _v16;
				int _v20;
				char* _v24;
				signed int _v28;
				int _v32;
				int _v36;
				void* __edi;
				void* __ebp;
				void* _t86;
				CHAR* _t87;
				long _t89;
				void* _t102;
				void _t106;
				char* _t111;
				CHAR* _t112;
				void* _t120;
				void* _t124;
				void* _t125;
				void* _t128;
				void* _t134;
				char* _t135;
				void* _t140;
				void* _t141;
				void* _t152;
				signed int _t153;
				void* _t154;
				void* _t157;
				void* _t158;
				void* _t167;
				char* _t168;
				void* _t170;
				void* _t173;
				void* _t176;
				void* _t183;
				void* _t184;
				int _t186;
				void* _t187;
				int _t191;
				CHAR* _t199;
				void* _t201;
				void* _t202;
				void* _t207;
				void* _t210;
				void* _t211;
				void* _t217;
				void* _t218;
				void* _t219;
				void* _t221;
				void* _t222;
				void* _t223;
				void** _t225;
				void* _t227;
				void* _t228;
				void* _t233;
				void _t235;
				void* _t236;
				void** _t238;
				void* _t239;
				void* _t240;
				char* _t242;
				void* _t243;
				void* _t246;
				void* _t247;
				void* _t248;
				void* _t249;
				void* _t251;

				_t191 = _a8;
				_t249 = _t248 - 0x20;
				 *0x32efef8 = _a16;
				 *0x32efefc = _a12;
				 *0x32efef4 = _t191;
				_t86 = GlobalAlloc(0x40, _t191 + 1);
				_t225 =  *0x32efef8;
				_t233 = _t86;
				if(_t225 == 0) {
					L80:
					__eflags = _t233;
					if(_t233 != 0) {
						GlobalFree(_t233);
					}
					_t87 = E032B1F00();
					__eflags =  *0x32efef8;
					if( *0x32efef8 != 0) {
						_t89 =  *0x32efef4 + 8;
						__eflags = _t89;
						_t235 = GlobalAlloc(0x40, _t89);
						_t82 = _t235 + 4; // 0x4
						_t87 = lstrcpynA(_t82, "error",  *0x32efef4);
						_t217 =  *0x32efef8;
						 *_t235 =  *_t217;
						 *_t217 = _t235;
					}
					return _t87;
				} else {
					_t227 =  *_t225;
					if(_t227 == 0) {
						goto L80;
					} else {
						lstrcpyA(_t233, _t227 + 4);
						_t228 = GlobalFree;
						 *( *0x32efef8) =  *_t227;
						GlobalFree(_t227);
						_t97 =  !=  ? 0x100 : 0;
						_v28 =  !=  ? 0x100 : 0;
						GlobalFree(_t233);
						_t236 = GlobalAlloc(0x40,  *0x32efef4 + 1);
						_t102 =  *0x32efef8;
						if(_t102 == 0) {
							L76:
							__eflags = _t236;
							if(_t236 != 0) {
								GlobalFree(_t236);
								goto L78;
							}
							goto L79;
						} else {
							_t106 =  *_t102;
							_a16 = _t106;
							if(_t106 == 0) {
								goto L76;
							} else {
								lstrcpyA(_t236, _t106 + 4);
								_t218 = _a16;
								 *( *0x32efef8) =  *_t218;
								GlobalFree(_t218);
								_t111 = E032AD1A0(_t236);
								_t249 = _t249 + 4;
								_a16 = _t111;
								if(_t236 != 0) {
									GlobalFree(_t236);
								}
								_t112 = GlobalAlloc(0x40,  *0x32efef4 + 1);
								_t238 =  *0x32efef8;
								_t199 = _t112;
								_v16 = _t199;
								if(_t238 == 0) {
									L74:
									__eflags = _t199;
									if(_t199 != 0) {
										GlobalFree(_t199);
										goto L78;
									}
									goto L79;
								} else {
									_t239 =  *_t238;
									if(_t239 == 0) {
										goto L74;
									} else {
										lstrcpyA(_t199, _t239 + 4);
										 *( *0x32efef8) =  *_t239;
										GlobalFree(_t239);
										_t240 = GlobalAlloc(0x40,  *0x32efef4 + 1);
										_v24 = _t240;
										_t120 = E032B1F30(_t240);
										_t249 = _t249 + 4;
										if(_t120 == 0) {
											_t183 = GlobalAlloc(0x40,  *0x32efef4 + 1);
											_v8 = _t183;
											_t124 = E032B1F30(_t183);
											_t249 = _t249 + 4;
											__eflags = _t124;
											if(_t124 == 0) {
												_t219 = _t183;
												_t16 = _t219 + 1; // 0x1
												_t201 = _t16;
												do {
													_t125 =  *_t219;
													_t219 = _t219 + 1;
													__eflags = _t125;
												} while (_t125 != 0);
												_a12 = 0;
												_t202 = _a16;
												_v12 = _t219 - _t201;
												__eflags = _t202;
												if(_t202 != 0) {
													__eflags = _t202 - 1;
													_t128 = (0 | _t202 != 0x00000001) + 0x80000001;
													__eflags = _t128;
												} else {
													_t128 = 0x80000000;
												}
												_t184 = _v16;
												__eflags = RegCreateKeyExA(_t128, _t184, 0, 0, 0, _v28 | 0x0002001f, 0,  &_a12,  &_v36);
												if(__eflags == 0) {
													_push(0x10000);
													_a16 = E032BD9DC(__eflags);
													_v20 = 0x10000;
													E032BEF40(_t228, _t130, 0, 0x10000);
													_t251 = _t249 + 0x10;
													_a8 = 0x10000;
													_t134 = RegQueryValueExA(_a12, _t240, 0,  &_v32, _a16,  &_a8);
													__eflags = _t134 - 0xea;
													if(_t134 == 0xea) {
														L032BD9E5(_a16);
														_t167 = _a8 + _v12 + 2;
														__eflags = _t167;
														_push(_t167);
														_v20 = _t167;
														_t168 = E032BD9DC(_t167);
														_t251 = _t251 + 8;
														_a8 = _v20;
														_a16 = _t168;
														_t134 = RegQueryValueExA(_a12, _v24, 0,  &_v32, _t168,  &_a8);
													}
													__eflags = _t134;
													if(_t134 != 0) {
														_t207 = 0;
														_a8 = 0;
														goto L59;
													} else {
														_t207 = _a8;
														_v28 = _t134;
														__eflags = _t207;
														if(_t207 == 0) {
															L59:
															_t186 = _v12 + 2;
															__eflags = _t186;
															goto L60;
														} else {
															do {
																_t210 =  &(_a16[_t134]);
																__eflags = _t210;
																_t246 = _t210;
																_t221 = _t246 + 1;
																do {
																	_t152 =  *_t246;
																	_t246 = _t246 + 1;
																	__eflags = _t152;
																} while (_t152 != 0);
																_t153 = _v8;
																_t247 = _t246 - _t221;
																__eflags = _t247;
																while(1) {
																	_t222 =  *_t210;
																	__eflags = _t222 -  *_t153;
																	if(_t222 !=  *_t153) {
																		break;
																	}
																	__eflags = _t222;
																	if(_t222 == 0) {
																		L43:
																		_t154 = 0;
																	} else {
																		_t223 =  *((intOrPtr*)(_t210 + 1));
																		__eflags = _t223 -  *((intOrPtr*)(_t153 + 1));
																		if(_t223 !=  *((intOrPtr*)(_t153 + 1))) {
																			break;
																		} else {
																			_t210 = _t210 + 2;
																			_t153 = _t153 + 2;
																			__eflags = _t223;
																			if(_t223 != 0) {
																				continue;
																			} else {
																				goto L43;
																			}
																		}
																	}
																	L45:
																	__eflags = _t154;
																	if(_t154 == 0) {
																		RegCloseKey(_a12);
																		L032BD9E5(_a16);
																		_t157 = _v8;
																		__eflags = _t157;
																		if(_t157 != 0) {
																			GlobalFree(_t157);
																		}
																		_t158 = _v24;
																		__eflags = _t158;
																		if(_t158 != 0) {
																			GlobalFree(_t158);
																		}
																		__eflags = _t184;
																		if(_t184 != 0) {
																			GlobalFree(_t184);
																		}
																		E032B1F00();
																		L56:
																		return E032B1FC0("success");
																	} else {
																		goto L46;
																	}
																	goto L85;
																}
																asm("sbb eax, eax");
																_t154 = _t153 | 0x00000001;
																__eflags = _t154;
																goto L45;
																L46:
																_t211 = _a8;
																_t134 = _v28 + 1 + _t247;
																_v28 = _t134;
																__eflags = _t134 - _t211;
															} while (_t134 < _t211);
															__eflags = _t211;
															if(_t211 == 0) {
																_t207 = _a8;
																goto L59;
															} else {
																_t186 = _v12 + _t211 + 1;
																_t207 = _a8;
															}
															L60:
															__eflags = _t186 - _v20;
															if(__eflags <= 0) {
																_t242 = _a16;
															} else {
																_push(_t186);
																_t242 = E032BD9DC(__eflags);
																E032BF440(_t242, _a16, _a8);
																L032BD9E5(_a16);
																_t207 = _a8;
																_t251 = _t251 + 0x14;
																_a16 = _t242;
															}
															__eflags = _t207;
															if(_t207 == 0) {
																_t135 = _t242;
															} else {
																_t71 = _t242 - 1; // -1
																_t135 = _t71 + _t207;
															}
															E032BF440(_t135, _v8, _v12);
															 *((short*)(_t186 + _t242 - 2)) = 0;
															_t187 = _v24;
															_t243 = RegSetValueExA(_a12, _t187, 0, 7, _t242, _t186);
															RegCloseKey(_a12);
															L032BD9E5(_a16);
															_t140 = _v8;
															__eflags = _t140;
															if(_t140 != 0) {
																GlobalFree(_t140);
															}
															__eflags = _t187;
															if(_t187 != 0) {
																GlobalFree(_t187);
															}
															_t141 = _v16;
															__eflags = _t141;
															if(_t141 != 0) {
																GlobalFree(_t141);
															}
															E032B1F00();
															__eflags = _t243;
															if(_t243 != 0) {
																goto L56;
															} else {
																return E032B1FC0("error");
															}
														}
													}
												} else {
													_t170 = _v8;
													__eflags = _t170;
													if(_t170 != 0) {
														GlobalFree(_t170);
													}
													__eflags = _t240;
													if(_t240 != 0) {
														GlobalFree(_t240);
													}
													__eflags = _t184;
													if(_t184 != 0) {
														GlobalFree(_t184);
														goto L78;
													}
													goto L79;
												}
											} else {
												__eflags = _t183;
												if(_t183 != 0) {
													GlobalFree(_t183);
												}
												__eflags = _t240;
												if(_t240 != 0) {
													GlobalFree(_t240);
												}
												_t173 = _v16;
												__eflags = _t173;
												if(_t173 != 0) {
													GlobalFree(_t173);
													goto L78;
												}
												goto L79;
											}
										} else {
											if(_t240 != 0) {
												GlobalFree(_t240);
											}
											_t176 = _v16;
											if(_t176 != 0) {
												GlobalFree(_t176);
												L78:
											}
											L79:
											E032B1F00();
											return E032B1FC0("error");
										}
									}
								}
							}
						}
					}
				}
				L85:
			}







































































                                                                                                                                  0x032b2043
                                                                                                                                  0x032b2046
                                                                                                                                  0x032b204c
                                                                                                                                  0x032b205d
                                                                                                                                  0x032b2068
                                                                                                                                  0x032b206e
                                                                                                                                  0x032b2070
                                                                                                                                  0x032b2076
                                                                                                                                  0x032b207a
                                                                                                                                  0x032b246f
                                                                                                                                  0x032b246f
                                                                                                                                  0x032b2471
                                                                                                                                  0x032b2474
                                                                                                                                  0x032b2474
                                                                                                                                  0x032b247a
                                                                                                                                  0x032b247f
                                                                                                                                  0x032b2486
                                                                                                                                  0x032b248d
                                                                                                                                  0x032b248d
                                                                                                                                  0x032b249b
                                                                                                                                  0x032b24a2
                                                                                                                                  0x032b24a6
                                                                                                                                  0x032b24ac
                                                                                                                                  0x032b24b4
                                                                                                                                  0x032b24b6
                                                                                                                                  0x032b24b6
                                                                                                                                  0x032b24be
                                                                                                                                  0x032b2080
                                                                                                                                  0x032b2080
                                                                                                                                  0x032b2084
                                                                                                                                  0x00000000
                                                                                                                                  0x032b208a
                                                                                                                                  0x032b208f
                                                                                                                                  0x032b209d
                                                                                                                                  0x032b20a3
                                                                                                                                  0x032b20a5
                                                                                                                                  0x032b20b2
                                                                                                                                  0x032b20b5
                                                                                                                                  0x032b20b8
                                                                                                                                  0x032b20c5
                                                                                                                                  0x032b20c7
                                                                                                                                  0x032b20ce
                                                                                                                                  0x032b244f
                                                                                                                                  0x032b244f
                                                                                                                                  0x032b2451
                                                                                                                                  0x032b2454
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2454
                                                                                                                                  0x00000000
                                                                                                                                  0x032b20d4
                                                                                                                                  0x032b20d4
                                                                                                                                  0x032b20d6
                                                                                                                                  0x032b20db
                                                                                                                                  0x00000000
                                                                                                                                  0x032b20e1
                                                                                                                                  0x032b20e6
                                                                                                                                  0x032b20ec
                                                                                                                                  0x032b20f7
                                                                                                                                  0x032b20f9
                                                                                                                                  0x032b20fc
                                                                                                                                  0x032b2101
                                                                                                                                  0x032b2104
                                                                                                                                  0x032b2109
                                                                                                                                  0x032b210c
                                                                                                                                  0x032b210c
                                                                                                                                  0x032b2118
                                                                                                                                  0x032b211a
                                                                                                                                  0x032b2120
                                                                                                                                  0x032b2122
                                                                                                                                  0x032b2127
                                                                                                                                  0x032b2448
                                                                                                                                  0x032b2448
                                                                                                                                  0x032b244a
                                                                                                                                  0x032b2454
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2454
                                                                                                                                  0x00000000
                                                                                                                                  0x032b212d
                                                                                                                                  0x032b212d
                                                                                                                                  0x032b2131
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2137
                                                                                                                                  0x032b213c
                                                                                                                                  0x032b214a
                                                                                                                                  0x032b214c
                                                                                                                                  0x032b2159
                                                                                                                                  0x032b215c
                                                                                                                                  0x032b215f
                                                                                                                                  0x032b2164
                                                                                                                                  0x032b2169
                                                                                                                                  0x032b218e
                                                                                                                                  0x032b2191
                                                                                                                                  0x032b2194
                                                                                                                                  0x032b2199
                                                                                                                                  0x032b219c
                                                                                                                                  0x032b219e
                                                                                                                                  0x032b21bf
                                                                                                                                  0x032b21c1
                                                                                                                                  0x032b21c1
                                                                                                                                  0x032b21c4
                                                                                                                                  0x032b21c4
                                                                                                                                  0x032b21c6
                                                                                                                                  0x032b21c7
                                                                                                                                  0x032b21c7
                                                                                                                                  0x032b21cd
                                                                                                                                  0x032b21d4
                                                                                                                                  0x032b21d7
                                                                                                                                  0x032b21da
                                                                                                                                  0x032b21dc
                                                                                                                                  0x032b21e7
                                                                                                                                  0x032b21ed
                                                                                                                                  0x032b21ed
                                                                                                                                  0x032b21de
                                                                                                                                  0x032b21de
                                                                                                                                  0x032b21de
                                                                                                                                  0x032b21f2
                                                                                                                                  0x032b2217
                                                                                                                                  0x032b2219
                                                                                                                                  0x032b223a
                                                                                                                                  0x032b224c
                                                                                                                                  0x032b224f
                                                                                                                                  0x032b2256
                                                                                                                                  0x032b225b
                                                                                                                                  0x032b225e
                                                                                                                                  0x032b227c
                                                                                                                                  0x032b227e
                                                                                                                                  0x032b2283
                                                                                                                                  0x032b2288
                                                                                                                                  0x032b2296
                                                                                                                                  0x032b2296
                                                                                                                                  0x032b2298
                                                                                                                                  0x032b2299
                                                                                                                                  0x032b229c
                                                                                                                                  0x032b22a4
                                                                                                                                  0x032b22a7
                                                                                                                                  0x032b22ad
                                                                                                                                  0x032b22be
                                                                                                                                  0x032b22be
                                                                                                                                  0x032b22c0
                                                                                                                                  0x032b22c2
                                                                                                                                  0x032b2380
                                                                                                                                  0x032b2382
                                                                                                                                  0x00000000
                                                                                                                                  0x032b22c8
                                                                                                                                  0x032b22c8
                                                                                                                                  0x032b22cb
                                                                                                                                  0x032b22ce
                                                                                                                                  0x032b22d0
                                                                                                                                  0x032b238a
                                                                                                                                  0x032b238d
                                                                                                                                  0x032b238d
                                                                                                                                  0x00000000
                                                                                                                                  0x032b22d6
                                                                                                                                  0x032b22d6
                                                                                                                                  0x032b22d9
                                                                                                                                  0x032b22d9
                                                                                                                                  0x032b22db
                                                                                                                                  0x032b22dd
                                                                                                                                  0x032b22e0
                                                                                                                                  0x032b22e0
                                                                                                                                  0x032b22e2
                                                                                                                                  0x032b22e3
                                                                                                                                  0x032b22e3
                                                                                                                                  0x032b22e7
                                                                                                                                  0x032b22ea
                                                                                                                                  0x032b22ea
                                                                                                                                  0x032b22f0
                                                                                                                                  0x032b22f0
                                                                                                                                  0x032b22f2
                                                                                                                                  0x032b22f4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b22f6
                                                                                                                                  0x032b22f8
                                                                                                                                  0x032b230c
                                                                                                                                  0x032b230c
                                                                                                                                  0x032b22fa
                                                                                                                                  0x032b22fa
                                                                                                                                  0x032b22fd
                                                                                                                                  0x032b2300
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2302
                                                                                                                                  0x032b2302
                                                                                                                                  0x032b2305
                                                                                                                                  0x032b2308
                                                                                                                                  0x032b230a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b230a
                                                                                                                                  0x032b2300
                                                                                                                                  0x032b2315
                                                                                                                                  0x032b2315
                                                                                                                                  0x032b2317
                                                                                                                                  0x032b233b
                                                                                                                                  0x032b2344
                                                                                                                                  0x032b2349
                                                                                                                                  0x032b234f
                                                                                                                                  0x032b2351
                                                                                                                                  0x032b2354
                                                                                                                                  0x032b2354
                                                                                                                                  0x032b2356
                                                                                                                                  0x032b2359
                                                                                                                                  0x032b235b
                                                                                                                                  0x032b235e
                                                                                                                                  0x032b235e
                                                                                                                                  0x032b2360
                                                                                                                                  0x032b2362
                                                                                                                                  0x032b2365
                                                                                                                                  0x032b2365
                                                                                                                                  0x032b2367
                                                                                                                                  0x032b236c
                                                                                                                                  0x032b237f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2317
                                                                                                                                  0x032b2310
                                                                                                                                  0x032b2312
                                                                                                                                  0x032b2312
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2319
                                                                                                                                  0x032b231c
                                                                                                                                  0x032b2320
                                                                                                                                  0x032b2322
                                                                                                                                  0x032b2325
                                                                                                                                  0x032b2325
                                                                                                                                  0x032b2329
                                                                                                                                  0x032b232b
                                                                                                                                  0x032b2387
                                                                                                                                  0x00000000
                                                                                                                                  0x032b232d
                                                                                                                                  0x032b2331
                                                                                                                                  0x032b2333
                                                                                                                                  0x032b2333
                                                                                                                                  0x032b2390
                                                                                                                                  0x032b2390
                                                                                                                                  0x032b2393
                                                                                                                                  0x032b23bc
                                                                                                                                  0x032b2395
                                                                                                                                  0x032b2395
                                                                                                                                  0x032b239e
                                                                                                                                  0x032b23a4
                                                                                                                                  0x032b23ac
                                                                                                                                  0x032b23b1
                                                                                                                                  0x032b23b4
                                                                                                                                  0x032b23b7
                                                                                                                                  0x032b23b7
                                                                                                                                  0x032b23bf
                                                                                                                                  0x032b23c1
                                                                                                                                  0x032b23ca
                                                                                                                                  0x032b23c3
                                                                                                                                  0x032b23c3
                                                                                                                                  0x032b23c6
                                                                                                                                  0x032b23c6
                                                                                                                                  0x032b23d4
                                                                                                                                  0x032b23dc
                                                                                                                                  0x032b23e4
                                                                                                                                  0x032b23f9
                                                                                                                                  0x032b23fb
                                                                                                                                  0x032b2404
                                                                                                                                  0x032b2409
                                                                                                                                  0x032b240f
                                                                                                                                  0x032b2411
                                                                                                                                  0x032b2414
                                                                                                                                  0x032b2414
                                                                                                                                  0x032b2416
                                                                                                                                  0x032b2418
                                                                                                                                  0x032b241b
                                                                                                                                  0x032b241b
                                                                                                                                  0x032b241d
                                                                                                                                  0x032b2420
                                                                                                                                  0x032b2422
                                                                                                                                  0x032b2425
                                                                                                                                  0x032b2425
                                                                                                                                  0x032b2427
                                                                                                                                  0x032b242c
                                                                                                                                  0x032b242e
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2434
                                                                                                                                  0x032b2447
                                                                                                                                  0x032b2447
                                                                                                                                  0x032b242e
                                                                                                                                  0x032b22d0
                                                                                                                                  0x032b221b
                                                                                                                                  0x032b221b
                                                                                                                                  0x032b221e
                                                                                                                                  0x032b2220
                                                                                                                                  0x032b2223
                                                                                                                                  0x032b2223
                                                                                                                                  0x032b2225
                                                                                                                                  0x032b2227
                                                                                                                                  0x032b222a
                                                                                                                                  0x032b222a
                                                                                                                                  0x032b222c
                                                                                                                                  0x032b222e
                                                                                                                                  0x032b2454
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2454
                                                                                                                                  0x00000000
                                                                                                                                  0x032b222e
                                                                                                                                  0x032b21a0
                                                                                                                                  0x032b21a0
                                                                                                                                  0x032b21a2
                                                                                                                                  0x032b21a5
                                                                                                                                  0x032b21a5
                                                                                                                                  0x032b21a7
                                                                                                                                  0x032b21a9
                                                                                                                                  0x032b21ac
                                                                                                                                  0x032b21ac
                                                                                                                                  0x032b21ae
                                                                                                                                  0x032b21b1
                                                                                                                                  0x032b21b3
                                                                                                                                  0x032b2454
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2454
                                                                                                                                  0x00000000
                                                                                                                                  0x032b21b3
                                                                                                                                  0x032b216b
                                                                                                                                  0x032b216d
                                                                                                                                  0x032b2170
                                                                                                                                  0x032b2170
                                                                                                                                  0x032b2172
                                                                                                                                  0x032b2177
                                                                                                                                  0x032b2454
                                                                                                                                  0x032b2454
                                                                                                                                  0x032b2454
                                                                                                                                  0x032b2456
                                                                                                                                  0x032b2456
                                                                                                                                  0x032b246e
                                                                                                                                  0x032b246e
                                                                                                                                  0x032b2169
                                                                                                                                  0x032b2131
                                                                                                                                  0x032b2127
                                                                                                                                  0x032b20db
                                                                                                                                  0x032b20ce
                                                                                                                                  0x032b2084
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B206E
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B208F
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B20A5
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B20B8
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B20C3
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B20E6
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B20F9
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B210C
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2118
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B213C
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B214C
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2157
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2170
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B218C
                                                                                                                                    • Part of subcall function 032B1F30: lstrcpyA.KERNEL32(032B2164,?,00000000,?,032B2164,00000000), ref: 032B1F4B
                                                                                                                                    • Part of subcall function 032B1F30: GlobalFree.KERNEL32 ref: 032B1F5B
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B21A5
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B21AC
                                                                                                                                  • RegCreateKeyExA.ADVAPI32(-80000001,?,00000000,00000000,00000000,?,00000000,00000000,?), ref: 032B2211
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2223
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B222A
                                                                                                                                  • RegQueryValueExA.ADVAPI32(00010000,00000000,00000000,?,?,00010000), ref: 032B227C
                                                                                                                                  • RegQueryValueExA.ADVAPI32(00010000,?,00000000,?,00000000,00010000), ref: 032B22BE
                                                                                                                                  • RegCloseKey.ADVAPI32(00010000), ref: 032B233B
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2354
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B235E
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2365
                                                                                                                                  • RegSetValueExA.ADVAPI32(00010000,?,00000000,00000007,?,00010000), ref: 032B23F0
                                                                                                                                  • RegCloseKey.ADVAPI32(00010000), ref: 032B23FB
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2414
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B241B
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2425
                                                                                                                                    • Part of subcall function 032B1F00: GlobalFree.KERNEL32 ref: 032B1F1B
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2454
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2474
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2493
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B24A6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc$lstrcpy$Value$CloseQuery$Createlstrcpyn
                                                                                                                                  • String ID: error$success
                                                                                                                                  • API String ID: 4117668844-58590040
                                                                                                                                  • Opcode ID: d653145a1d4cca17f8919f31d1239e38b9d6cb079ac6eba72b6dd7701ab72a57
                                                                                                                                  • Instruction ID: 9aa9b5c9e4c015a6c767d81fc4bdfd709fea0c03b1d85f737f0468ad91163cfa
                                                                                                                                  • Opcode Fuzzy Hash: d653145a1d4cca17f8919f31d1239e38b9d6cb079ac6eba72b6dd7701ab72a57
                                                                                                                                  • Instruction Fuzzy Hash: 81D1C475A20316EBDB15EF65EC45BEEB7B8AF04380F094418ED15EB241D770E990CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AD960 Relevance: 52.7, APIs: 25, Strings: 5, Instructions: 178stringwindowmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                  			E032AD960(void* __ebx, void* __edi, void* __esi, CHAR* _a4, CHAR* _a8) {
				signed int _v8;
				char _v268;
				CHAR* _v272;
				CHAR* _v276;
				void* _v280;
				struct _SHELLEXECUTEINFOA _v340;
				struct tagMSG _v368;
				void* __ebp;
				signed int _t37;
				int _t54;
				int _t55;
				long _t71;
				struct HWND__* _t84;
				void* _t88;
				CHAR* _t93;
				void* _t96;
				signed int _t98;

				_t88 = __edi;
				_t37 =  *0x32ed474; // 0x444d31ba
				_v8 = _t37 ^ _t98;
				_t93 = _a8;
				_v272 = _a4;
				_v276 = _t93;
				E032BEF40(__edi,  &_v268, 0, 0x104);
				GetModuleFileNameA( *0x32efcc4,  &_v268, 0x104);
				PathRemoveFileSpecA( &_v268);
				PathAppendA( &_v268, "LockedList64.dll");
				if(PathFileExistsA( &_v268) != 0) {
					_t84 = CreateWindowExA(0, "STATIC", "LockedList x64 Checker", 0x80000000, 0, 0, 0x64, 0x64, 0xfffffffd, 0,  *0x32efcc4, 0);
					if(IsWindow(_t84) != 0) {
						 *0x32efc6c = SetWindowLongA(_t84, 0xfffffffc, E032ADC10);
					}
					_push(_t88);
					_t54 = lstrlenA(_t93);
					_t55 = lstrlenA(_v272);
					_t96 = LocalAlloc(0x40, lstrlenA("LockedList64.dll") + 0x20 + _t54 + _t55);
					_v280 = _t96;
					wsprintfA(_t96, "%s,%s 0x%p %s", "LockedList64.dll", _v272, _t84, _v276);
					PathRemoveFileSpecA( &_v268);
					_v340.lpVerb = 0;
					asm("xorps xmm0, xmm0");
					_v340.lpDirectory =  &_v268;
					asm("movlpd [ebp-0x130], xmm0");
					asm("movlpd [ebp-0x128], xmm0");
					asm("movlpd [ebp-0x120], xmm0");
					_v340.hProcess = 0;
					_v340.cbSize = 0x3c;
					_v340.fMask = 0x240;
					_v340.hwnd = 0;
					_v340.lpFile = "rundll32.exe";
					_v340.lpParameters = _t96;
					_v340.nShow = 1;
					if(ShellExecuteExA( &_v340) != 0 && _v340.hProcess != 0) {
						_t71 = MsgWaitForMultipleObjects(1,  &(_v340.hProcess), 0, 0xffffffff, 0x1cff);
						if(_t71 != 0) {
							while(_t71 <= 1) {
								if(PeekMessageA( &_v368, 0, 0, 0, 1) != 0) {
									TranslateMessage( &_v368);
									DispatchMessageA( &_v368);
								}
								if(WaitForMultipleObjects(1,  &(_v340.hProcess), 0, 0) == 0x102) {
									_t71 = MsgWaitForMultipleObjects(1,  &(_v340.hProcess), 0, 0xffffffff, 0x1cff);
									if(_t71 != 0) {
										continue;
									}
								}
								goto L12;
							}
						}
						L12:
						CloseHandle(_v340.hProcess);
						_t96 = _v280;
					}
					if(IsWindow(_t84) != 0) {
						SetWindowLongA(_t84, 0xfffffffc,  *0x32efc6c);
						DestroyWindow(_t84);
					}
					LocalFree(_t96);
				}
				return E032BD98D(_v8 ^ _t98);
			}




















                                                                                                                                  0x032ad960
                                                                                                                                  0x032ad969
                                                                                                                                  0x032ad970
                                                                                                                                  0x032ad977
                                                                                                                                  0x032ad97f
                                                                                                                                  0x032ad98e
                                                                                                                                  0x032ad994
                                                                                                                                  0x032ad9ae
                                                                                                                                  0x032ad9bb
                                                                                                                                  0x032ad9cd
                                                                                                                                  0x032ad9e2
                                                                                                                                  0x032ada14
                                                                                                                                  0x032ada1f
                                                                                                                                  0x032ada2f
                                                                                                                                  0x032ada2f
                                                                                                                                  0x032ada34
                                                                                                                                  0x032ada3c
                                                                                                                                  0x032ada46
                                                                                                                                  0x032ada65
                                                                                                                                  0x032ada6e
                                                                                                                                  0x032ada7f
                                                                                                                                  0x032ada8f
                                                                                                                                  0x032ada9b
                                                                                                                                  0x032adaa5
                                                                                                                                  0x032adaa8
                                                                                                                                  0x032adab4
                                                                                                                                  0x032adabd
                                                                                                                                  0x032adac5
                                                                                                                                  0x032adacd
                                                                                                                                  0x032adad7
                                                                                                                                  0x032adae1
                                                                                                                                  0x032adaeb
                                                                                                                                  0x032adaf5
                                                                                                                                  0x032adaff
                                                                                                                                  0x032adb05
                                                                                                                                  0x032adb17
                                                                                                                                  0x032adb42
                                                                                                                                  0x032adb46
                                                                                                                                  0x032adb50
                                                                                                                                  0x032adb68
                                                                                                                                  0x032adb71
                                                                                                                                  0x032adb7e
                                                                                                                                  0x032adb7e
                                                                                                                                  0x032adb9c
                                                                                                                                  0x032adbb0
                                                                                                                                  0x032adbb4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032adbb4
                                                                                                                                  0x00000000
                                                                                                                                  0x032adb9c
                                                                                                                                  0x032adb50
                                                                                                                                  0x032adbb6
                                                                                                                                  0x032adbbc
                                                                                                                                  0x032adbc2
                                                                                                                                  0x032adbc2
                                                                                                                                  0x032adbd2
                                                                                                                                  0x032adbdd
                                                                                                                                  0x032adbe4
                                                                                                                                  0x032adbe4
                                                                                                                                  0x032adbeb
                                                                                                                                  0x032adbf1
                                                                                                                                  0x032adc05

                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameA.KERNEL32(?,00000104), ref: 032AD9AE
                                                                                                                                  • PathRemoveFileSpecA.SHLWAPI(?), ref: 032AD9BB
                                                                                                                                  • PathAppendA.SHLWAPI(?,LockedList64.dll), ref: 032AD9CD
                                                                                                                                  • PathFileExistsA.SHLWAPI(?), ref: 032AD9DA
                                                                                                                                  • CreateWindowExA.USER32 ref: 032ADA0E
                                                                                                                                  • IsWindow.USER32(00000000), ref: 032ADA17
                                                                                                                                  • SetWindowLongA.USER32 ref: 032ADA29
                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 032ADA3C
                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 032ADA46
                                                                                                                                  • lstrlenA.KERNEL32(LockedList64.dll), ref: 032ADA4F
                                                                                                                                  • LocalAlloc.KERNEL32(00000040,-00000020), ref: 032ADA59
                                                                                                                                  • wsprintfA.USER32 ref: 032ADA7F
                                                                                                                                  • PathRemoveFileSpecA.SHLWAPI(?), ref: 032ADA8F
                                                                                                                                  • ShellExecuteExA.SHELL32(?), ref: 032ADB0F
                                                                                                                                  • MsgWaitForMultipleObjects.USER32 ref: 032ADB42
                                                                                                                                  • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 032ADB64
                                                                                                                                  • TranslateMessage.USER32(?), ref: 032ADB71
                                                                                                                                  • DispatchMessageA.USER32 ref: 032ADB7E
                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000001,00000000,00000000,00000000), ref: 032ADB91
                                                                                                                                  • MsgWaitForMultipleObjects.USER32 ref: 032ADBB0
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032ADBBC
                                                                                                                                  • IsWindow.USER32(00000000), ref: 032ADBC9
                                                                                                                                  • SetWindowLongA.USER32 ref: 032ADBDD
                                                                                                                                  • DestroyWindow.USER32(00000000), ref: 032ADBE4
                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 032ADBEB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$FilePath$MessageMultipleObjectsWaitlstrlen$LocalLongRemoveSpec$AllocAppendCloseCreateDestroyDispatchExecuteExistsFreeHandleModuleNamePeekShellTranslatewsprintf
                                                                                                                                  • String ID: %s,%s 0x%p %s$<$LockedList x64 Checker$LockedList64.dll$STATIC
                                                                                                                                  • API String ID: 993462510-4246341245
                                                                                                                                  • Opcode ID: e57d74e02f5e0c7a9bcfb47f6ab4c3610777518878eb6718bd569c02ec2ceedc
                                                                                                                                  • Instruction ID: 56e0490b3e5ba7bd0b52405e3d2b1742df9fdfaaef0dc2dc85e1e6c6a3106d5f
                                                                                                                                  • Opcode Fuzzy Hash: e57d74e02f5e0c7a9bcfb47f6ab4c3610777518878eb6718bd569c02ec2ceedc
                                                                                                                                  • Instruction Fuzzy Hash: B8616C71D41229ABDB60EFA4EC4DFD977B8AB08711F108295F608E6184DBB19AD0CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B4740 Relevance: 51.0, APIs: 26, Strings: 3, Instructions: 256memorystringprocessCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 79%
                                                                                                                                  			E032B4740(void* __ebx, void* __edi, void* __esi, int _a8, intOrPtr _a12, void* _a16) {
				signed int _v8;
				short _v2056;
				short _v4104;
				short _v6152;
				char* _v6156;
				char* _v6160;
				void* _v6164;
				struct _PROCESS_INFORMATION _v6180;
				struct _STARTUPINFOW _v6248;
				void* __ebp;
				signed int _t39;
				void** _t45;
				void* _t61;
				void _t66;
				void* _t74;
				void* _t75;
				void _t80;
				void* _t97;
				void* _t98;
				void* _t102;
				void* _t116;
				int _t119;
				CHAR* _t128;
				void* _t130;
				void* _t131;
				void* _t132;
				void _t139;
				void* _t141;
				void* _t143;
				void* _t144;
				signed int _t146;
				void* _t147;
				void* _t149;

				E032BD9F0();
				_t39 =  *0x32ed474; // 0x444d31ba
				_v8 = _t39 ^ _t146;
				_t119 = _a8;
				_push(__ebx);
				 *0x32efef8 = _a16;
				_push(__esi);
				 *0x32efefc = _a12;
				 *0x32efef4 = _t119;
				_t116 = GlobalAlloc(0x40, _t119 + 1);
				_t45 =  *0x32efef8;
				if(_t45 == 0) {
					L30:
					if(_t116 != 0) {
						GlobalFree(_t116);
					}
					E032B1F00();
					if( *0x32efef8 == 0) {
						goto L17;
					} else {
						_t139 = GlobalAlloc(0x40,  *0x32efef4 + 8);
						_t36 = _t139 + 4; // 0x4
						lstrcpynA(_t36, "error",  *0x32efef4);
						_t130 =  *0x32efef8;
						 *_t139 =  *_t130;
						 *_t130 = _t139;
						return E032BD98D(_v8 ^ _t146);
					}
				} else {
					_t141 =  *_t45;
					if(_t141 == 0) {
						goto L30;
					} else {
						_push(__edi);
						_t6 = _t141 + 4; // 0x76d85484
						lstrcpyA(_t116, _t6);
						_t134 = GlobalFree;
						 *( *0x32efef8) =  *_t141;
						GlobalFree(_t141);
						_t143 = GlobalAlloc(0x40,  *0x32efef4 + 1);
						_t61 =  *0x32efef8;
						_v6160 = _t143;
						if(_t61 == 0) {
							L24:
							if(_t116 != 0) {
								GlobalFree(_t116);
							}
							if(_t143 != 0) {
								GlobalFree(_t143);
							}
							goto L28;
						} else {
							_t66 =  *_t61;
							_v6156 = _t66;
							if(_t66 == 0) {
								goto L24;
							} else {
								lstrcpyA(_t143, _t66 + 4);
								_t131 = _v6156;
								 *( *0x32efef8) =  *_t131;
								GlobalFree(_t131);
								_t128 = GlobalAlloc(0x40,  *0x32efef4 + 1);
								_t74 =  *0x32efef8;
								_v6156 = _t128;
								if(_t74 == 0) {
									L18:
									if(_t116 != 0) {
										GlobalFree(_t116);
									}
									if(_t143 != 0) {
										GlobalFree(_t143);
									}
									_t75 = _v6156;
									if(_t75 == 0) {
										goto L28;
									} else {
										GlobalFree(_t75);
										E032B1F00();
										_push("error");
										goto L16;
									}
									goto L34;
								} else {
									_t80 =  *_t74;
									_v6164 = _t80;
									if(_t80 == 0) {
										goto L18;
									} else {
										lstrcpyA(_t128, _t80 + 4);
										_t132 = _v6164;
										 *( *0x32efef8) =  *_t132;
										GlobalFree(_t132);
										E032BEF40(GlobalFree,  &_v6152, 0, 0x800);
										E032BEF40(GlobalFree,  &_v4104, 0, 0x800);
										E032BEF40(GlobalFree,  &_v2056, 0, 0x800);
										_t144 = MultiByteToWideChar;
										_t149 = _t147 + 0x24;
										MultiByteToWideChar(0, 0, _t116, 0xffffffff,  &_v6152, 0x400);
										MultiByteToWideChar(0, 0, _v6160, 0xffffffff,  &_v4104, 0x400);
										MultiByteToWideChar(0, 0, _v6156, 0xffffffff,  &_v2056, 0x400);
										if(_t116 != 0) {
											GlobalFree(_t116);
										}
										_t97 = _v6160;
										if(_t97 != 0) {
											GlobalFree(_t97);
										}
										_t98 = _v6156;
										if(_t98 != 0) {
											GlobalFree(_t98);
										}
										_t102 = E032B5A00(_t116, _t134, _t144,  &_v6152,  &_v4104,  &_v2056);
										_t147 = _t149 + 0xc;
										if(_t102 != 0) {
											L15:
											E032B1F00();
											_push("success");
										} else {
											_v6248.cb = 0x44;
											asm("xorps xmm0, xmm0");
											asm("movlpd [ebp-0x1860], xmm0");
											asm("movlpd [ebp-0x1858], xmm0");
											asm("movlpd [ebp-0x1850], xmm0");
											asm("movlpd [ebp-0x1848], xmm0");
											asm("movlpd [ebp-0x1840], xmm0");
											asm("movlpd [ebp-0x1838], xmm0");
											asm("movlpd [ebp-0x1830], xmm0");
											asm("movlpd [ebp-0x1828], xmm0");
											asm("movups [ebp-0x1820], xmm0");
											if(CreateProcessW( &_v6152,  &_v4104, 0, 0, 0, 0, 0,  &_v2056,  &_v6248,  &_v6180) == 0) {
												L28:
												E032B1F00();
												_push("error");
											} else {
												CloseHandle(_v6180.hThread);
												CloseHandle(_v6180);
												goto L15;
											}
										}
									}
								}
							}
						}
						L16:
						E032B1FC0();
						L17:
						return E032BD98D(_v8 ^ _t146);
					}
				}
				L34:
			}




































                                                                                                                                  0x032b4748
                                                                                                                                  0x032b474d
                                                                                                                                  0x032b4754
                                                                                                                                  0x032b4757
                                                                                                                                  0x032b475d
                                                                                                                                  0x032b475e
                                                                                                                                  0x032b4766
                                                                                                                                  0x032b476d
                                                                                                                                  0x032b4778
                                                                                                                                  0x032b4780
                                                                                                                                  0x032b4782
                                                                                                                                  0x032b4789
                                                                                                                                  0x032b4a35
                                                                                                                                  0x032b4a37
                                                                                                                                  0x032b4a3a
                                                                                                                                  0x032b4a3a
                                                                                                                                  0x032b4a40
                                                                                                                                  0x032b4a4c
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4a4e
                                                                                                                                  0x032b4a61
                                                                                                                                  0x032b4a68
                                                                                                                                  0x032b4a6c
                                                                                                                                  0x032b4a72
                                                                                                                                  0x032b4a7a
                                                                                                                                  0x032b4a7f
                                                                                                                                  0x032b4a8d
                                                                                                                                  0x032b4a8d
                                                                                                                                  0x032b478f
                                                                                                                                  0x032b478f
                                                                                                                                  0x032b4793
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4799
                                                                                                                                  0x032b4799
                                                                                                                                  0x032b479a
                                                                                                                                  0x032b479f
                                                                                                                                  0x032b47ac
                                                                                                                                  0x032b47b3
                                                                                                                                  0x032b47b5
                                                                                                                                  0x032b47c6
                                                                                                                                  0x032b47c8
                                                                                                                                  0x032b47cd
                                                                                                                                  0x032b47d5
                                                                                                                                  0x032b4a15
                                                                                                                                  0x032b4a17
                                                                                                                                  0x032b4a1a
                                                                                                                                  0x032b4a1a
                                                                                                                                  0x032b4a1e
                                                                                                                                  0x032b4a21
                                                                                                                                  0x032b4a21
                                                                                                                                  0x00000000
                                                                                                                                  0x032b47db
                                                                                                                                  0x032b47db
                                                                                                                                  0x032b47dd
                                                                                                                                  0x032b47e5
                                                                                                                                  0x00000000
                                                                                                                                  0x032b47eb
                                                                                                                                  0x032b47f0
                                                                                                                                  0x032b47f6
                                                                                                                                  0x032b4804
                                                                                                                                  0x032b4806
                                                                                                                                  0x032b4817
                                                                                                                                  0x032b4819
                                                                                                                                  0x032b481e
                                                                                                                                  0x032b4826
                                                                                                                                  0x032b49ee
                                                                                                                                  0x032b49f0
                                                                                                                                  0x032b49f3
                                                                                                                                  0x032b49f3
                                                                                                                                  0x032b49f7
                                                                                                                                  0x032b49fa
                                                                                                                                  0x032b49fa
                                                                                                                                  0x032b49fc
                                                                                                                                  0x032b4a04
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4a06
                                                                                                                                  0x032b4a07
                                                                                                                                  0x032b4a09
                                                                                                                                  0x032b4a0e
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4a0e
                                                                                                                                  0x00000000
                                                                                                                                  0x032b482c
                                                                                                                                  0x032b482c
                                                                                                                                  0x032b482e
                                                                                                                                  0x032b4836
                                                                                                                                  0x00000000
                                                                                                                                  0x032b483c
                                                                                                                                  0x032b4841
                                                                                                                                  0x032b4847
                                                                                                                                  0x032b4855
                                                                                                                                  0x032b4857
                                                                                                                                  0x032b4867
                                                                                                                                  0x032b487a
                                                                                                                                  0x032b488d
                                                                                                                                  0x032b4892
                                                                                                                                  0x032b489e
                                                                                                                                  0x032b48ae
                                                                                                                                  0x032b48c8
                                                                                                                                  0x032b48e2
                                                                                                                                  0x032b48e6
                                                                                                                                  0x032b48e9
                                                                                                                                  0x032b48e9
                                                                                                                                  0x032b48eb
                                                                                                                                  0x032b48f3
                                                                                                                                  0x032b48f6
                                                                                                                                  0x032b48f6
                                                                                                                                  0x032b48f8
                                                                                                                                  0x032b4900
                                                                                                                                  0x032b4903
                                                                                                                                  0x032b4903
                                                                                                                                  0x032b491a
                                                                                                                                  0x032b491f
                                                                                                                                  0x032b4924
                                                                                                                                  0x032b49cb
                                                                                                                                  0x032b49cb
                                                                                                                                  0x032b49d0
                                                                                                                                  0x032b492a
                                                                                                                                  0x032b4930
                                                                                                                                  0x032b4941
                                                                                                                                  0x032b494b
                                                                                                                                  0x032b4964
                                                                                                                                  0x032b4973
                                                                                                                                  0x032b497c
                                                                                                                                  0x032b4984
                                                                                                                                  0x032b498c
                                                                                                                                  0x032b4994
                                                                                                                                  0x032b499c
                                                                                                                                  0x032b49a4
                                                                                                                                  0x032b49b3
                                                                                                                                  0x032b4a23
                                                                                                                                  0x032b4a23
                                                                                                                                  0x032b4a28
                                                                                                                                  0x032b49b5
                                                                                                                                  0x032b49c1
                                                                                                                                  0x032b49c9
                                                                                                                                  0x00000000
                                                                                                                                  0x032b49c9
                                                                                                                                  0x032b49b3
                                                                                                                                  0x032b4924
                                                                                                                                  0x032b4836
                                                                                                                                  0x032b4826
                                                                                                                                  0x032b47e5
                                                                                                                                  0x032b49d5
                                                                                                                                  0x032b49d5
                                                                                                                                  0x032b49de
                                                                                                                                  0x032b49ed
                                                                                                                                  0x032b49ed
                                                                                                                                  0x032b4793
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B477E
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,76D85484), ref: 032B479F
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B47B5
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B47C0
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B47F0
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4806
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B4811
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B4841
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4857
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000400), ref: 032B48AE
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000400), ref: 032B48C8
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000400), ref: 032B48E2
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B48E9
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B48F6
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4903
                                                                                                                                  • CreateProcessW.KERNEL32 ref: 032B49AB
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 032B49C1
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 032B49C9
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B49F3
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B49FA
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4A07
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4A1A
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4A21
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4A3A
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B4A59
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B4A6C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc$ByteCharMultiWidelstrcpy$CloseHandle$CreateProcesslstrcpyn
                                                                                                                                  • String ID: D$error$success
                                                                                                                                  • API String ID: 1425745572-1335275488
                                                                                                                                  • Opcode ID: 2f72883be8f58ddcdbbec444af639a6ec33cb2ab10d33f7e9a72ef8135309ad9
                                                                                                                                  • Instruction ID: 3d0ad0e6ca40c8695e185d53681ddba08ccef0f044d341342bec1ef44bdf18d0
                                                                                                                                  • Opcode Fuzzy Hash: 2f72883be8f58ddcdbbec444af639a6ec33cb2ab10d33f7e9a72ef8135309ad9
                                                                                                                                  • Instruction Fuzzy Hash: A691C376910329ABDB20EF65DD85BD9B3F8EF09740F098295E904E7245DF70AA80CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B9A70 Relevance: 49.3, APIs: 26, Strings: 2, Instructions: 330memorycomCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 51%
                                                                                                                                  			E032B9A70(void* __ebx, intOrPtr* __ecx, intOrPtr __edi, void* __esi, char _a4, intOrPtr _a8, intOrPtr _a12) {
				short _v0;
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				signed int _v100;
				signed int _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				char _v140;
				char _v144;
				char _v148;
				signed int _v152;
				signed int _v156;
				char _v160;
				intOrPtr _v192;
				intOrPtr _v196;
				intOrPtr* _v200;
				intOrPtr _v204;
				intOrPtr _v208;
				intOrPtr _v216;
				intOrPtr _v220;
				intOrPtr _v224;
				intOrPtr _v228;
				intOrPtr _v316;
				char _v324;
				signed int _v328;
				intOrPtr _v332;
				intOrPtr _v336;
				intOrPtr* _v364;
				intOrPtr _v384;
				char _v392;
				signed int _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				intOrPtr _v412;
				intOrPtr* _v440;
				intOrPtr _v464;
				char _v472;
				intOrPtr _v476;
				intOrPtr _v480;
				intOrPtr _v484;
				intOrPtr _v488;
				intOrPtr _v492;
				signed int _t360;
				char* _t368;
				signed int _t394;
				signed int _t395;
				intOrPtr* _t397;
				char* _t401;
				signed int _t429;
				signed int _t441;
				intOrPtr* _t444;
				signed int _t452;
				intOrPtr* _t455;
				intOrPtr* _t466;
				intOrPtr* _t476;
				intOrPtr* _t486;
				intOrPtr* _t488;
				intOrPtr* _t490;
				intOrPtr* _t492;
				intOrPtr* _t496;
				intOrPtr* _t506;
				intOrPtr* _t516;
				intOrPtr* _t518;
				intOrPtr* _t520;
				intOrPtr* _t522;
				char* _t525;
				intOrPtr* _t526;
				intOrPtr* _t528;
				intOrPtr* _t546;
				intOrPtr* _t547;
				char* _t549;
				intOrPtr* _t550;
				intOrPtr* _t552;
				intOrPtr* _t554;
				intOrPtr* _t556;
				intOrPtr* _t558;
				intOrPtr* _t560;
				char* _t562;
				intOrPtr _t566;
				intOrPtr* _t567;
				intOrPtr* _t569;
				intOrPtr* _t571;
				intOrPtr* _t573;
				intOrPtr* _t575;
				intOrPtr* _t577;
				intOrPtr* _t580;
				intOrPtr* _t582;
				intOrPtr* _t585;
				intOrPtr* _t587;
				signed int _t589;
				intOrPtr* _t601;
				signed int* _t603;
				intOrPtr* _t604;
				intOrPtr* _t606;
				intOrPtr* _t608;
				intOrPtr* _t610;
				intOrPtr* _t612;
				signed int* _t614;
				intOrPtr* _t615;
				intOrPtr* _t617;
				intOrPtr* _t619;
				intOrPtr* _t621;
				intOrPtr* _t623;
				intOrPtr* _t626;
				intOrPtr* _t628;
				intOrPtr* _t630;
				intOrPtr* _t632;
				intOrPtr* _t634;
				void* _t636;
				signed int _t639;
				char _t640;
				intOrPtr* _t647;
				intOrPtr* _t648;
				intOrPtr* _t649;
				intOrPtr* _t650;
				intOrPtr* _t651;
				intOrPtr* _t653;
				intOrPtr* _t654;
				intOrPtr* _t655;
				intOrPtr* _t662;
				intOrPtr* _t663;
				intOrPtr* _t664;
				intOrPtr* _t670;
				intOrPtr* _t674;
				intOrPtr* _t675;
				intOrPtr* _t676;
				intOrPtr* _t690;
				intOrPtr* _t691;
				intOrPtr* _t692;
				intOrPtr* _t704;
				intOrPtr* _t707;
				intOrPtr* _t715;
				intOrPtr* _t722;
				intOrPtr* _t723;
				intOrPtr* _t730;
				intOrPtr _t732;
				intOrPtr _t735;
				void* _t736;
				intOrPtr* _t737;
				void* _t746;
				intOrPtr* _t747;
				intOrPtr* _t748;
				intOrPtr* _t752;
				intOrPtr* _t754;
				signed int _t757;
				signed int _t758;
				signed int _t759;
				signed int _t760;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;

				_t735 = __edi;
				_t648 = __ecx;
				_t757 = _t767;
				_push(0xffffffff);
				_push(E032DBBD0);
				_push( *[fs:0x0]);
				_t768 = _t767 - 0x64;
				_push(__edi);
				_t360 =  *0x32ed474; // 0x444d31ba
				_push(_t360 ^ _t757);
				 *[fs:0x0] =  &_v16;
				_v20 = _t768;
				_t746 = __ecx;
				_t639 = 0;
				_v52 = 0;
				_v32 = 0;
				_v44 = 0;
				_v48 = 0;
				_v28 = 0;
				_v36 = 0;
				_v40 = 0;
				_v24 = 0;
				_v8 = 0;
				if( *__ecx == 0) {
					_v56 = 1;
					E032C00D4( &_v56, 0x32e8f54);
					goto L33;
				} else {
					_t589 = _a4;
					if(_t589 == 0) {
						L46:
						_v112 = 7;
						E032C00D4( &_v112, 0x32e8f54);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t757);
						_t758 = _t768;
						_push(0xffffffff);
						_push(E032DBBF0);
						_push( *[fs:0x0]);
						_t769 = _t768 - 0x90;
						_t394 =  *0x32ed474; // 0x444d31ba
						_t395 = _t394 ^ _t758;
						_v156 = _t395;
						_push(_t639);
						_push(_t746);
						_push(_t735);
						_push(_t395);
						 *[fs:0x0] =  &_v148;
						_v152 = _t769;
						_t397 = _t648;
						_v200 = _t397;
						_t649 = _v120;
						_t640 = 0;
						_t736 = 0;
						_v228 = 0;
						_v196 = 0;
						_v204 = 0;
						_v216 = 0;
						_v220 = 0;
						_v224 = 0;
						_v208 = 0;
						_v192 = 0;
						_v140 = 0;
						if( *_t397 == 0) {
							_v104 = 1;
							E032C00D4( &_v104, 0x32e8f54);
							goto L83;
						} else {
							__imp__#2(_t649);
							_t746 = _t397;
							_v88 = _t746;
							__imp__#7(_t746);
							if(_t397 == 0) {
								L83:
								_v108 = 0xb;
								_t401 = E032C00D4( &_v108, 0x32e8f54);
								goto L84;
							} else {
								_t649 = _v72;
								_t401 =  &_v84;
								_push(_t401);
								_push(_t746);
								_push(_a4);
								_push(_v0);
								L140();
								if(_t401 != 0) {
									L84:
									_v112 = _t401;
									E032C00D4( &_v112, 0x32e8f54);
									goto L85;
								} else {
									if(_v84 != _t401) {
										L66:
										_v12 = 0xffffffff;
										if(_t746 == 0) {
											_t752 = __imp__#6;
										} else {
											_t752 = __imp__#6;
											 *_t752(_t746);
										}
										if(_t640 != 0) {
											 *_t752(_t640);
										}
										if(_t736 != 0) {
											 *_t752(_t736);
										}
										_t674 = _v68;
										if(_t674 != 0) {
											 *((intOrPtr*)( *_t674 + 8))(_t674);
										}
										_t675 = _v76;
										if(_t675 != 0) {
											 *((intOrPtr*)( *_t675 + 8))(_t675);
										}
										_t676 = _v64;
										if(_t676 != 0) {
											 *((intOrPtr*)( *_t676 + 8))(_t676);
										}
										_t723 = _v80;
										if(_t723 != 0) {
											 *((intOrPtr*)( *_t723 + 8))(_t723);
										}
										 *[fs:0x0] = _v20;
										return E032BD98D(_v28 ^ _t758);
									} else {
										_t546 = _v72;
										if( *((intOrPtr*)(_t546 + 4)) == 0) {
											_t547 =  *_t546;
											_push( &_v76);
											_push(_t547);
											_t649 =  *_t547;
											if( *((intOrPtr*)(_t649 + 0x48))() < 0) {
												goto L89;
											} else {
												_t549 =  &_v68;
												__imp__CoCreateInstance(0x32dd028, 0, 1, 0x32dd038, _t549);
												if(_t549 < 0) {
													goto L90;
												} else {
													_t550 = _v68;
													_push(_v0);
													_push(_t550);
													_t649 =  *_t550;
													if( *((intOrPtr*)(_t649 + 0x38))() < 0) {
														goto L91;
													} else {
														_t552 = _v68;
														_push(_a4);
														_push(_t552);
														_t649 =  *_t552;
														if( *((intOrPtr*)(_t649 + 0x30))() < 0) {
															goto L92;
														} else {
															_t554 = _v68;
															_push(0);
															_push(_t554);
															_t649 =  *_t554;
															if( *((intOrPtr*)(_t649 + 0x40))() < 0) {
																goto L93;
															} else {
																_t556 = _v68;
																_push(2);
																_push(_t556);
																_t649 =  *_t556;
																if( *((intOrPtr*)(_t649 + 0x28))() < 0) {
																	goto L94;
																} else {
																	_t558 = _v68;
																	_push(_t746);
																	_push(_t558);
																	_t649 =  *_t558;
																	if( *((intOrPtr*)(_t649 + 0x20))() < 0) {
																		goto L95;
																	} else {
																		_t560 = _v76;
																		_push(_v68);
																		_push(_t560);
																		_t649 =  *_t560;
																		if( *((intOrPtr*)(_t649 + 0x20))() < 0) {
																			goto L96;
																		} else {
																			goto L66;
																		}
																	}
																}
															}
														}
													}
												}
											}
										} else {
											_t562 =  &_v64;
											__imp__CoCreateInstance(0x32dcfc8, 0, 1, 0x32dcfd8, _t562);
											if(_t562 < 0) {
												L85:
												_v116 = 0x1b;
												E032C00D4( &_v116, 0x32e8f54);
												goto L86;
											} else {
												E032B6860(_t649,  &_v60, 0x10, 0x32dd048, _v0);
												_t736 = __imp__#2;
												_t769 = _t769 + 0x10;
												_t566 =  *_t736( &_v60);
												_t640 = _t566;
												_v92 = _t640;
												__imp__#7(_t640);
												if(_t566 == 0) {
													L86:
													_v120 = 0xb;
													E032C00D4( &_v120, 0x32e8f54);
													goto L87;
												} else {
													_t567 = _v64;
													 *((intOrPtr*)( *_t567 + 0xa8))(_t567, 1);
													_t569 = _v64;
													 *((intOrPtr*)( *_t569 + 0x20))(_t569, _t746);
													_t571 = _v64;
													 *((intOrPtr*)( *_t571 + 0x28))(_t571, _t746);
													_t573 = _v64;
													 *((intOrPtr*)( *_t573 + 0x40))(_t573, _a4);
													_t575 = _v64;
													 *((intOrPtr*)( *_t575 + 0x48))(_t575, _t640);
													_t577 = _v64;
													 *((intOrPtr*)( *_t577 + 0x88))(_t577, 0xffffffff);
													_t736 =  *_t736(L"All");
													_t580 = _v64;
													_v96 = _t736;
													 *((intOrPtr*)( *_t580 + 0x80))(_t580, _t736);
													_t582 = _v64;
													 *((intOrPtr*)( *_t582 + 0x98))(_t582, 0x7fffffff);
													_push( &_v80);
													_t585 =  *((intOrPtr*)(_v72 + 4));
													_push(_t585);
													_t649 =  *_t585;
													if( *((intOrPtr*)(_t649 + 0x48))() < 0) {
														L87:
														_v124 = 0x1c;
														E032C00D4( &_v124, 0x32e8f54);
														goto L88;
													} else {
														_t587 = _v80;
														_push(_v64);
														_push(_t587);
														_t649 =  *_t587;
														if( *((intOrPtr*)(_t649 + 0x20))() < 0) {
															L88:
															_v128 = 0x1d;
															E032C00D4( &_v128, 0x32e8f54);
															L89:
															_v132 = 0x10;
															E032C00D4( &_v132, 0x32e8f54);
															L90:
															_v136 = 0x13;
															E032C00D4( &_v136, 0x32e8f54);
															L91:
															_v140 = 0x14;
															E032C00D4( &_v140, 0x32e8f54);
															L92:
															_v144 = 0x15;
															E032C00D4( &_v144, 0x32e8f54);
															L93:
															_v148 = 0x19;
															E032C00D4( &_v148, 0x32e8f54);
															L94:
															_v152 = 0x1a;
															E032C00D4( &_v152, 0x32e8f54);
															L95:
															_v156 = 0xd;
															E032C00D4( &_v156, 0x32e8f54);
															L96:
															_v160 = 0xe;
															E032C00D4( &_v160, 0x32e8f54);
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															_push(_t758);
															_t759 = _t769;
															_push(0xffffffff);
															_push(E032DBC20);
															_push( *[fs:0x0]);
															_t770 = _t769 - 0x24;
															_push(_t640);
															_push(_t746);
															_push(_t736);
															_t429 =  *0x32ed474; // 0x444d31ba
															_push(_t429 ^ _t759);
															 *[fs:0x0] =  &_v324;
															_v328 = _t770;
															_t737 = _t649;
															_v336 = 0;
															_v332 = 0;
															_v316 = 0;
															if( *_t737 != 0) {
																_v40 = 1;
																E032C00D4( &_v40, 0x32e8f54);
																goto L108;
															} else {
																__imp__CoCreateInstance(0x32dcf88, 0, 1, 0x32dcf98, _t737 + 4);
																_t525 =  &_v36;
																__imp__CoCreateInstance(0x32dcfa8, 0, 1, 0x32dcfb8, _t525);
																if(_t525 < 0) {
																	L108:
																	_v44 = 2;
																	E032C00D4( &_v44, 0x32e8f54);
																	goto L109;
																} else {
																	_t526 = _v36;
																	_push( &_v32);
																	_push(_t526);
																	_t649 =  *_t526;
																	if( *((intOrPtr*)(_t649 + 0x1c))() < 0) {
																		L109:
																		_v48 = 3;
																		E032C00D4( &_v48, 0x32e8f54);
																		goto L110;
																	} else {
																		_t528 = _v32;
																		_push(_t737);
																		_push(_t528);
																		_t649 =  *_t528;
																		if( *((intOrPtr*)(_t649 + 0x1c))() < 0) {
																			L110:
																			_v52 = 4;
																			E032C00D4( &_v52, 0x32e8f54);
																			asm("int3");
																			_push(_t759);
																			_t760 = _t770;
																			_push(0xffffffff);
																			_push(E032DBC40);
																			_push( *[fs:0x0]);
																			_t771 = _t770 - 0x30;
																			_push(0);
																			_push(_t746);
																			_push(_t737);
																			_t441 =  *0x32ed474; // 0x444d31ba
																			_push(_t441 ^ _t760);
																			 *[fs:0x0] =  &_v392;
																			_v396 = _t771;
																			_t444 = _t649;
																			_t747 = _v364;
																			_v404 = 0;
																			_v408 = 0;
																			_v412 = 0;
																			 *_t747 = 0;
																			_t650 =  *((intOrPtr*)(_t444 + 4));
																			_v400 = 0;
																			_v384 = 0;
																			if(_t650 == 0) {
																				_t650 =  *_t444;
																				if(_t650 == 0) {
																					goto L137;
																				} else {
																					_push( &_v44);
																					_push(_t650);
																					if( *((intOrPtr*)( *_t650 + 0x50))() < 0) {
																						goto L138;
																					} else {
																						_t496 = _v44;
																						_push( &_v40);
																						_push(_v8);
																						_push(_t496);
																						if( *((intOrPtr*)( *_t496 + 0x28))() < 0) {
																							goto L125;
																						} else {
																							_t506 = _v40;
																							_push( &_v0);
																							_push(_t506);
																							_t650 =  *_t506;
																							if( *((intOrPtr*)(_t650 + 0x44))() < 0) {
																								goto L139;
																							} else {
																								if(_v0 == 0xffff) {
																									 *_t747 = 1;
																								}
																								goto L125;
																							}
																						}
																					}
																				}
																			} else {
																				_push( &_v48);
																				_push(_t650);
																				if( *((intOrPtr*)( *_t650 + 0x48))() < 0) {
																					_v52 = 0x1c;
																					E032C00D4( &_v52, 0x32e8f54);
																					goto L135;
																				} else {
																					_t516 = _v48;
																					_push( &_v36);
																					_push(_v4);
																					_push(_t516);
																					if( *((intOrPtr*)( *_t516 + 0x28))() < 0) {
																						L125:
																						_t662 = _v40;
																						_v20 = 0xffffffff;
																						if(_t662 != 0) {
																							 *((intOrPtr*)( *_t662 + 8))(_t662);
																						}
																						_t663 = _v44;
																						if(_t663 != 0) {
																							 *((intOrPtr*)( *_t663 + 8))(_t663);
																						}
																						_t664 = _v36;
																						if(_t664 != 0) {
																							 *((intOrPtr*)( *_t664 + 8))(_t664);
																						}
																						_t715 = _v48;
																						if(_t715 != 0) {
																							 *((intOrPtr*)( *_t715 + 8))(_t715);
																						}
																						 *[fs:0x0] = _v28;
																						return 0;
																					} else {
																						_t518 = _v36;
																						_push( &_v0);
																						_push(_t518);
																						_t650 =  *_t518;
																						if( *((intOrPtr*)(_t650 + 0x84))() < 0) {
																							L135:
																							_v56 = 9;
																							E032C00D4( &_v56, 0x32e8f54);
																							goto L136;
																						} else {
																							if(_v0 != 0xffff) {
																								goto L125;
																							} else {
																								_t520 = _v36;
																								 *_t747 = 1;
																								_push( &_v4);
																								_push(_t520);
																								_t650 =  *_t520;
																								if( *((intOrPtr*)(_t650 + 0x94))() < 0) {
																									L136:
																									_v60 = 9;
																									E032C00D4( &_v60, 0x32e8f54);
																									L137:
																									_v64 = 1;
																									E032C00D4( &_v64, 0x32e8f54);
																									L138:
																									_v68 = 8;
																									E032C00D4( &_v68, 0x32e8f54);
																									L139:
																									_v72 = 9;
																									E032C00D4( &_v72, 0x32e8f54);
																									asm("int3");
																									asm("int3");
																									asm("int3");
																									asm("int3");
																									asm("int3");
																									asm("int3");
																									asm("int3");
																									asm("int3");
																									asm("int3");
																									_push(_t760);
																									_push(0xffffffff);
																									_push(E032DBC60);
																									_push( *[fs:0x0]);
																									_push(0);
																									_push(_t747);
																									_push(0);
																									_t452 =  *0x32ed474; // 0x444d31ba
																									_push(_t452 ^ _t771);
																									 *[fs:0x0] =  &_v472;
																									_v476 = _t771 - 0x30;
																									_t455 = _t650;
																									_t748 = _v440;
																									_v484 = 0;
																									_v488 = 0;
																									_v492 = 0;
																									 *_t748 = 0;
																									_t651 =  *((intOrPtr*)(_t455 + 4));
																									_v480 = 0;
																									_v464 = 0;
																									if(_t651 == 0) {
																										_t651 =  *_t455;
																										if(_t651 == 0) {
																											goto L166;
																										} else {
																											_push( &_v48);
																											_push(_t651);
																											if( *((intOrPtr*)( *_t651 + 0x48))() < 0) {
																												goto L167;
																											} else {
																												_t466 = _v48;
																												_push( &_v44);
																												_push(_v8);
																												_push(_v12);
																												_push(_t466);
																												if( *((intOrPtr*)( *_t466 + 0x28))() < 0) {
																													goto L154;
																												} else {
																													_t476 = _v44;
																													_push( &_v0);
																													_push(_t476);
																													_t651 =  *_t476;
																													if( *((intOrPtr*)(_t651 + 0x4c))() < 0) {
																														goto L168;
																													} else {
																														if(_v0 == 0xffff) {
																															 *_t748 = 1;
																														}
																														goto L154;
																													}
																												}
																											}
																										}
																									} else {
																										_push( &_v52);
																										_push(_t651);
																										if( *((intOrPtr*)( *_t651 + 0x48))() < 0) {
																											_v56 = 0x1c;
																											E032C00D4( &_v56, 0x32e8f54);
																											goto L164;
																										} else {
																											_t486 = _v52;
																											_push( &_v40);
																											_push(_v4);
																											_push(_t486);
																											if( *((intOrPtr*)( *_t486 + 0x28))() < 0) {
																												L154:
																												_t653 = _v44;
																												_v24 = 0xffffffff;
																												if(_t653 != 0) {
																													 *((intOrPtr*)( *_t653 + 8))(_t653);
																												}
																												_t654 = _v48;
																												if(_t654 != 0) {
																													 *((intOrPtr*)( *_t654 + 8))(_t654);
																												}
																												_t655 = _v40;
																												if(_t655 != 0) {
																													 *((intOrPtr*)( *_t655 + 8))(_t655);
																												}
																												_t707 = _v52;
																												if(_t707 != 0) {
																													 *((intOrPtr*)( *_t707 + 8))(_t707);
																												}
																												 *[fs:0x0] = _v32;
																												return 0;
																											} else {
																												_t488 = _v40;
																												_push( &_v0);
																												_push(_t488);
																												_t651 =  *_t488;
																												if( *((intOrPtr*)(_t651 + 0x84))() < 0) {
																													L164:
																													_v60 = 9;
																													E032C00D4( &_v60, 0x32e8f54);
																													goto L165;
																												} else {
																													if(_v0 != 0xffff) {
																														goto L154;
																													} else {
																														_t490 = _v40;
																														 *_t748 = 1;
																														_push( &_v4);
																														_push(_t490);
																														_t651 =  *_t490;
																														if( *((intOrPtr*)(_t651 + 0x94))() < 0) {
																															L165:
																															_v64 = 9;
																															E032C00D4( &_v64, 0x32e8f54);
																															L166:
																															_v68 = 1;
																															E032C00D4( &_v68, 0x32e8f54);
																															L167:
																															_v72 = 0x10;
																															E032C00D4( &_v72, 0x32e8f54);
																															L168:
																															_v76 = 0x11;
																															E032C00D4( &_v76, 0x32e8f54);
																															asm("int3");
																															asm("int3");
																															asm("int3");
																															asm("int3");
																															asm("int3");
																															asm("int3");
																															if( *_t651 != 0 ||  *((intOrPtr*)(_t651 + 4)) != 0) {
																																return 1;
																															} else {
																																return 0;
																															}
																														} else {
																															if(_v4 != 0x7fffffff) {
																																_t492 = _v40;
																																 *((intOrPtr*)( *_t492 + 0x98))(_t492, 0x7fffffff);
																															}
																															goto L154;
																														}
																													}
																												}
																											}
																										}
																									}
																								} else {
																									if(_v4 != 0x7fffffff) {
																										_t522 = _v36;
																										 *((intOrPtr*)( *_t522 + 0x98))(_t522, 0x7fffffff);
																									}
																									goto L125;
																								}
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t670 = _v32;
																			_v16 = 0xffffffff;
																			if(_t670 != 0) {
																				 *((intOrPtr*)( *_t670 + 8))(_t670);
																			}
																			_t722 = _v36;
																			if(_t722 != 0) {
																				 *((intOrPtr*)( *_t722 + 8))(_t722);
																			}
																			 *[fs:0x0] = _v24;
																			return 0;
																		}
																	}
																}
															}
														} else {
															goto L66;
														}
													}
												}
											}
										}
									}
								}
							}
						}
					} else {
						_t735 = _a12;
						if(_t735 == 0) {
							goto L46;
						} else {
							__imp__#2(_t589);
							_v32 = _t589;
							__imp__#7(_t589);
							if(_t589 == 0) {
								L33:
								_v60 = 0xb;
								E032C00D4( &_v60, 0x32e8f54);
								goto L34;
							} else {
								__imp__#2(_t735);
								_t735 = _t589;
								_v44 = _t735;
								__imp__#7(_t735);
								if(_t589 == 0) {
									L34:
									_v64 = 0xb;
									_t368 = E032C00D4( &_v64, 0x32e8f54);
									goto L35;
								} else {
									_t368 =  &_a4;
									_t648 = __ecx;
									_push(_t368);
									_push(_t735);
									_push(_v32);
									L111();
									if(_t368 != 0) {
										L35:
										_v68 = _t368;
										E032C00D4( &_v68, 0x32e8f54);
										goto L36;
									} else {
										if(_a4 != _t368) {
											L23:
											_t754 = __imp__#6;
											_v8 = 0xffffffff;
											 *_t754(_v32);
											 *_t754(_t735);
											 *_t754(_t639);
											_t690 = _v28;
											if(_t690 != 0) {
												 *((intOrPtr*)( *_t690 + 8))(_t690);
											}
											_t691 = _v36;
											if(_t691 != 0) {
												 *((intOrPtr*)( *_t691 + 8))(_t691);
											}
											_t692 = _v24;
											if(_t692 != 0) {
												 *((intOrPtr*)( *_t692 + 8))(_t692);
											}
											_t730 = _v40;
											if(_t730 != 0) {
												 *((intOrPtr*)( *_t730 + 8))(_t730);
											}
											 *[fs:0x0] = _v16;
											return _v52;
										} else {
											if( *((intOrPtr*)(__ecx + 4)) == _t368) {
												_t601 =  *__ecx;
												_push( &_v36);
												_push(_t601);
												_t648 =  *_t601;
												if( *((intOrPtr*)(_t648 + 0x50))() < 0) {
													goto L39;
												} else {
													_t603 =  &_v28;
													__imp__CoCreateInstance(0x32dcfe8, 0, 1, 0x32dcff8, _t603);
													if(_t603 < 0) {
														goto L40;
													} else {
														_t604 = _v28;
														_push(_v32);
														_push(_t604);
														_t648 =  *_t604;
														if( *((intOrPtr*)(_t648 + 0x28))() < 0) {
															goto L41;
														} else {
															_t606 = _v28;
															_push(0);
															_push(_t606);
															_t648 =  *_t606;
															if( *((intOrPtr*)(_t648 + 0x38))() < 0) {
																goto L42;
															} else {
																_t608 = _v28;
																_push(2);
																_push(_t608);
																_t648 =  *_t608;
																if( *((intOrPtr*)(_t648 + 0x30))() < 0) {
																	goto L43;
																} else {
																	_t610 = _v28;
																	_push(_t735);
																	_push(_t610);
																	_t648 =  *_t610;
																	if( *((intOrPtr*)(_t648 + 0x20))() < 0) {
																		goto L44;
																	} else {
																		_t612 = _v36;
																		_push(_v28);
																		_push(_t612);
																		_t648 =  *_t612;
																		if( *((intOrPtr*)(_t648 + 0x20))() < 0) {
																			goto L45;
																		} else {
																			goto L23;
																		}
																	}
																}
															}
														}
													}
												}
											} else {
												_t614 =  &_v24;
												__imp__CoCreateInstance(0x32dcfc8, 0, 1, 0x32dcfd8, _t614);
												if(_t614 < 0) {
													L36:
													_v72 = 0x1b;
													E032C00D4( &_v72, 0x32e8f54);
													goto L37;
												} else {
													_t615 = _v24;
													 *((intOrPtr*)( *_t615 + 0xa8))(_t615, 1);
													_t617 = _v24;
													 *((intOrPtr*)( *_t617 + 0x20))(_t617, _t735);
													_t619 = _v24;
													 *((intOrPtr*)( *_t619 + 0x28))(_t619, _t735);
													_t621 = _v24;
													 *((intOrPtr*)( *_t621 + 0x30))(_t621, _v32);
													_t732 = _a8;
													if(_t732 == 0x100) {
														_t647 = __imp__#2;
													} else {
														_t634 = _v24;
														 *((intOrPtr*)( *_t634 + 0x40))(_t634, _t732);
														_t647 = __imp__#2;
														_t636 =  *_t647(L"LocalSubnet");
														_t704 = _v24;
														 *((intOrPtr*)( *_t704 + 0x60))(_t704, _t636);
													}
													_t623 = _v24;
													 *((intOrPtr*)( *_t623 + 0x88))(_t623, 0xffffffff);
													_t639 =  *_t647(L"All");
													_t626 = _v24;
													_v48 = _t639;
													 *((intOrPtr*)( *_t626 + 0x80))(_t626, _t639);
													_t628 = _v24;
													 *((intOrPtr*)( *_t628 + 0x98))(_t628, 0x7fffffff);
													_t630 =  *((intOrPtr*)(_t746 + 4));
													_push( &_v40);
													_push(_t630);
													_t648 =  *_t630;
													if( *((intOrPtr*)(_t648 + 0x48))() < 0) {
														L37:
														_v76 = 0x1c;
														E032C00D4( &_v76, 0x32e8f54);
														goto L38;
													} else {
														_t632 = _v40;
														_push(_v24);
														_push(_t632);
														_t648 =  *_t632;
														if( *((intOrPtr*)(_t648 + 0x20))() < 0) {
															L38:
															_v80 = 0x1d;
															E032C00D4( &_v80, 0x32e8f54);
															L39:
															_v84 = 8;
															E032C00D4( &_v84, 0x32e8f54);
															L40:
															_v88 = 0xa;
															E032C00D4( &_v88, 0x32e8f54);
															L41:
															_v92 = 0xc;
															E032C00D4( &_v92, 0x32e8f54);
															L42:
															_v96 = 0x19;
															E032C00D4( &_v96, 0x32e8f54);
															L43:
															_v100 = 0x1a;
															E032C00D4( &_v100, 0x32e8f54);
															L44:
															_v104 = 0xd;
															E032C00D4( &_v104, 0x32e8f54);
															L45:
															_v108 = 0xe;
															E032C00D4( &_v108, 0x32e8f54);
															goto L46;
														} else {
															goto L23;
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}

























































































































































































                                                                                                                                  0x032b9a70
                                                                                                                                  0x032b9a70
                                                                                                                                  0x032b9a71
                                                                                                                                  0x032b9a73
                                                                                                                                  0x032b9a75
                                                                                                                                  0x032b9a80
                                                                                                                                  0x032b9a81
                                                                                                                                  0x032b9a86
                                                                                                                                  0x032b9a87
                                                                                                                                  0x032b9a8e
                                                                                                                                  0x032b9a92
                                                                                                                                  0x032b9a98
                                                                                                                                  0x032b9a9b
                                                                                                                                  0x032b9a9d
                                                                                                                                  0x032b9a9f
                                                                                                                                  0x032b9aa6
                                                                                                                                  0x032b9aad
                                                                                                                                  0x032b9ab4
                                                                                                                                  0x032b9ab7
                                                                                                                                  0x032b9aba
                                                                                                                                  0x032b9abd
                                                                                                                                  0x032b9ac0
                                                                                                                                  0x032b9ac3
                                                                                                                                  0x032b9ac8
                                                                                                                                  0x032b9d41
                                                                                                                                  0x032b9d49
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9ace
                                                                                                                                  0x032b9ace
                                                                                                                                  0x032b9ad3
                                                                                                                                  0x032b9e5b
                                                                                                                                  0x032b9e63
                                                                                                                                  0x032b9e6b
                                                                                                                                  0x032b9e70
                                                                                                                                  0x032b9e71
                                                                                                                                  0x032b9e72
                                                                                                                                  0x032b9e73
                                                                                                                                  0x032b9e74
                                                                                                                                  0x032b9e75
                                                                                                                                  0x032b9e76
                                                                                                                                  0x032b9e77
                                                                                                                                  0x032b9e78
                                                                                                                                  0x032b9e79
                                                                                                                                  0x032b9e7a
                                                                                                                                  0x032b9e7b
                                                                                                                                  0x032b9e7c
                                                                                                                                  0x032b9e7d
                                                                                                                                  0x032b9e7e
                                                                                                                                  0x032b9e7f
                                                                                                                                  0x032b9e80
                                                                                                                                  0x032b9e81
                                                                                                                                  0x032b9e83
                                                                                                                                  0x032b9e85
                                                                                                                                  0x032b9e90
                                                                                                                                  0x032b9e91
                                                                                                                                  0x032b9e97
                                                                                                                                  0x032b9e9c
                                                                                                                                  0x032b9e9e
                                                                                                                                  0x032b9ea1
                                                                                                                                  0x032b9ea2
                                                                                                                                  0x032b9ea3
                                                                                                                                  0x032b9ea4
                                                                                                                                  0x032b9ea8
                                                                                                                                  0x032b9eae
                                                                                                                                  0x032b9eb1
                                                                                                                                  0x032b9eb3
                                                                                                                                  0x032b9eb6
                                                                                                                                  0x032b9eb9
                                                                                                                                  0x032b9ebb
                                                                                                                                  0x032b9ebd
                                                                                                                                  0x032b9ec4
                                                                                                                                  0x032b9ecb
                                                                                                                                  0x032b9ed2
                                                                                                                                  0x032b9ed9
                                                                                                                                  0x032b9edc
                                                                                                                                  0x032b9edf
                                                                                                                                  0x032b9ee2
                                                                                                                                  0x032b9ee5
                                                                                                                                  0x032b9eea
                                                                                                                                  0x032ba184
                                                                                                                                  0x032ba18c
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9ef0
                                                                                                                                  0x032b9ef1
                                                                                                                                  0x032b9ef7
                                                                                                                                  0x032b9efa
                                                                                                                                  0x032b9efd
                                                                                                                                  0x032b9f05
                                                                                                                                  0x032ba191
                                                                                                                                  0x032ba199
                                                                                                                                  0x032ba1a1
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9f0b
                                                                                                                                  0x032b9f0b
                                                                                                                                  0x032b9f0e
                                                                                                                                  0x032b9f11
                                                                                                                                  0x032b9f12
                                                                                                                                  0x032b9f13
                                                                                                                                  0x032b9f16
                                                                                                                                  0x032b9f19
                                                                                                                                  0x032b9f20
                                                                                                                                  0x032ba1a6
                                                                                                                                  0x032ba1a6
                                                                                                                                  0x032ba1b2
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9f26
                                                                                                                                  0x032b9f29
                                                                                                                                  0x032ba0fd
                                                                                                                                  0x032ba0fd
                                                                                                                                  0x032ba106
                                                                                                                                  0x032ba113
                                                                                                                                  0x032ba108
                                                                                                                                  0x032ba109
                                                                                                                                  0x032ba10f
                                                                                                                                  0x032ba10f
                                                                                                                                  0x032ba11b
                                                                                                                                  0x032ba11e
                                                                                                                                  0x032ba11e
                                                                                                                                  0x032ba122
                                                                                                                                  0x032ba125
                                                                                                                                  0x032ba125
                                                                                                                                  0x032ba127
                                                                                                                                  0x032ba12c
                                                                                                                                  0x032ba131
                                                                                                                                  0x032ba131
                                                                                                                                  0x032ba134
                                                                                                                                  0x032ba139
                                                                                                                                  0x032ba13e
                                                                                                                                  0x032ba13e
                                                                                                                                  0x032ba141
                                                                                                                                  0x032ba146
                                                                                                                                  0x032ba14b
                                                                                                                                  0x032ba14b
                                                                                                                                  0x032ba14e
                                                                                                                                  0x032ba153
                                                                                                                                  0x032ba158
                                                                                                                                  0x032ba158
                                                                                                                                  0x032ba161
                                                                                                                                  0x032ba179
                                                                                                                                  0x032b9f2f
                                                                                                                                  0x032b9f2f
                                                                                                                                  0x032b9f35
                                                                                                                                  0x032ba033
                                                                                                                                  0x032ba038
                                                                                                                                  0x032ba039
                                                                                                                                  0x032ba03a
                                                                                                                                  0x032ba041
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba047
                                                                                                                                  0x032ba047
                                                                                                                                  0x032ba059
                                                                                                                                  0x032ba061
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba067
                                                                                                                                  0x032ba067
                                                                                                                                  0x032ba06d
                                                                                                                                  0x032ba06e
                                                                                                                                  0x032ba06f
                                                                                                                                  0x032ba076
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba07c
                                                                                                                                  0x032ba07c
                                                                                                                                  0x032ba082
                                                                                                                                  0x032ba083
                                                                                                                                  0x032ba084
                                                                                                                                  0x032ba08b
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba091
                                                                                                                                  0x032ba091
                                                                                                                                  0x032ba094
                                                                                                                                  0x032ba096
                                                                                                                                  0x032ba097
                                                                                                                                  0x032ba09e
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba0a4
                                                                                                                                  0x032ba0a4
                                                                                                                                  0x032ba0a7
                                                                                                                                  0x032ba0a9
                                                                                                                                  0x032ba0aa
                                                                                                                                  0x032ba0b1
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba0b7
                                                                                                                                  0x032ba0b7
                                                                                                                                  0x032ba0ba
                                                                                                                                  0x032ba0bb
                                                                                                                                  0x032ba0bc
                                                                                                                                  0x032ba0c3
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba0c9
                                                                                                                                  0x032ba0c9
                                                                                                                                  0x032ba0cc
                                                                                                                                  0x032ba0cf
                                                                                                                                  0x032ba0d0
                                                                                                                                  0x032ba0d7
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba0dd
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba0dd
                                                                                                                                  0x032ba0d7
                                                                                                                                  0x032ba0c3
                                                                                                                                  0x032ba0b1
                                                                                                                                  0x032ba09e
                                                                                                                                  0x032ba08b
                                                                                                                                  0x032ba076
                                                                                                                                  0x032ba061
                                                                                                                                  0x032b9f3b
                                                                                                                                  0x032b9f3b
                                                                                                                                  0x032b9f4c
                                                                                                                                  0x032b9f54
                                                                                                                                  0x032ba1b7
                                                                                                                                  0x032ba1bf
                                                                                                                                  0x032ba1c7
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9f5a
                                                                                                                                  0x032b9f69
                                                                                                                                  0x032b9f6e
                                                                                                                                  0x032b9f77
                                                                                                                                  0x032b9f7b
                                                                                                                                  0x032b9f7d
                                                                                                                                  0x032b9f80
                                                                                                                                  0x032b9f83
                                                                                                                                  0x032b9f8b
                                                                                                                                  0x032ba1cc
                                                                                                                                  0x032ba1d4
                                                                                                                                  0x032ba1dc
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9f91
                                                                                                                                  0x032b9f91
                                                                                                                                  0x032b9f99
                                                                                                                                  0x032b9f9f
                                                                                                                                  0x032b9fa6
                                                                                                                                  0x032b9fa9
                                                                                                                                  0x032b9fb0
                                                                                                                                  0x032b9fb3
                                                                                                                                  0x032b9fbd
                                                                                                                                  0x032b9fc0
                                                                                                                                  0x032b9fc7
                                                                                                                                  0x032b9fca
                                                                                                                                  0x032b9fd2
                                                                                                                                  0x032b9fdf
                                                                                                                                  0x032b9fe1
                                                                                                                                  0x032b9fe6
                                                                                                                                  0x032b9feb
                                                                                                                                  0x032b9ff1
                                                                                                                                  0x032b9ffc
                                                                                                                                  0x032ba008
                                                                                                                                  0x032ba009
                                                                                                                                  0x032ba00c
                                                                                                                                  0x032ba00d
                                                                                                                                  0x032ba014
                                                                                                                                  0x032ba1e1
                                                                                                                                  0x032ba1e9
                                                                                                                                  0x032ba1f1
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba01a
                                                                                                                                  0x032ba01a
                                                                                                                                  0x032ba01d
                                                                                                                                  0x032ba020
                                                                                                                                  0x032ba021
                                                                                                                                  0x032ba028
                                                                                                                                  0x032ba1f6
                                                                                                                                  0x032ba1fe
                                                                                                                                  0x032ba206
                                                                                                                                  0x032ba20b
                                                                                                                                  0x032ba213
                                                                                                                                  0x032ba21b
                                                                                                                                  0x032ba220
                                                                                                                                  0x032ba228
                                                                                                                                  0x032ba230
                                                                                                                                  0x032ba235
                                                                                                                                  0x032ba240
                                                                                                                                  0x032ba24b
                                                                                                                                  0x032ba250
                                                                                                                                  0x032ba25b
                                                                                                                                  0x032ba266
                                                                                                                                  0x032ba26b
                                                                                                                                  0x032ba276
                                                                                                                                  0x032ba281
                                                                                                                                  0x032ba286
                                                                                                                                  0x032ba291
                                                                                                                                  0x032ba29c
                                                                                                                                  0x032ba2a1
                                                                                                                                  0x032ba2ac
                                                                                                                                  0x032ba2b7
                                                                                                                                  0x032ba2bc
                                                                                                                                  0x032ba2c7
                                                                                                                                  0x032ba2d2
                                                                                                                                  0x032ba2d7
                                                                                                                                  0x032ba2d8
                                                                                                                                  0x032ba2d9
                                                                                                                                  0x032ba2da
                                                                                                                                  0x032ba2db
                                                                                                                                  0x032ba2dc
                                                                                                                                  0x032ba2dd
                                                                                                                                  0x032ba2de
                                                                                                                                  0x032ba2df
                                                                                                                                  0x032ba2e0
                                                                                                                                  0x032ba2e1
                                                                                                                                  0x032ba2e3
                                                                                                                                  0x032ba2e5
                                                                                                                                  0x032ba2f0
                                                                                                                                  0x032ba2f1
                                                                                                                                  0x032ba2f4
                                                                                                                                  0x032ba2f5
                                                                                                                                  0x032ba2f6
                                                                                                                                  0x032ba2f7
                                                                                                                                  0x032ba2fe
                                                                                                                                  0x032ba302
                                                                                                                                  0x032ba308
                                                                                                                                  0x032ba30b
                                                                                                                                  0x032ba30f
                                                                                                                                  0x032ba316
                                                                                                                                  0x032ba31d
                                                                                                                                  0x032ba322
                                                                                                                                  0x032ba3d3
                                                                                                                                  0x032ba3db
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba328
                                                                                                                                  0x032ba339
                                                                                                                                  0x032ba33f
                                                                                                                                  0x032ba350
                                                                                                                                  0x032ba358
                                                                                                                                  0x032ba3e0
                                                                                                                                  0x032ba3e8
                                                                                                                                  0x032ba3f0
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba35e
                                                                                                                                  0x032ba35e
                                                                                                                                  0x032ba364
                                                                                                                                  0x032ba365
                                                                                                                                  0x032ba366
                                                                                                                                  0x032ba36d
                                                                                                                                  0x032ba3f5
                                                                                                                                  0x032ba3fd
                                                                                                                                  0x032ba405
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba373
                                                                                                                                  0x032ba373
                                                                                                                                  0x032ba376
                                                                                                                                  0x032ba377
                                                                                                                                  0x032ba378
                                                                                                                                  0x032ba37f
                                                                                                                                  0x032ba40a
                                                                                                                                  0x032ba412
                                                                                                                                  0x032ba41a
                                                                                                                                  0x032ba41f
                                                                                                                                  0x032ba420
                                                                                                                                  0x032ba421
                                                                                                                                  0x032ba423
                                                                                                                                  0x032ba425
                                                                                                                                  0x032ba430
                                                                                                                                  0x032ba431
                                                                                                                                  0x032ba434
                                                                                                                                  0x032ba435
                                                                                                                                  0x032ba436
                                                                                                                                  0x032ba437
                                                                                                                                  0x032ba43e
                                                                                                                                  0x032ba442
                                                                                                                                  0x032ba448
                                                                                                                                  0x032ba44b
                                                                                                                                  0x032ba44d
                                                                                                                                  0x032ba452
                                                                                                                                  0x032ba455
                                                                                                                                  0x032ba458
                                                                                                                                  0x032ba45b
                                                                                                                                  0x032ba45d
                                                                                                                                  0x032ba460
                                                                                                                                  0x032ba463
                                                                                                                                  0x032ba468
                                                                                                                                  0x032ba4f5
                                                                                                                                  0x032ba4f9
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba4ff
                                                                                                                                  0x032ba504
                                                                                                                                  0x032ba505
                                                                                                                                  0x032ba50b
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba511
                                                                                                                                  0x032ba511
                                                                                                                                  0x032ba517
                                                                                                                                  0x032ba518
                                                                                                                                  0x032ba51d
                                                                                                                                  0x032ba523
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba525
                                                                                                                                  0x032ba525
                                                                                                                                  0x032ba52b
                                                                                                                                  0x032ba52c
                                                                                                                                  0x032ba52d
                                                                                                                                  0x032ba534
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba53a
                                                                                                                                  0x032ba53f
                                                                                                                                  0x032ba541
                                                                                                                                  0x032ba541
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba53f
                                                                                                                                  0x032ba534
                                                                                                                                  0x032ba523
                                                                                                                                  0x032ba50b
                                                                                                                                  0x032ba46e
                                                                                                                                  0x032ba473
                                                                                                                                  0x032ba474
                                                                                                                                  0x032ba47a
                                                                                                                                  0x032ba5b1
                                                                                                                                  0x032ba5b9
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba480
                                                                                                                                  0x032ba480
                                                                                                                                  0x032ba486
                                                                                                                                  0x032ba487
                                                                                                                                  0x032ba48c
                                                                                                                                  0x032ba492
                                                                                                                                  0x032ba558
                                                                                                                                  0x032ba558
                                                                                                                                  0x032ba55b
                                                                                                                                  0x032ba564
                                                                                                                                  0x032ba569
                                                                                                                                  0x032ba569
                                                                                                                                  0x032ba56c
                                                                                                                                  0x032ba571
                                                                                                                                  0x032ba576
                                                                                                                                  0x032ba576
                                                                                                                                  0x032ba579
                                                                                                                                  0x032ba57e
                                                                                                                                  0x032ba583
                                                                                                                                  0x032ba583
                                                                                                                                  0x032ba586
                                                                                                                                  0x032ba58b
                                                                                                                                  0x032ba590
                                                                                                                                  0x032ba590
                                                                                                                                  0x032ba598
                                                                                                                                  0x032ba5a6
                                                                                                                                  0x032ba498
                                                                                                                                  0x032ba498
                                                                                                                                  0x032ba49e
                                                                                                                                  0x032ba49f
                                                                                                                                  0x032ba4a0
                                                                                                                                  0x032ba4aa
                                                                                                                                  0x032ba5be
                                                                                                                                  0x032ba5c6
                                                                                                                                  0x032ba5ce
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba4b0
                                                                                                                                  0x032ba4b5
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba4bb
                                                                                                                                  0x032ba4bb
                                                                                                                                  0x032ba4c1
                                                                                                                                  0x032ba4c7
                                                                                                                                  0x032ba4c8
                                                                                                                                  0x032ba4c9
                                                                                                                                  0x032ba4d3
                                                                                                                                  0x032ba5d3
                                                                                                                                  0x032ba5db
                                                                                                                                  0x032ba5e3
                                                                                                                                  0x032ba5e8
                                                                                                                                  0x032ba5f0
                                                                                                                                  0x032ba5f8
                                                                                                                                  0x032ba5fd
                                                                                                                                  0x032ba605
                                                                                                                                  0x032ba60d
                                                                                                                                  0x032ba612
                                                                                                                                  0x032ba61a
                                                                                                                                  0x032ba622
                                                                                                                                  0x032ba627
                                                                                                                                  0x032ba628
                                                                                                                                  0x032ba629
                                                                                                                                  0x032ba62a
                                                                                                                                  0x032ba62b
                                                                                                                                  0x032ba62c
                                                                                                                                  0x032ba62d
                                                                                                                                  0x032ba62e
                                                                                                                                  0x032ba62f
                                                                                                                                  0x032ba630
                                                                                                                                  0x032ba633
                                                                                                                                  0x032ba635
                                                                                                                                  0x032ba640
                                                                                                                                  0x032ba644
                                                                                                                                  0x032ba645
                                                                                                                                  0x032ba646
                                                                                                                                  0x032ba647
                                                                                                                                  0x032ba64e
                                                                                                                                  0x032ba652
                                                                                                                                  0x032ba658
                                                                                                                                  0x032ba65b
                                                                                                                                  0x032ba65d
                                                                                                                                  0x032ba662
                                                                                                                                  0x032ba665
                                                                                                                                  0x032ba668
                                                                                                                                  0x032ba66b
                                                                                                                                  0x032ba66d
                                                                                                                                  0x032ba670
                                                                                                                                  0x032ba673
                                                                                                                                  0x032ba678
                                                                                                                                  0x032ba705
                                                                                                                                  0x032ba709
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba70f
                                                                                                                                  0x032ba714
                                                                                                                                  0x032ba715
                                                                                                                                  0x032ba71b
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba721
                                                                                                                                  0x032ba721
                                                                                                                                  0x032ba727
                                                                                                                                  0x032ba728
                                                                                                                                  0x032ba72b
                                                                                                                                  0x032ba730
                                                                                                                                  0x032ba736
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba738
                                                                                                                                  0x032ba738
                                                                                                                                  0x032ba73e
                                                                                                                                  0x032ba73f
                                                                                                                                  0x032ba740
                                                                                                                                  0x032ba747
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba74d
                                                                                                                                  0x032ba752
                                                                                                                                  0x032ba754
                                                                                                                                  0x032ba754
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba752
                                                                                                                                  0x032ba747
                                                                                                                                  0x032ba736
                                                                                                                                  0x032ba71b
                                                                                                                                  0x032ba67e
                                                                                                                                  0x032ba683
                                                                                                                                  0x032ba684
                                                                                                                                  0x032ba68a
                                                                                                                                  0x032ba7c4
                                                                                                                                  0x032ba7cc
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba690
                                                                                                                                  0x032ba690
                                                                                                                                  0x032ba696
                                                                                                                                  0x032ba697
                                                                                                                                  0x032ba69c
                                                                                                                                  0x032ba6a2
                                                                                                                                  0x032ba76b
                                                                                                                                  0x032ba76b
                                                                                                                                  0x032ba76e
                                                                                                                                  0x032ba777
                                                                                                                                  0x032ba77c
                                                                                                                                  0x032ba77c
                                                                                                                                  0x032ba77f
                                                                                                                                  0x032ba784
                                                                                                                                  0x032ba789
                                                                                                                                  0x032ba789
                                                                                                                                  0x032ba78c
                                                                                                                                  0x032ba791
                                                                                                                                  0x032ba796
                                                                                                                                  0x032ba796
                                                                                                                                  0x032ba799
                                                                                                                                  0x032ba79e
                                                                                                                                  0x032ba7a3
                                                                                                                                  0x032ba7a3
                                                                                                                                  0x032ba7ab
                                                                                                                                  0x032ba7b9
                                                                                                                                  0x032ba6a8
                                                                                                                                  0x032ba6a8
                                                                                                                                  0x032ba6ae
                                                                                                                                  0x032ba6af
                                                                                                                                  0x032ba6b0
                                                                                                                                  0x032ba6ba
                                                                                                                                  0x032ba7d1
                                                                                                                                  0x032ba7d9
                                                                                                                                  0x032ba7e1
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba6c0
                                                                                                                                  0x032ba6c5
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba6cb
                                                                                                                                  0x032ba6cb
                                                                                                                                  0x032ba6d1
                                                                                                                                  0x032ba6d7
                                                                                                                                  0x032ba6d8
                                                                                                                                  0x032ba6d9
                                                                                                                                  0x032ba6e3
                                                                                                                                  0x032ba7e6
                                                                                                                                  0x032ba7ee
                                                                                                                                  0x032ba7f6
                                                                                                                                  0x032ba7fb
                                                                                                                                  0x032ba803
                                                                                                                                  0x032ba80b
                                                                                                                                  0x032ba810
                                                                                                                                  0x032ba818
                                                                                                                                  0x032ba820
                                                                                                                                  0x032ba825
                                                                                                                                  0x032ba82d
                                                                                                                                  0x032ba835
                                                                                                                                  0x032ba83a
                                                                                                                                  0x032ba83b
                                                                                                                                  0x032ba83c
                                                                                                                                  0x032ba83d
                                                                                                                                  0x032ba83e
                                                                                                                                  0x032ba83f
                                                                                                                                  0x032ba843
                                                                                                                                  0x032ba853
                                                                                                                                  0x032ba84b
                                                                                                                                  0x032ba84d
                                                                                                                                  0x032ba84d
                                                                                                                                  0x032ba6e9
                                                                                                                                  0x032ba6f0
                                                                                                                                  0x032ba6f2
                                                                                                                                  0x032ba6fd
                                                                                                                                  0x032ba6fd
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba6f0
                                                                                                                                  0x032ba6e3
                                                                                                                                  0x032ba6c5
                                                                                                                                  0x032ba6ba
                                                                                                                                  0x032ba6a2
                                                                                                                                  0x032ba68a
                                                                                                                                  0x032ba4d9
                                                                                                                                  0x032ba4e0
                                                                                                                                  0x032ba4e2
                                                                                                                                  0x032ba4ed
                                                                                                                                  0x032ba4ed
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba4e0
                                                                                                                                  0x032ba4d3
                                                                                                                                  0x032ba4b5
                                                                                                                                  0x032ba4aa
                                                                                                                                  0x032ba492
                                                                                                                                  0x032ba47a
                                                                                                                                  0x032ba385
                                                                                                                                  0x032ba396
                                                                                                                                  0x032ba399
                                                                                                                                  0x032ba3a2
                                                                                                                                  0x032ba3a7
                                                                                                                                  0x032ba3a7
                                                                                                                                  0x032ba3aa
                                                                                                                                  0x032ba3af
                                                                                                                                  0x032ba3b4
                                                                                                                                  0x032ba3b4
                                                                                                                                  0x032ba3bc
                                                                                                                                  0x032ba3ca
                                                                                                                                  0x032ba3ca
                                                                                                                                  0x032ba37f
                                                                                                                                  0x032ba36d
                                                                                                                                  0x032ba358
                                                                                                                                  0x032ba02e
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba02e
                                                                                                                                  0x032ba028
                                                                                                                                  0x032ba014
                                                                                                                                  0x032b9f8b
                                                                                                                                  0x032b9f54
                                                                                                                                  0x032b9f35
                                                                                                                                  0x032b9f29
                                                                                                                                  0x032b9f20
                                                                                                                                  0x032b9f05
                                                                                                                                  0x032b9ad9
                                                                                                                                  0x032b9ad9
                                                                                                                                  0x032b9ade
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9ae4
                                                                                                                                  0x032b9ae5
                                                                                                                                  0x032b9aec
                                                                                                                                  0x032b9aef
                                                                                                                                  0x032b9af7
                                                                                                                                  0x032b9d4e
                                                                                                                                  0x032b9d56
                                                                                                                                  0x032b9d5e
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9afd
                                                                                                                                  0x032b9afe
                                                                                                                                  0x032b9b04
                                                                                                                                  0x032b9b07
                                                                                                                                  0x032b9b0a
                                                                                                                                  0x032b9b12
                                                                                                                                  0x032b9d63
                                                                                                                                  0x032b9d6b
                                                                                                                                  0x032b9d73
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9b18
                                                                                                                                  0x032b9b18
                                                                                                                                  0x032b9b1b
                                                                                                                                  0x032b9b1d
                                                                                                                                  0x032b9b1e
                                                                                                                                  0x032b9b1f
                                                                                                                                  0x032b9b22
                                                                                                                                  0x032b9b29
                                                                                                                                  0x032b9d78
                                                                                                                                  0x032b9d78
                                                                                                                                  0x032b9d84
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9b2f
                                                                                                                                  0x032b9b32
                                                                                                                                  0x032b9cd6
                                                                                                                                  0x032b9cd9
                                                                                                                                  0x032b9cdf
                                                                                                                                  0x032b9ce6
                                                                                                                                  0x032b9ce9
                                                                                                                                  0x032b9cec
                                                                                                                                  0x032b9cee
                                                                                                                                  0x032b9cf3
                                                                                                                                  0x032b9cf8
                                                                                                                                  0x032b9cf8
                                                                                                                                  0x032b9cfb
                                                                                                                                  0x032b9d00
                                                                                                                                  0x032b9d05
                                                                                                                                  0x032b9d05
                                                                                                                                  0x032b9d08
                                                                                                                                  0x032b9d0d
                                                                                                                                  0x032b9d12
                                                                                                                                  0x032b9d12
                                                                                                                                  0x032b9d15
                                                                                                                                  0x032b9d1a
                                                                                                                                  0x032b9d1f
                                                                                                                                  0x032b9d1f
                                                                                                                                  0x032b9d28
                                                                                                                                  0x032b9d36
                                                                                                                                  0x032b9b38
                                                                                                                                  0x032b9b3b
                                                                                                                                  0x032b9c28
                                                                                                                                  0x032b9c2d
                                                                                                                                  0x032b9c2e
                                                                                                                                  0x032b9c2f
                                                                                                                                  0x032b9c36
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9c3c
                                                                                                                                  0x032b9c3c
                                                                                                                                  0x032b9c4e
                                                                                                                                  0x032b9c56
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9c5c
                                                                                                                                  0x032b9c5c
                                                                                                                                  0x032b9c5f
                                                                                                                                  0x032b9c62
                                                                                                                                  0x032b9c63
                                                                                                                                  0x032b9c6a
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9c70
                                                                                                                                  0x032b9c70
                                                                                                                                  0x032b9c73
                                                                                                                                  0x032b9c75
                                                                                                                                  0x032b9c76
                                                                                                                                  0x032b9c7d
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9c83
                                                                                                                                  0x032b9c83
                                                                                                                                  0x032b9c86
                                                                                                                                  0x032b9c88
                                                                                                                                  0x032b9c89
                                                                                                                                  0x032b9c90
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9c96
                                                                                                                                  0x032b9c96
                                                                                                                                  0x032b9c99
                                                                                                                                  0x032b9c9a
                                                                                                                                  0x032b9c9b
                                                                                                                                  0x032b9ca2
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9ca8
                                                                                                                                  0x032b9ca8
                                                                                                                                  0x032b9cab
                                                                                                                                  0x032b9cae
                                                                                                                                  0x032b9caf
                                                                                                                                  0x032b9cb6
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9cbc
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9cbc
                                                                                                                                  0x032b9cb6
                                                                                                                                  0x032b9ca2
                                                                                                                                  0x032b9c90
                                                                                                                                  0x032b9c7d
                                                                                                                                  0x032b9c6a
                                                                                                                                  0x032b9c56
                                                                                                                                  0x032b9b41
                                                                                                                                  0x032b9b41
                                                                                                                                  0x032b9b52
                                                                                                                                  0x032b9b5a
                                                                                                                                  0x032b9d89
                                                                                                                                  0x032b9d91
                                                                                                                                  0x032b9d99
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9b60
                                                                                                                                  0x032b9b60
                                                                                                                                  0x032b9b68
                                                                                                                                  0x032b9b6e
                                                                                                                                  0x032b9b75
                                                                                                                                  0x032b9b78
                                                                                                                                  0x032b9b7f
                                                                                                                                  0x032b9b82
                                                                                                                                  0x032b9b8b
                                                                                                                                  0x032b9b8e
                                                                                                                                  0x032b9b97
                                                                                                                                  0x032b9bbc
                                                                                                                                  0x032b9b99
                                                                                                                                  0x032b9b99
                                                                                                                                  0x032b9ba0
                                                                                                                                  0x032b9ba3
                                                                                                                                  0x032b9bae
                                                                                                                                  0x032b9bb0
                                                                                                                                  0x032b9bb7
                                                                                                                                  0x032b9bb7
                                                                                                                                  0x032b9bc2
                                                                                                                                  0x032b9bca
                                                                                                                                  0x032b9bd7
                                                                                                                                  0x032b9bd9
                                                                                                                                  0x032b9bde
                                                                                                                                  0x032b9be3
                                                                                                                                  0x032b9be9
                                                                                                                                  0x032b9bf4
                                                                                                                                  0x032b9bfa
                                                                                                                                  0x032b9c00
                                                                                                                                  0x032b9c01
                                                                                                                                  0x032b9c02
                                                                                                                                  0x032b9c09
                                                                                                                                  0x032b9d9e
                                                                                                                                  0x032b9da6
                                                                                                                                  0x032b9dae
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9c0f
                                                                                                                                  0x032b9c0f
                                                                                                                                  0x032b9c12
                                                                                                                                  0x032b9c15
                                                                                                                                  0x032b9c16
                                                                                                                                  0x032b9c1d
                                                                                                                                  0x032b9db3
                                                                                                                                  0x032b9dbb
                                                                                                                                  0x032b9dc3
                                                                                                                                  0x032b9dc8
                                                                                                                                  0x032b9dd0
                                                                                                                                  0x032b9dd8
                                                                                                                                  0x032b9ddd
                                                                                                                                  0x032b9de5
                                                                                                                                  0x032b9ded
                                                                                                                                  0x032b9df2
                                                                                                                                  0x032b9dfa
                                                                                                                                  0x032b9e02
                                                                                                                                  0x032b9e07
                                                                                                                                  0x032b9e0f
                                                                                                                                  0x032b9e17
                                                                                                                                  0x032b9e1c
                                                                                                                                  0x032b9e24
                                                                                                                                  0x032b9e2c
                                                                                                                                  0x032b9e31
                                                                                                                                  0x032b9e39
                                                                                                                                  0x032b9e41
                                                                                                                                  0x032b9e46
                                                                                                                                  0x032b9e4e
                                                                                                                                  0x032b9e56
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9c23
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9c23
                                                                                                                                  0x032b9c1d
                                                                                                                                  0x032b9c09
                                                                                                                                  0x032b9b5a
                                                                                                                                  0x032b9b3b
                                                                                                                                  0x032b9b32
                                                                                                                                  0x032b9b29
                                                                                                                                  0x032b9b12
                                                                                                                                  0x032b9af7
                                                                                                                                  0x032b9ade
                                                                                                                                  0x032b9ad3

                                                                                                                                  APIs
                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 032B9AE5
                                                                                                                                  • SysStringLen.OLEAUT32(00000000), ref: 032B9AEF
                                                                                                                                  • SysAllocString.OLEAUT32(032B2853), ref: 032B9AFE
                                                                                                                                  • SysStringLen.OLEAUT32(00000000), ref: 032B9B0A
                                                                                                                                  • CoCreateInstance.OLE32(032DCFC8,00000000,00000001,032DCFD8,?,00000000,00000000,?), ref: 032B9B52
                                                                                                                                  • SysAllocString.OLEAUT32(LocalSubnet), ref: 032B9BAE
                                                                                                                                  • SysAllocString.OLEAUT32(All), ref: 032B9BD5
                                                                                                                                  • CoCreateInstance.OLE32(032DCFE8,00000000,00000001,032DCFF8,000000FF), ref: 032B9C4E
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 032B9CE6
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 032B9CE9
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 032B9CEC
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9D49
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9D5E
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9D73
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9D84
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9D99
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9DAE
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9DC3
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9DD8
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9DED
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9E02
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9E17
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9E2C
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9E41
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9E56
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032B9E6B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw$String$Alloc$Free$CreateInstance
                                                                                                                                  • String ID: All$LocalSubnet
                                                                                                                                  • API String ID: 270342899-1663973335
                                                                                                                                  • Opcode ID: 35f0a5d8a38caed4e542bbfe5f57fbf847916bb030226f3d30bc7b53091d1e9b
                                                                                                                                  • Instruction ID: c26e2889411d09040a82c4ed6301e9fb7396c3c956d241f7638a068a3fb65658
                                                                                                                                  • Opcode Fuzzy Hash: 35f0a5d8a38caed4e542bbfe5f57fbf847916bb030226f3d30bc7b53091d1e9b
                                                                                                                                  • Instruction Fuzzy Hash: 80C149B0A10309EFCB10DFA5C988EEEBBF9BF08744F504519E615EB250CB759889CB20
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B8360 Relevance: 49.2, APIs: 24, Strings: 4, Instructions: 213threadsynchronizationmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032B8360(void* __eflags, void* _a4, long* _a8) {
				void* _v8;
				void* _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				signed int _v28;
				void* _v32;
				signed int _v36;
				void* _v40;
				void _v44;
				void* __edi;
				long _t54;
				void* _t55;
				void* _t75;
				void* _t87;
				long* _t101;
				void* _t102;
				long _t106;
				long _t107;
				void* _t110;

				_t101 = _a8;
				_t2 =  &(_t101[0x84]); // 0x32efa68
				_t108 = _t2;
				_t107 = 0;
				if(E032B7620(_t2, "\\mdm.exe") != 0 || E032B7620(_t108, "\\services.exe") != 0) {
					L24:
					return _t107;
				} else {
					_t54 = GetCurrentProcessId();
					_t106 =  *_t101;
					_t102 = 0;
					_v20 = 0 | _t106 != _t54;
					if(_t106 == _t54) {
						_t55 = _a4;
						L6:
						_v16 = _t55;
						if(_t55 != 0) {
							_v44 = _t55;
							_v36 = 0x400;
							_v40 = GlobalAlloc(0x40, 0x400);
							_v28 = 0x400;
							_v32 = GlobalAlloc(0x40, 0x400);
							_v24 = 2;
							E032BEF40(_t107, _v40, 0, _v36 & 0x0000ffff);
							E032BEF40(_t107, _v32, 0, _v28 & 0x0000ffff);
							_t110 = CreateThread(0, 0, E032B8940,  &_v44, 0, 0);
							if(WaitForSingleObject(_t110, 0xc8) == 0x102) {
								TerminateThread(_t110, 0);
							}
							CloseHandle(_t110);
							if(lstrcmpiA(_v32, "File") == 0 || lstrcmpiA(_v32, "Directory") == 0) {
								E032BEF40(_t107, _v40, 0, _v36 & 0x0000ffff);
								E032BEF40(_t107, _v32, 0, _v28 & 0x0000ffff);
								_t75 = CreateThread(0, 0, E032B88E0,  &_v44, 0, 0);
								_v12 = _t75;
								if(WaitForSingleObject(_t75, 0xc8) == 0x102) {
									TerminateThread(_v12, 0);
								}
								CloseHandle(_v12);
								if( *_v32 != 0) {
									_v24 = 1;
									E032BEF40(_t107, _v40, 0, _v36 & 0x0000ffff);
									E032BEF40(_t107, _v32, 0, _v28 & 0x0000ffff);
									_t87 = CreateThread(0, 0, E032B8940,  &_v44, 0, 0);
									_v12 = _t87;
									if(WaitForSingleObject(_t87, 0xc8) == 0x102) {
										TerminateThread(_v12, 0);
									}
									CloseHandle(_v12);
									if( *_v32 != 0) {
										E032BEF40(_t107,  &(_a8[1]), 0, 0x104);
										E032B81C0(_v32,  &(_a8[1]));
										_t107 =  !=  ? 1 : _t107;
									}
								}
							}
							if(_v20 != 0) {
								CloseHandle(_v16);
							}
							GlobalFree(_v40);
							GlobalFree(_v32);
						}
						L21:
						if(_v20 != 0 && _t102 != 0) {
							CloseHandle(_t102);
						}
						goto L24;
					}
					_t102 = OpenProcess(0x40, 1, _t106);
					if(_t102 == 0) {
						goto L21;
					} else {
						_v8 = 0;
						DuplicateHandle(_t102, _a4, GetCurrentProcess(),  &_v8, 0, 0, 2);
						_t55 = _v8;
						goto L6;
					}
				}
			}























                                                                                                                                  0x032b8367
                                                                                                                                  0x032b8371
                                                                                                                                  0x032b8371
                                                                                                                                  0x032b8377
                                                                                                                                  0x032b8384
                                                                                                                                  0x032b85e7
                                                                                                                                  0x032b85ef
                                                                                                                                  0x032b83a0
                                                                                                                                  0x032b83a0
                                                                                                                                  0x032b83a6
                                                                                                                                  0x032b83af
                                                                                                                                  0x032b83b1
                                                                                                                                  0x032b83b6
                                                                                                                                  0x032b83ee
                                                                                                                                  0x032b83f1
                                                                                                                                  0x032b83f1
                                                                                                                                  0x032b83f6
                                                                                                                                  0x032b8402
                                                                                                                                  0x032b840d
                                                                                                                                  0x032b8413
                                                                                                                                  0x032b841e
                                                                                                                                  0x032b8424
                                                                                                                                  0x032b8431
                                                                                                                                  0x032b8438
                                                                                                                                  0x032b8447
                                                                                                                                  0x032b8466
                                                                                                                                  0x032b8479
                                                                                                                                  0x032b847e
                                                                                                                                  0x032b847e
                                                                                                                                  0x032b848b
                                                                                                                                  0x032b849d
                                                                                                                                  0x032b84bf
                                                                                                                                  0x032b84ce
                                                                                                                                  0x032b84e7
                                                                                                                                  0x032b84f3
                                                                                                                                  0x032b8501
                                                                                                                                  0x032b8508
                                                                                                                                  0x032b8508
                                                                                                                                  0x032b8511
                                                                                                                                  0x032b8519
                                                                                                                                  0x032b8529
                                                                                                                                  0x032b8530
                                                                                                                                  0x032b853f
                                                                                                                                  0x032b8558
                                                                                                                                  0x032b8564
                                                                                                                                  0x032b8572
                                                                                                                                  0x032b8579
                                                                                                                                  0x032b8579
                                                                                                                                  0x032b8582
                                                                                                                                  0x032b858a
                                                                                                                                  0x032b859a
                                                                                                                                  0x032b85a3
                                                                                                                                  0x032b85b8
                                                                                                                                  0x032b85b8
                                                                                                                                  0x032b858a
                                                                                                                                  0x032b8519
                                                                                                                                  0x032b85bf
                                                                                                                                  0x032b85c4
                                                                                                                                  0x032b85c4
                                                                                                                                  0x032b85cf
                                                                                                                                  0x032b85d4
                                                                                                                                  0x032b85d4
                                                                                                                                  0x032b85d6
                                                                                                                                  0x032b85da
                                                                                                                                  0x032b85e1
                                                                                                                                  0x032b85e1
                                                                                                                                  0x00000000
                                                                                                                                  0x032b85da
                                                                                                                                  0x032b83c3
                                                                                                                                  0x032b83c7
                                                                                                                                  0x00000000
                                                                                                                                  0x032b83cd
                                                                                                                                  0x032b83d4
                                                                                                                                  0x032b83e3
                                                                                                                                  0x032b83e9
                                                                                                                                  0x00000000
                                                                                                                                  0x032b83e9
                                                                                                                                  0x032b83c7

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032B7620: lstrlenA.KERNEL32(00000000,00000000,76D81D30,?,032B1475,00000000,.ico), ref: 032B7636
                                                                                                                                    • Part of subcall function 032B7620: lstrlenA.KERNEL32(032B1475,?,032B1475,00000000,.ico), ref: 032B7641
                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,0000000A,00000000,?,?,?,?,032B7B41,?,?,032EF858,00000000,?), ref: 032B83A0
                                                                                                                                  • OpenProcess.KERNEL32(00000040,00000001,?,?,?,0000000A,00000000,?,?,?,?,032B7B41,?,?,032EF858,00000000), ref: 032B83BD
                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,?,?,0000000A,00000000,?,?,?,?,032B7B41,?,?), ref: 032B83D8
                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,00000000,00000000,?,?,?,0000000A,00000000,?,?,?,?,032B7B41,?,?,032EF858), ref: 032B83E3
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000400,?,?,0000000A,00000000,?,?,?,?,032B7B41,?,?,032EF858,00000000,?), ref: 032B8411
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000400,?,?,0000000A,00000000,?,?,?,?,032B7B41,?,?,032EF858,00000000,?), ref: 032B8422
                                                                                                                                  • CreateThread.KERNEL32 ref: 032B8460
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000C8,?,?,?,?,?,?,?,?,0000000A,00000000), ref: 032B846E
                                                                                                                                  • TerminateThread.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,0000000A,00000000), ref: 032B847E
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,0000000A,00000000,?,?,?,?,032B7B41), ref: 032B848B
                                                                                                                                  • lstrcmpiA.KERNEL32(?,File,?,?,?,?,?,?,?,?,0000000A,00000000), ref: 032B8495
                                                                                                                                  • lstrcmpiA.KERNEL32(?,Directory,?,?,?,?,?,?,?,?,0000000A,00000000), ref: 032B84A7
                                                                                                                                  • CreateThread.KERNEL32 ref: 032B84E7
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000C8), ref: 032B84F6
                                                                                                                                  • TerminateThread.KERNEL32(00000000,00000000), ref: 032B8508
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 032B8511
                                                                                                                                  • CreateThread.KERNEL32 ref: 032B8558
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000C8), ref: 032B8567
                                                                                                                                  • TerminateThread.KERNEL32(00000000,00000000), ref: 032B8579
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B8582
                                                                                                                                  • CloseHandle.KERNEL32(032EF858,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 032B85C4
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B85CF
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B85D4
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,0000000A,00000000,?,?,?,?,032B7B41,?), ref: 032B85E1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HandleThread$Close$Global$CreateObjectProcessSingleTerminateWait$AllocCurrentFreelstrcmpilstrlen$DuplicateOpen
                                                                                                                                  • String ID: Directory$File$\mdm.exe$\services.exe
                                                                                                                                  • API String ID: 298059304-355188192
                                                                                                                                  • Opcode ID: 26414d4e5b8494825bf892fe808d9cd7b0bbdedd446abbb72e091149ff63351c
                                                                                                                                  • Instruction ID: 0e3f946672687ddba63dba0d5a8fa136d25c3f6ec3572ac2a723d99ac1727432
                                                                                                                                  • Opcode Fuzzy Hash: 26414d4e5b8494825bf892fe808d9cd7b0bbdedd446abbb72e091149ff63351c
                                                                                                                                  • Instruction Fuzzy Hash: 9B717071E51225BBEF10AFA0EC49FEE7BB9AF04741F184061FA04B61C0D7B49991CBA5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B60D0 Relevance: 47.5, APIs: 23, Strings: 4, Instructions: 244memoryprocesswindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 69%
                                                                                                                                  			E032B60D0(void* __ebx, void* __edi, void* __esi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				signed int _v8;
				char _v1032;
				char _v2056;
				char _v3080;
				void* _v3084;
				void* _v3088;
				struct HWND__* _v3092;
				struct _PROCESS_INFORMATION _v3108;
				struct _STARTUPINFOW _v3176;
				void* __ebp;
				signed int _t39;
				int _t41;
				intOrPtr _t80;
				int _t92;
				short* _t94;
				void* _t95;
				int _t109;
				void* _t111;
				int _t114;
				int _t116;
				signed int _t121;

				_t39 =  *0x32ed474; // 0x444d31ba
				_v8 = _t39 ^ _t121;
				_v3092 = _a4;
				_t92 = _a8;
				_t109 = _a12;
				if(_t92 != 0x408 || _t109 != 1) {
					L16:
					_t41 = CallWindowProcA( *0x32eff04, _v3092, _t92, _t109, _a16);
					if(_t41 == 0 && _t92 == 0x408) {
						 *0x32eff08 = 1;
						PostMessageA( *0x32eff00, 0x10, _t41, _t41);
					}
					return E032BD98D(_v8 ^ _t121);
				} else {
					if( *0x32eff34 == 0) {
						_t114 = MultiByteToWideChar(0xfde9, 0,  *0x32eff64, 0xffffffff, 0, 0);
						_v3088 = GlobalAlloc(0x40, _t114 + _t114);
						_v3084 = GlobalAlloc(0x40, 4 + _t114 * 2);
						MultiByteToWideChar(0xfde9, 0,  *0x32eff64, 0xffffffff, _v3088, _t114);
						_t111 = _v3084;
						E032B6860(_t114 + _t114, _t111, 4 + _t114 * 2, L"\"%ls\"", _v3088);
						_t116 = MultiByteToWideChar(0xfde9, 0,  *0x32eff6c, 0xffffffff, 0, 0);
						_t94 = GlobalAlloc(0x40, _t116 + _t116);
						_v3084 = _t94;
						MultiByteToWideChar(0xfde9, 0,  *0x32eff6c, 0xffffffff, _t94, _t116);
						_t95 = _v3088;
						if(E032B5A00(_t95, _t111, _t116, _t95, _t111, _t94) != 0) {
							_push("success");
						} else {
							_v3176.cb = 0x44;
							asm("xorps xmm0, xmm0");
							asm("movlpd [ebp-0xc60], xmm0");
							asm("movlpd [ebp-0xc58], xmm0");
							asm("movlpd [ebp-0xc50], xmm0");
							asm("movlpd [ebp-0xc48], xmm0");
							asm("movlpd [ebp-0xc40], xmm0");
							asm("movlpd [ebp-0xc38], xmm0");
							asm("movlpd [ebp-0xc30], xmm0");
							asm("movlpd [ebp-0xc28], xmm0");
							asm("movups [ebp-0xc20], xmm0");
							if(CreateProcessW(_t95, _t111, 0, 0, 0, 0, 0, _v3084,  &_v3176,  &_v3108) == 0) {
								_push(0x32dc484);
							} else {
								CloseHandle(_v3108.hThread);
								CloseHandle(_v3108);
								_push("success");
							}
						}
						E032B6810();
						GlobalFree(_t95);
						GlobalFree(_t111);
						GlobalFree(_v3084);
						_t92 = _a8;
						_t109 = _a12;
						goto L16;
					} else {
						GetWindowTextA( *0x32eff2c,  &_v1032, 0x400);
						GetWindowTextA( *0x32eff24,  &_v3080, 0x400);
						GetWindowTextA( *0x32eff28,  &_v2056, 0x400);
						SetWindowTextA( *0x32eff2c, 0x32dc4cc);
						E032B59E0( *0x32eff38,  &_v3080,  &_v2056,  &_v1032);
						if(E032B5800( *0x32eff38,  *0x32eff64,  *0x32eff6c) != 0) {
							E032B6810("success");
							goto L16;
						} else {
							ShowWindow( *0x32eff30, 5);
							_t80 =  *((intOrPtr*)( *0x32eff38 + 0x1c));
							if(_t80 != 0x52e) {
								if(_t80 != 0x775) {
									SetWindowTextA( *0x32eff30,  *0x32eff60);
									return E032BD98D(_v8 ^ _t121);
								} else {
									SetWindowTextA( *0x32eff30,  *0x32eff5c);
									return E032BD98D(_v8 ^ _t121);
								}
							} else {
								SetWindowTextA( *0x32eff30,  *0x32eff58);
								return E032BD98D(_v8 ^ _t121);
							}
						}
					}
				}
			}
























                                                                                                                                  0x032b60d9
                                                                                                                                  0x032b60e0
                                                                                                                                  0x032b60e8
                                                                                                                                  0x032b60ee
                                                                                                                                  0x032b60f2
                                                                                                                                  0x032b60fb
                                                                                                                                  0x032b63e6
                                                                                                                                  0x032b63f7
                                                                                                                                  0x032b6401
                                                                                                                                  0x032b6415
                                                                                                                                  0x032b641f
                                                                                                                                  0x032b641f
                                                                                                                                  0x032b6437
                                                                                                                                  0x032b610a
                                                                                                                                  0x032b6111
                                                                                                                                  0x032b6269
                                                                                                                                  0x032b627a
                                                                                                                                  0x032b629a
                                                                                                                                  0x032b62a7
                                                                                                                                  0x032b62b5
                                                                                                                                  0x032b62bc
                                                                                                                                  0x032b62d9
                                                                                                                                  0x032b62e4
                                                                                                                                  0x032b62ef
                                                                                                                                  0x032b62fc
                                                                                                                                  0x032b6303
                                                                                                                                  0x032b6315
                                                                                                                                  0x032b63bf
                                                                                                                                  0x032b631b
                                                                                                                                  0x032b6321
                                                                                                                                  0x032b6332
                                                                                                                                  0x032b633c
                                                                                                                                  0x032b6350
                                                                                                                                  0x032b6358
                                                                                                                                  0x032b6360
                                                                                                                                  0x032b6368
                                                                                                                                  0x032b6370
                                                                                                                                  0x032b6378
                                                                                                                                  0x032b6380
                                                                                                                                  0x032b6388
                                                                                                                                  0x032b6397
                                                                                                                                  0x032b63bc
                                                                                                                                  0x032b6399
                                                                                                                                  0x032b63a5
                                                                                                                                  0x032b63ad
                                                                                                                                  0x032b63b4
                                                                                                                                  0x032b63b4
                                                                                                                                  0x032b6397
                                                                                                                                  0x032b63c4
                                                                                                                                  0x032b63d3
                                                                                                                                  0x032b63d6
                                                                                                                                  0x032b63de
                                                                                                                                  0x032b63e0
                                                                                                                                  0x032b63e3
                                                                                                                                  0x00000000
                                                                                                                                  0x032b6117
                                                                                                                                  0x032b612f
                                                                                                                                  0x032b6143
                                                                                                                                  0x032b6157
                                                                                                                                  0x032b616a
                                                                                                                                  0x032b6187
                                                                                                                                  0x032b61a5
                                                                                                                                  0x032b623d
                                                                                                                                  0x00000000
                                                                                                                                  0x032b61ab
                                                                                                                                  0x032b61b3
                                                                                                                                  0x032b61be
                                                                                                                                  0x032b61c6
                                                                                                                                  0x032b61f0
                                                                                                                                  0x032b6221
                                                                                                                                  0x032b6235
                                                                                                                                  0x032b61f2
                                                                                                                                  0x032b61fe
                                                                                                                                  0x032b6212
                                                                                                                                  0x032b6212
                                                                                                                                  0x032b61c8
                                                                                                                                  0x032b61d4
                                                                                                                                  0x032b61e8
                                                                                                                                  0x032b61e8
                                                                                                                                  0x032b61c6
                                                                                                                                  0x032b61a5
                                                                                                                                  0x032b6111

                                                                                                                                  APIs
                                                                                                                                  • GetWindowTextA.USER32 ref: 032B612F
                                                                                                                                  • GetWindowTextA.USER32 ref: 032B6143
                                                                                                                                  • GetWindowTextA.USER32 ref: 032B6157
                                                                                                                                  • SetWindowTextA.USER32(032DC4CC), ref: 032B616A
                                                                                                                                    • Part of subcall function 032B5800: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B582B
                                                                                                                                    • Part of subcall function 032B5800: GlobalAlloc.KERNEL32(00000040), ref: 032B583B
                                                                                                                                    • Part of subcall function 032B5800: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B5851
                                                                                                                                    • Part of subcall function 032B5800: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B5863
                                                                                                                                    • Part of subcall function 032B5800: GlobalAlloc.KERNEL32(00000040), ref: 032B586D
                                                                                                                                    • Part of subcall function 032B5800: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B5883
                                                                                                                                    • Part of subcall function 032B5800: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B5895
                                                                                                                                    • Part of subcall function 032B5800: GlobalAlloc.KERNEL32(00000040), ref: 032B589F
                                                                                                                                    • Part of subcall function 032B5800: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B58B5
                                                                                                                                    • Part of subcall function 032B5800: GlobalAlloc.KERNEL32(00000040), ref: 032B58D7
                                                                                                                                    • Part of subcall function 032B5800: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 032B58EE
                                                                                                                                  • ShowWindow.USER32(00000005), ref: 032B61B3
                                                                                                                                  • SetWindowTextA.USER32 ref: 032B61D4
                                                                                                                                  • SetWindowTextA.USER32 ref: 032B61FE
                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000000,00000000), ref: 032B625D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032B6271
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B6283
                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,?,00000000), ref: 032B62A7
                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000000,00000000), ref: 032B62D7
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032B62E1
                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000000,00000000), ref: 032B62FC
                                                                                                                                  • CreateProcessW.KERNEL32 ref: 032B638F
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 032B63A5
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 032B63AD
                                                                                                                                  • CallWindowProcA.USER32 ref: 032B63F7
                                                                                                                                  • PostMessageA.USER32 ref: 032B641F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide$Window$AllocGlobal$Text$CloseHandle$CallCreateMessagePostProcProcessShow
                                                                                                                                  • String ID: "%ls"$D$error$success
                                                                                                                                  • API String ID: 3418734019-167877515
                                                                                                                                  • Opcode ID: 5ea939c2ebba4a69c1a319657bc16a5d72c8d92ff9258c97467cd12002e926e0
                                                                                                                                  • Instruction ID: 32936aebae0991786fc7e1942e0498b2b4efe317ec7466a13bbdfe6a4dac31a5
                                                                                                                                  • Opcode Fuzzy Hash: 5ea939c2ebba4a69c1a319657bc16a5d72c8d92ff9258c97467cd12002e926e0
                                                                                                                                  • Instruction Fuzzy Hash: 2E91D236910228BBEB20EF54ED85FA97778FB49710F108296F609AA1C4DF715990CFA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B9E80 Relevance: 45.8, APIs: 25, Strings: 1, Instructions: 343memorycomCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 53%
                                                                                                                                  			E032B9E80(void* __ebx, char __ecx, void* __edi, char __esi, short _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v0;
				intOrPtr _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				void* _v76;
				char _v80;
				char _v84;
				signed int _v88;
				signed int _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				char _v140;
				char _v144;
				char _v148;
				char _v152;
				char _v156;
				intOrPtr _v184;
				char _v192;
				signed int _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				intOrPtr* _v232;
				intOrPtr _v252;
				char _v260;
				signed int _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr* _v308;
				intOrPtr _v332;
				char _v340;
				intOrPtr _v344;
				intOrPtr _v348;
				intOrPtr _v352;
				intOrPtr _v356;
				intOrPtr _v360;
				signed int _t256;
				signed int _t257;
				char* _t263;
				signed int _t291;
				signed int _t303;
				intOrPtr* _t306;
				signed int _t314;
				intOrPtr* _t317;
				intOrPtr* _t328;
				intOrPtr* _t338;
				intOrPtr* _t348;
				intOrPtr* _t350;
				intOrPtr* _t352;
				intOrPtr* _t354;
				intOrPtr* _t358;
				intOrPtr* _t368;
				intOrPtr* _t378;
				intOrPtr* _t380;
				intOrPtr* _t382;
				intOrPtr* _t384;
				char* _t387;
				intOrPtr* _t388;
				intOrPtr* _t390;
				intOrPtr* _t408;
				intOrPtr* _t409;
				char* _t411;
				intOrPtr* _t412;
				intOrPtr* _t414;
				intOrPtr* _t416;
				intOrPtr* _t418;
				intOrPtr* _t420;
				intOrPtr* _t422;
				char* _t424;
				intOrPtr _t428;
				intOrPtr* _t429;
				intOrPtr* _t431;
				intOrPtr* _t433;
				intOrPtr* _t435;
				intOrPtr* _t437;
				intOrPtr* _t439;
				intOrPtr* _t442;
				intOrPtr* _t444;
				intOrPtr* _t447;
				intOrPtr* _t449;
				signed int _t452;
				intOrPtr* _t459;
				intOrPtr* _t460;
				intOrPtr* _t461;
				intOrPtr* _t463;
				intOrPtr* _t464;
				intOrPtr* _t465;
				intOrPtr* _t472;
				intOrPtr* _t473;
				intOrPtr* _t474;
				signed int _t480;
				intOrPtr* _t484;
				intOrPtr* _t485;
				intOrPtr* _t486;
				intOrPtr* _t502;
				intOrPtr* _t510;
				intOrPtr* _t517;
				intOrPtr* _t518;
				intOrPtr* _t526;
				intOrPtr* _t527;
				char _t534;
				intOrPtr* _t535;
				intOrPtr* _t536;
				intOrPtr* _t540;
				signed int _t543;
				signed int _t544;
				signed int _t545;
				signed int _t551;
				signed int _t552;
				signed int _t553;
				signed int _t554;

				_t534 = __esi;
				_t543 = _t551;
				_push(0xffffffff);
				_push(E032DBBF0);
				_push( *[fs:0x0]);
				_t552 = _t551 - 0x90;
				_t256 =  *0x32ed474; // 0x444d31ba
				_t257 = _t256 ^ _t543;
				_v24 = _t257;
				_push(__esi);
				_push(_t257);
				 *[fs:0x0] =  &_v16;
				_v20 = _t552;
				_v68 = __ecx;
				_t459 = _a12;
				_t452 = 0;
				_t526 = 0;
				_v96 = 0;
				_v64 = 0;
				_v72 = 0;
				_v84 = 0;
				_v88 = 0;
				_v92 = 0;
				_v76 = 0;
				_v60 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(__ecx)) == 0) {
					_v100 = 1;
					E032C00D4( &_v100, 0x32e8f54);
					goto L36;
				} else {
					__imp__#2(_t459);
					_t534 = __ecx;
					_v84 = __ecx;
					__imp__#7(__ecx);
					if(__ecx == 0) {
						L36:
						_v104 = 0xb;
						_t263 = E032C00D4( &_v104, 0x32e8f54);
						goto L37;
					} else {
						_t459 = _v68;
						_t263 =  &_v80;
						_push(_t263);
						_push(__ecx);
						_push(_a8);
						_push(_a4);
						L93();
						if(_t263 != 0) {
							L37:
							_v108 = _t263;
							E032C00D4( &_v108, 0x32e8f54);
							goto L38;
						} else {
							if(_v80 != _t263) {
								L19:
								_v8 = 0xffffffff;
								if(_t534 == 0) {
									_t540 = __imp__#6;
								} else {
									_t540 = __imp__#6;
									 *_t540(_t534);
								}
								if(_t452 != 0) {
									 *_t540(_t452);
								}
								if(_t526 != 0) {
									 *_t540(_t526);
								}
								_t484 = _v64;
								if(_t484 != 0) {
									 *((intOrPtr*)( *_t484 + 8))(_t484);
								}
								_t485 = _v72;
								if(_t485 != 0) {
									 *((intOrPtr*)( *_t485 + 8))(_t485);
								}
								_t486 = _v60;
								if(_t486 != 0) {
									 *((intOrPtr*)( *_t486 + 8))(_t486);
								}
								_t518 = _v76;
								if(_t518 != 0) {
									 *((intOrPtr*)( *_t518 + 8))(_t518);
								}
								 *[fs:0x0] = _v16;
								return E032BD98D(_v24 ^ _t543);
							} else {
								_t408 = _v68;
								if( *((intOrPtr*)(_t408 + 4)) == 0) {
									_t409 =  *_t408;
									_push( &_v72);
									_push(_t409);
									_t459 =  *_t409;
									if( *((intOrPtr*)(_t459 + 0x48))() < 0) {
										goto L42;
									} else {
										_t411 =  &_v64;
										__imp__CoCreateInstance(0x32dd028, 0, 1, 0x32dd038, _t411);
										if(_t411 < 0) {
											goto L43;
										} else {
											_t412 = _v64;
											_push(_a4);
											_push(_t412);
											_t459 =  *_t412;
											if( *((intOrPtr*)(_t459 + 0x38))() < 0) {
												goto L44;
											} else {
												_t414 = _v64;
												_push(_a8);
												_push(_t414);
												_t459 =  *_t414;
												if( *((intOrPtr*)(_t459 + 0x30))() < 0) {
													goto L45;
												} else {
													_t416 = _v64;
													_push(0);
													_push(_t416);
													_t459 =  *_t416;
													if( *((intOrPtr*)(_t459 + 0x40))() < 0) {
														goto L46;
													} else {
														_t418 = _v64;
														_push(2);
														_push(_t418);
														_t459 =  *_t418;
														if( *((intOrPtr*)(_t459 + 0x28))() < 0) {
															goto L47;
														} else {
															_t420 = _v64;
															_push(__ecx);
															_push(_t420);
															_t459 =  *_t420;
															if( *((intOrPtr*)(_t459 + 0x20))() < 0) {
																goto L48;
															} else {
																_t422 = _v72;
																_push(_v64);
																_push(_t422);
																_t459 =  *_t422;
																if( *((intOrPtr*)(_t459 + 0x20))() < 0) {
																	goto L49;
																} else {
																	goto L19;
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									_t424 =  &_v60;
									__imp__CoCreateInstance(0x32dcfc8, 0, 1, 0x32dcfd8, _t424);
									if(_t424 < 0) {
										L38:
										_v112 = 0x1b;
										E032C00D4( &_v112, 0x32e8f54);
										goto L39;
									} else {
										E032B6860(_t459,  &_v56, 0x10, 0x32dd048, _a4);
										_t526 = __imp__#2;
										_t552 = _t552 + 0x10;
										_t428 =  *_t526( &_v56);
										_t452 = _t428;
										_v88 = _t452;
										__imp__#7(_t452);
										if(_t428 == 0) {
											L39:
											_v116 = 0xb;
											E032C00D4( &_v116, 0x32e8f54);
											goto L40;
										} else {
											_t429 = _v60;
											 *((intOrPtr*)( *_t429 + 0xa8))(_t429, 1);
											_t431 = _v60;
											 *((intOrPtr*)( *_t431 + 0x20))(_t431, __ecx);
											_t433 = _v60;
											 *((intOrPtr*)( *_t433 + 0x28))(_t433, __ecx);
											_t435 = _v60;
											 *((intOrPtr*)( *_t435 + 0x40))(_t435, _a8);
											_t437 = _v60;
											 *((intOrPtr*)( *_t437 + 0x48))(_t437, _t452);
											_t439 = _v60;
											 *((intOrPtr*)( *_t439 + 0x88))(_t439, 0xffffffff);
											_t526 =  *_t526(L"All");
											_t442 = _v60;
											_v92 = _t526;
											 *((intOrPtr*)( *_t442 + 0x80))(_t442, _t526);
											_t444 = _v60;
											 *((intOrPtr*)( *_t444 + 0x98))(_t444, 0x7fffffff);
											_push( &_v76);
											_t447 =  *((intOrPtr*)(_v68 + 4));
											_push(_t447);
											_t459 =  *_t447;
											if( *((intOrPtr*)(_t459 + 0x48))() < 0) {
												L40:
												_v120 = 0x1c;
												E032C00D4( &_v120, 0x32e8f54);
												goto L41;
											} else {
												_t449 = _v76;
												_push(_v60);
												_push(_t449);
												_t459 =  *_t449;
												if( *((intOrPtr*)(_t459 + 0x20))() < 0) {
													L41:
													_v124 = 0x1d;
													E032C00D4( &_v124, 0x32e8f54);
													L42:
													_v128 = 0x10;
													E032C00D4( &_v128, 0x32e8f54);
													L43:
													_v132 = 0x13;
													E032C00D4( &_v132, 0x32e8f54);
													L44:
													_v136 = 0x14;
													E032C00D4( &_v136, 0x32e8f54);
													L45:
													_v140 = 0x15;
													E032C00D4( &_v140, 0x32e8f54);
													L46:
													_v144 = 0x19;
													E032C00D4( &_v144, 0x32e8f54);
													L47:
													_v148 = 0x1a;
													E032C00D4( &_v148, 0x32e8f54);
													L48:
													_v152 = 0xd;
													E032C00D4( &_v152, 0x32e8f54);
													L49:
													_v156 = 0xe;
													E032C00D4( &_v156, 0x32e8f54);
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													_push(_t543);
													_t544 = _t552;
													_push(0xffffffff);
													_push(E032DBC20);
													_push( *[fs:0x0]);
													_t553 = _t552 - 0x24;
													_push(_t452);
													_push(_t534);
													_push(_t526);
													_t291 =  *0x32ed474; // 0x444d31ba
													_push(_t291 ^ _t544);
													 *[fs:0x0] =  &_v192;
													_v196 = _t553;
													_t527 = _t459;
													_v204 = 0;
													_v200 = 0;
													_v184 = 0;
													if( *_t527 != 0) {
														_v36 = 1;
														E032C00D4( &_v36, 0x32e8f54);
														goto L61;
													} else {
														__imp__CoCreateInstance(0x32dcf88, 0, 1, 0x32dcf98, _t527 + 4);
														_t387 =  &_v32;
														__imp__CoCreateInstance(0x32dcfa8, 0, 1, 0x32dcfb8, _t387);
														if(_t387 < 0) {
															L61:
															_v40 = 2;
															E032C00D4( &_v40, 0x32e8f54);
															goto L62;
														} else {
															_t388 = _v32;
															_push( &_v28);
															_push(_t388);
															_t459 =  *_t388;
															if( *((intOrPtr*)(_t459 + 0x1c))() < 0) {
																L62:
																_v44 = 3;
																E032C00D4( &_v44, 0x32e8f54);
																goto L63;
															} else {
																_t390 = _v28;
																_push(_t527);
																_push(_t390);
																_t459 =  *_t390;
																if( *((intOrPtr*)(_t459 + 0x1c))() < 0) {
																	L63:
																	_v48 = 4;
																	E032C00D4( &_v48, 0x32e8f54);
																	asm("int3");
																	_push(_t544);
																	_t545 = _t553;
																	_push(0xffffffff);
																	_push(E032DBC40);
																	_push( *[fs:0x0]);
																	_t554 = _t553 - 0x30;
																	_push(0);
																	_push(_t534);
																	_push(_t527);
																	_t303 =  *0x32ed474; // 0x444d31ba
																	_push(_t303 ^ _t545);
																	 *[fs:0x0] =  &_v260;
																	_v264 = _t554;
																	_t306 = _t459;
																	_t535 = _v232;
																	_v272 = 0;
																	_v276 = 0;
																	_v280 = 0;
																	 *_t535 = 0;
																	_t460 =  *((intOrPtr*)(_t306 + 4));
																	_v268 = 0;
																	_v252 = 0;
																	if(_t460 == 0) {
																		_t460 =  *_t306;
																		if(_t460 == 0) {
																			goto L90;
																		} else {
																			_push( &_v40);
																			_push(_t460);
																			if( *((intOrPtr*)( *_t460 + 0x50))() < 0) {
																				goto L91;
																			} else {
																				_t358 = _v40;
																				_push( &_v36);
																				_push(_v4);
																				_push(_t358);
																				if( *((intOrPtr*)( *_t358 + 0x28))() < 0) {
																					goto L78;
																				} else {
																					_t368 = _v36;
																					_push( &_a4);
																					_push(_t368);
																					_t460 =  *_t368;
																					if( *((intOrPtr*)(_t460 + 0x44))() < 0) {
																						goto L92;
																					} else {
																						if(_a4 == 0xffff) {
																							 *_t535 = 1;
																						}
																						goto L78;
																					}
																				}
																			}
																		}
																	} else {
																		_push( &_v44);
																		_push(_t460);
																		if( *((intOrPtr*)( *_t460 + 0x48))() < 0) {
																			_v48 = 0x1c;
																			E032C00D4( &_v48, 0x32e8f54);
																			goto L88;
																		} else {
																			_t378 = _v44;
																			_push( &_v32);
																			_push(_v0);
																			_push(_t378);
																			if( *((intOrPtr*)( *_t378 + 0x28))() < 0) {
																				L78:
																				_t472 = _v36;
																				_v16 = 0xffffffff;
																				if(_t472 != 0) {
																					 *((intOrPtr*)( *_t472 + 8))(_t472);
																				}
																				_t473 = _v40;
																				if(_t473 != 0) {
																					 *((intOrPtr*)( *_t473 + 8))(_t473);
																				}
																				_t474 = _v32;
																				if(_t474 != 0) {
																					 *((intOrPtr*)( *_t474 + 8))(_t474);
																				}
																				_t510 = _v44;
																				if(_t510 != 0) {
																					 *((intOrPtr*)( *_t510 + 8))(_t510);
																				}
																				 *[fs:0x0] = _v24;
																				return 0;
																			} else {
																				_t380 = _v32;
																				_push( &_a4);
																				_push(_t380);
																				_t460 =  *_t380;
																				if( *((intOrPtr*)(_t460 + 0x84))() < 0) {
																					L88:
																					_v52 = 9;
																					E032C00D4( &_v52, 0x32e8f54);
																					goto L89;
																				} else {
																					if(_a4 != 0xffff) {
																						goto L78;
																					} else {
																						_t382 = _v32;
																						 *_t535 = 1;
																						_push( &_v0);
																						_push(_t382);
																						_t460 =  *_t382;
																						if( *((intOrPtr*)(_t460 + 0x94))() < 0) {
																							L89:
																							_v56 = 9;
																							E032C00D4( &_v56, 0x32e8f54);
																							L90:
																							_v60 = 1;
																							E032C00D4( &_v60, 0x32e8f54);
																							L91:
																							_v64 = 8;
																							E032C00D4( &_v64, 0x32e8f54);
																							L92:
																							_v68 = 9;
																							E032C00D4( &_v68, 0x32e8f54);
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							_push(_t545);
																							_push(0xffffffff);
																							_push(E032DBC60);
																							_push( *[fs:0x0]);
																							_push(0);
																							_push(_t535);
																							_push(0);
																							_t314 =  *0x32ed474; // 0x444d31ba
																							_push(_t314 ^ _t554);
																							 *[fs:0x0] =  &_v340;
																							_v344 = _t554 - 0x30;
																							_t317 = _t460;
																							_t536 = _v308;
																							_v352 = 0;
																							_v356 = 0;
																							_v360 = 0;
																							 *_t536 = 0;
																							_t461 =  *((intOrPtr*)(_t317 + 4));
																							_v348 = 0;
																							_v332 = 0;
																							if(_t461 == 0) {
																								_t461 =  *_t317;
																								if(_t461 == 0) {
																									goto L119;
																								} else {
																									_push( &_v44);
																									_push(_t461);
																									if( *((intOrPtr*)( *_t461 + 0x48))() < 0) {
																										goto L120;
																									} else {
																										_t328 = _v44;
																										_push( &_v40);
																										_push(_v4);
																										_push(_v8);
																										_push(_t328);
																										if( *((intOrPtr*)( *_t328 + 0x28))() < 0) {
																											goto L107;
																										} else {
																											_t338 = _v40;
																											_push( &_a4);
																											_push(_t338);
																											_t461 =  *_t338;
																											if( *((intOrPtr*)(_t461 + 0x4c))() < 0) {
																												goto L121;
																											} else {
																												if(_a4 == 0xffff) {
																													 *_t536 = 1;
																												}
																												goto L107;
																											}
																										}
																									}
																								}
																							} else {
																								_push( &_v48);
																								_push(_t461);
																								if( *((intOrPtr*)( *_t461 + 0x48))() < 0) {
																									_v52 = 0x1c;
																									E032C00D4( &_v52, 0x32e8f54);
																									goto L117;
																								} else {
																									_t348 = _v48;
																									_push( &_v36);
																									_push(_v0);
																									_push(_t348);
																									if( *((intOrPtr*)( *_t348 + 0x28))() < 0) {
																										L107:
																										_t463 = _v40;
																										_v20 = 0xffffffff;
																										if(_t463 != 0) {
																											 *((intOrPtr*)( *_t463 + 8))(_t463);
																										}
																										_t464 = _v44;
																										if(_t464 != 0) {
																											 *((intOrPtr*)( *_t464 + 8))(_t464);
																										}
																										_t465 = _v36;
																										if(_t465 != 0) {
																											 *((intOrPtr*)( *_t465 + 8))(_t465);
																										}
																										_t502 = _v48;
																										if(_t502 != 0) {
																											 *((intOrPtr*)( *_t502 + 8))(_t502);
																										}
																										 *[fs:0x0] = _v28;
																										return 0;
																									} else {
																										_t350 = _v36;
																										_push( &_a4);
																										_push(_t350);
																										_t461 =  *_t350;
																										if( *((intOrPtr*)(_t461 + 0x84))() < 0) {
																											L117:
																											_v56 = 9;
																											E032C00D4( &_v56, 0x32e8f54);
																											goto L118;
																										} else {
																											if(_a4 != 0xffff) {
																												goto L107;
																											} else {
																												_t352 = _v36;
																												 *_t536 = 1;
																												_push( &_v0);
																												_push(_t352);
																												_t461 =  *_t352;
																												if( *((intOrPtr*)(_t461 + 0x94))() < 0) {
																													L118:
																													_v60 = 9;
																													E032C00D4( &_v60, 0x32e8f54);
																													L119:
																													_v64 = 1;
																													E032C00D4( &_v64, 0x32e8f54);
																													L120:
																													_v68 = 0x10;
																													E032C00D4( &_v68, 0x32e8f54);
																													L121:
																													_v72 = 0x11;
																													E032C00D4( &_v72, 0x32e8f54);
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													if( *_t461 != 0 ||  *((intOrPtr*)(_t461 + 4)) != 0) {
																														return 1;
																													} else {
																														return 0;
																													}
																												} else {
																													if(_v0 != 0x7fffffff) {
																														_t354 = _v36;
																														 *((intOrPtr*)( *_t354 + 0x98))(_t354, 0x7fffffff);
																													}
																													goto L107;
																												}
																											}
																										}
																									}
																								}
																							}
																						} else {
																							if(_v0 != 0x7fffffff) {
																								_t384 = _v32;
																								 *((intOrPtr*)( *_t384 + 0x98))(_t384, 0x7fffffff);
																							}
																							goto L78;
																						}
																					}
																				}
																			}
																		}
																	}
																} else {
																	_t480 = _v28;
																	_v12 = 0xffffffff;
																	if(_t480 != 0) {
																		 *((intOrPtr*)( *_t480 + 8))(_t480);
																	}
																	_t517 = _v32;
																	if(_t517 != 0) {
																		 *((intOrPtr*)( *_t517 + 8))(_t517);
																	}
																	 *[fs:0x0] = _v20;
																	return 0;
																}
															}
														}
													}
												} else {
													goto L19;
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}











































































































































                                                                                                                                  0x032b9e80
                                                                                                                                  0x032b9e81
                                                                                                                                  0x032b9e83
                                                                                                                                  0x032b9e85
                                                                                                                                  0x032b9e90
                                                                                                                                  0x032b9e91
                                                                                                                                  0x032b9e97
                                                                                                                                  0x032b9e9c
                                                                                                                                  0x032b9e9e
                                                                                                                                  0x032b9ea2
                                                                                                                                  0x032b9ea4
                                                                                                                                  0x032b9ea8
                                                                                                                                  0x032b9eae
                                                                                                                                  0x032b9eb3
                                                                                                                                  0x032b9eb6
                                                                                                                                  0x032b9eb9
                                                                                                                                  0x032b9ebb
                                                                                                                                  0x032b9ebd
                                                                                                                                  0x032b9ec4
                                                                                                                                  0x032b9ecb
                                                                                                                                  0x032b9ed2
                                                                                                                                  0x032b9ed9
                                                                                                                                  0x032b9edc
                                                                                                                                  0x032b9edf
                                                                                                                                  0x032b9ee2
                                                                                                                                  0x032b9ee5
                                                                                                                                  0x032b9eea
                                                                                                                                  0x032ba184
                                                                                                                                  0x032ba18c
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9ef0
                                                                                                                                  0x032b9ef1
                                                                                                                                  0x032b9ef7
                                                                                                                                  0x032b9efa
                                                                                                                                  0x032b9efd
                                                                                                                                  0x032b9f05
                                                                                                                                  0x032ba191
                                                                                                                                  0x032ba199
                                                                                                                                  0x032ba1a1
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9f0b
                                                                                                                                  0x032b9f0b
                                                                                                                                  0x032b9f0e
                                                                                                                                  0x032b9f11
                                                                                                                                  0x032b9f12
                                                                                                                                  0x032b9f13
                                                                                                                                  0x032b9f16
                                                                                                                                  0x032b9f19
                                                                                                                                  0x032b9f20
                                                                                                                                  0x032ba1a6
                                                                                                                                  0x032ba1a6
                                                                                                                                  0x032ba1b2
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9f26
                                                                                                                                  0x032b9f29
                                                                                                                                  0x032ba0fd
                                                                                                                                  0x032ba0fd
                                                                                                                                  0x032ba106
                                                                                                                                  0x032ba113
                                                                                                                                  0x032ba108
                                                                                                                                  0x032ba109
                                                                                                                                  0x032ba10f
                                                                                                                                  0x032ba10f
                                                                                                                                  0x032ba11b
                                                                                                                                  0x032ba11e
                                                                                                                                  0x032ba11e
                                                                                                                                  0x032ba122
                                                                                                                                  0x032ba125
                                                                                                                                  0x032ba125
                                                                                                                                  0x032ba127
                                                                                                                                  0x032ba12c
                                                                                                                                  0x032ba131
                                                                                                                                  0x032ba131
                                                                                                                                  0x032ba134
                                                                                                                                  0x032ba139
                                                                                                                                  0x032ba13e
                                                                                                                                  0x032ba13e
                                                                                                                                  0x032ba141
                                                                                                                                  0x032ba146
                                                                                                                                  0x032ba14b
                                                                                                                                  0x032ba14b
                                                                                                                                  0x032ba14e
                                                                                                                                  0x032ba153
                                                                                                                                  0x032ba158
                                                                                                                                  0x032ba158
                                                                                                                                  0x032ba161
                                                                                                                                  0x032ba179
                                                                                                                                  0x032b9f2f
                                                                                                                                  0x032b9f2f
                                                                                                                                  0x032b9f35
                                                                                                                                  0x032ba033
                                                                                                                                  0x032ba038
                                                                                                                                  0x032ba039
                                                                                                                                  0x032ba03a
                                                                                                                                  0x032ba041
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba047
                                                                                                                                  0x032ba047
                                                                                                                                  0x032ba059
                                                                                                                                  0x032ba061
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba067
                                                                                                                                  0x032ba067
                                                                                                                                  0x032ba06d
                                                                                                                                  0x032ba06e
                                                                                                                                  0x032ba06f
                                                                                                                                  0x032ba076
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba07c
                                                                                                                                  0x032ba07c
                                                                                                                                  0x032ba082
                                                                                                                                  0x032ba083
                                                                                                                                  0x032ba084
                                                                                                                                  0x032ba08b
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba091
                                                                                                                                  0x032ba091
                                                                                                                                  0x032ba094
                                                                                                                                  0x032ba096
                                                                                                                                  0x032ba097
                                                                                                                                  0x032ba09e
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba0a4
                                                                                                                                  0x032ba0a4
                                                                                                                                  0x032ba0a7
                                                                                                                                  0x032ba0a9
                                                                                                                                  0x032ba0aa
                                                                                                                                  0x032ba0b1
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba0b7
                                                                                                                                  0x032ba0b7
                                                                                                                                  0x032ba0ba
                                                                                                                                  0x032ba0bb
                                                                                                                                  0x032ba0bc
                                                                                                                                  0x032ba0c3
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba0c9
                                                                                                                                  0x032ba0c9
                                                                                                                                  0x032ba0cc
                                                                                                                                  0x032ba0cf
                                                                                                                                  0x032ba0d0
                                                                                                                                  0x032ba0d7
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba0dd
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba0dd
                                                                                                                                  0x032ba0d7
                                                                                                                                  0x032ba0c3
                                                                                                                                  0x032ba0b1
                                                                                                                                  0x032ba09e
                                                                                                                                  0x032ba08b
                                                                                                                                  0x032ba076
                                                                                                                                  0x032ba061
                                                                                                                                  0x032b9f3b
                                                                                                                                  0x032b9f3b
                                                                                                                                  0x032b9f4c
                                                                                                                                  0x032b9f54
                                                                                                                                  0x032ba1b7
                                                                                                                                  0x032ba1bf
                                                                                                                                  0x032ba1c7
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9f5a
                                                                                                                                  0x032b9f69
                                                                                                                                  0x032b9f6e
                                                                                                                                  0x032b9f77
                                                                                                                                  0x032b9f7b
                                                                                                                                  0x032b9f7d
                                                                                                                                  0x032b9f80
                                                                                                                                  0x032b9f83
                                                                                                                                  0x032b9f8b
                                                                                                                                  0x032ba1cc
                                                                                                                                  0x032ba1d4
                                                                                                                                  0x032ba1dc
                                                                                                                                  0x00000000
                                                                                                                                  0x032b9f91
                                                                                                                                  0x032b9f91
                                                                                                                                  0x032b9f99
                                                                                                                                  0x032b9f9f
                                                                                                                                  0x032b9fa6
                                                                                                                                  0x032b9fa9
                                                                                                                                  0x032b9fb0
                                                                                                                                  0x032b9fb3
                                                                                                                                  0x032b9fbd
                                                                                                                                  0x032b9fc0
                                                                                                                                  0x032b9fc7
                                                                                                                                  0x032b9fca
                                                                                                                                  0x032b9fd2
                                                                                                                                  0x032b9fdf
                                                                                                                                  0x032b9fe1
                                                                                                                                  0x032b9fe6
                                                                                                                                  0x032b9feb
                                                                                                                                  0x032b9ff1
                                                                                                                                  0x032b9ffc
                                                                                                                                  0x032ba008
                                                                                                                                  0x032ba009
                                                                                                                                  0x032ba00c
                                                                                                                                  0x032ba00d
                                                                                                                                  0x032ba014
                                                                                                                                  0x032ba1e1
                                                                                                                                  0x032ba1e9
                                                                                                                                  0x032ba1f1
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba01a
                                                                                                                                  0x032ba01a
                                                                                                                                  0x032ba01d
                                                                                                                                  0x032ba020
                                                                                                                                  0x032ba021
                                                                                                                                  0x032ba028
                                                                                                                                  0x032ba1f6
                                                                                                                                  0x032ba1fe
                                                                                                                                  0x032ba206
                                                                                                                                  0x032ba20b
                                                                                                                                  0x032ba213
                                                                                                                                  0x032ba21b
                                                                                                                                  0x032ba220
                                                                                                                                  0x032ba228
                                                                                                                                  0x032ba230
                                                                                                                                  0x032ba235
                                                                                                                                  0x032ba240
                                                                                                                                  0x032ba24b
                                                                                                                                  0x032ba250
                                                                                                                                  0x032ba25b
                                                                                                                                  0x032ba266
                                                                                                                                  0x032ba26b
                                                                                                                                  0x032ba276
                                                                                                                                  0x032ba281
                                                                                                                                  0x032ba286
                                                                                                                                  0x032ba291
                                                                                                                                  0x032ba29c
                                                                                                                                  0x032ba2a1
                                                                                                                                  0x032ba2ac
                                                                                                                                  0x032ba2b7
                                                                                                                                  0x032ba2bc
                                                                                                                                  0x032ba2c7
                                                                                                                                  0x032ba2d2
                                                                                                                                  0x032ba2d7
                                                                                                                                  0x032ba2d8
                                                                                                                                  0x032ba2d9
                                                                                                                                  0x032ba2da
                                                                                                                                  0x032ba2db
                                                                                                                                  0x032ba2dc
                                                                                                                                  0x032ba2dd
                                                                                                                                  0x032ba2de
                                                                                                                                  0x032ba2df
                                                                                                                                  0x032ba2e0
                                                                                                                                  0x032ba2e1
                                                                                                                                  0x032ba2e3
                                                                                                                                  0x032ba2e5
                                                                                                                                  0x032ba2f0
                                                                                                                                  0x032ba2f1
                                                                                                                                  0x032ba2f4
                                                                                                                                  0x032ba2f5
                                                                                                                                  0x032ba2f6
                                                                                                                                  0x032ba2f7
                                                                                                                                  0x032ba2fe
                                                                                                                                  0x032ba302
                                                                                                                                  0x032ba308
                                                                                                                                  0x032ba30b
                                                                                                                                  0x032ba30f
                                                                                                                                  0x032ba316
                                                                                                                                  0x032ba31d
                                                                                                                                  0x032ba322
                                                                                                                                  0x032ba3d3
                                                                                                                                  0x032ba3db
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba328
                                                                                                                                  0x032ba339
                                                                                                                                  0x032ba33f
                                                                                                                                  0x032ba350
                                                                                                                                  0x032ba358
                                                                                                                                  0x032ba3e0
                                                                                                                                  0x032ba3e8
                                                                                                                                  0x032ba3f0
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba35e
                                                                                                                                  0x032ba35e
                                                                                                                                  0x032ba364
                                                                                                                                  0x032ba365
                                                                                                                                  0x032ba366
                                                                                                                                  0x032ba36d
                                                                                                                                  0x032ba3f5
                                                                                                                                  0x032ba3fd
                                                                                                                                  0x032ba405
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba373
                                                                                                                                  0x032ba373
                                                                                                                                  0x032ba376
                                                                                                                                  0x032ba377
                                                                                                                                  0x032ba378
                                                                                                                                  0x032ba37f
                                                                                                                                  0x032ba40a
                                                                                                                                  0x032ba412
                                                                                                                                  0x032ba41a
                                                                                                                                  0x032ba41f
                                                                                                                                  0x032ba420
                                                                                                                                  0x032ba421
                                                                                                                                  0x032ba423
                                                                                                                                  0x032ba425
                                                                                                                                  0x032ba430
                                                                                                                                  0x032ba431
                                                                                                                                  0x032ba434
                                                                                                                                  0x032ba435
                                                                                                                                  0x032ba436
                                                                                                                                  0x032ba437
                                                                                                                                  0x032ba43e
                                                                                                                                  0x032ba442
                                                                                                                                  0x032ba448
                                                                                                                                  0x032ba44b
                                                                                                                                  0x032ba44d
                                                                                                                                  0x032ba452
                                                                                                                                  0x032ba455
                                                                                                                                  0x032ba458
                                                                                                                                  0x032ba45b
                                                                                                                                  0x032ba45d
                                                                                                                                  0x032ba460
                                                                                                                                  0x032ba463
                                                                                                                                  0x032ba468
                                                                                                                                  0x032ba4f5
                                                                                                                                  0x032ba4f9
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba4ff
                                                                                                                                  0x032ba504
                                                                                                                                  0x032ba505
                                                                                                                                  0x032ba50b
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba511
                                                                                                                                  0x032ba511
                                                                                                                                  0x032ba517
                                                                                                                                  0x032ba518
                                                                                                                                  0x032ba51d
                                                                                                                                  0x032ba523
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba525
                                                                                                                                  0x032ba525
                                                                                                                                  0x032ba52b
                                                                                                                                  0x032ba52c
                                                                                                                                  0x032ba52d
                                                                                                                                  0x032ba534
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba53a
                                                                                                                                  0x032ba53f
                                                                                                                                  0x032ba541
                                                                                                                                  0x032ba541
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba53f
                                                                                                                                  0x032ba534
                                                                                                                                  0x032ba523
                                                                                                                                  0x032ba50b
                                                                                                                                  0x032ba46e
                                                                                                                                  0x032ba473
                                                                                                                                  0x032ba474
                                                                                                                                  0x032ba47a
                                                                                                                                  0x032ba5b1
                                                                                                                                  0x032ba5b9
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba480
                                                                                                                                  0x032ba480
                                                                                                                                  0x032ba486
                                                                                                                                  0x032ba487
                                                                                                                                  0x032ba48c
                                                                                                                                  0x032ba492
                                                                                                                                  0x032ba558
                                                                                                                                  0x032ba558
                                                                                                                                  0x032ba55b
                                                                                                                                  0x032ba564
                                                                                                                                  0x032ba569
                                                                                                                                  0x032ba569
                                                                                                                                  0x032ba56c
                                                                                                                                  0x032ba571
                                                                                                                                  0x032ba576
                                                                                                                                  0x032ba576
                                                                                                                                  0x032ba579
                                                                                                                                  0x032ba57e
                                                                                                                                  0x032ba583
                                                                                                                                  0x032ba583
                                                                                                                                  0x032ba586
                                                                                                                                  0x032ba58b
                                                                                                                                  0x032ba590
                                                                                                                                  0x032ba590
                                                                                                                                  0x032ba598
                                                                                                                                  0x032ba5a6
                                                                                                                                  0x032ba498
                                                                                                                                  0x032ba498
                                                                                                                                  0x032ba49e
                                                                                                                                  0x032ba49f
                                                                                                                                  0x032ba4a0
                                                                                                                                  0x032ba4aa
                                                                                                                                  0x032ba5be
                                                                                                                                  0x032ba5c6
                                                                                                                                  0x032ba5ce
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba4b0
                                                                                                                                  0x032ba4b5
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba4bb
                                                                                                                                  0x032ba4bb
                                                                                                                                  0x032ba4c1
                                                                                                                                  0x032ba4c7
                                                                                                                                  0x032ba4c8
                                                                                                                                  0x032ba4c9
                                                                                                                                  0x032ba4d3
                                                                                                                                  0x032ba5d3
                                                                                                                                  0x032ba5db
                                                                                                                                  0x032ba5e3
                                                                                                                                  0x032ba5e8
                                                                                                                                  0x032ba5f0
                                                                                                                                  0x032ba5f8
                                                                                                                                  0x032ba5fd
                                                                                                                                  0x032ba605
                                                                                                                                  0x032ba60d
                                                                                                                                  0x032ba612
                                                                                                                                  0x032ba61a
                                                                                                                                  0x032ba622
                                                                                                                                  0x032ba627
                                                                                                                                  0x032ba628
                                                                                                                                  0x032ba629
                                                                                                                                  0x032ba62a
                                                                                                                                  0x032ba62b
                                                                                                                                  0x032ba62c
                                                                                                                                  0x032ba62d
                                                                                                                                  0x032ba62e
                                                                                                                                  0x032ba62f
                                                                                                                                  0x032ba630
                                                                                                                                  0x032ba633
                                                                                                                                  0x032ba635
                                                                                                                                  0x032ba640
                                                                                                                                  0x032ba644
                                                                                                                                  0x032ba645
                                                                                                                                  0x032ba646
                                                                                                                                  0x032ba647
                                                                                                                                  0x032ba64e
                                                                                                                                  0x032ba652
                                                                                                                                  0x032ba658
                                                                                                                                  0x032ba65b
                                                                                                                                  0x032ba65d
                                                                                                                                  0x032ba662
                                                                                                                                  0x032ba665
                                                                                                                                  0x032ba668
                                                                                                                                  0x032ba66b
                                                                                                                                  0x032ba66d
                                                                                                                                  0x032ba670
                                                                                                                                  0x032ba673
                                                                                                                                  0x032ba678
                                                                                                                                  0x032ba705
                                                                                                                                  0x032ba709
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba70f
                                                                                                                                  0x032ba714
                                                                                                                                  0x032ba715
                                                                                                                                  0x032ba71b
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba721
                                                                                                                                  0x032ba721
                                                                                                                                  0x032ba727
                                                                                                                                  0x032ba728
                                                                                                                                  0x032ba72b
                                                                                                                                  0x032ba730
                                                                                                                                  0x032ba736
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba738
                                                                                                                                  0x032ba738
                                                                                                                                  0x032ba73e
                                                                                                                                  0x032ba73f
                                                                                                                                  0x032ba740
                                                                                                                                  0x032ba747
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba74d
                                                                                                                                  0x032ba752
                                                                                                                                  0x032ba754
                                                                                                                                  0x032ba754
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba752
                                                                                                                                  0x032ba747
                                                                                                                                  0x032ba736
                                                                                                                                  0x032ba71b
                                                                                                                                  0x032ba67e
                                                                                                                                  0x032ba683
                                                                                                                                  0x032ba684
                                                                                                                                  0x032ba68a
                                                                                                                                  0x032ba7c4
                                                                                                                                  0x032ba7cc
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba690
                                                                                                                                  0x032ba690
                                                                                                                                  0x032ba696
                                                                                                                                  0x032ba697
                                                                                                                                  0x032ba69c
                                                                                                                                  0x032ba6a2
                                                                                                                                  0x032ba76b
                                                                                                                                  0x032ba76b
                                                                                                                                  0x032ba76e
                                                                                                                                  0x032ba777
                                                                                                                                  0x032ba77c
                                                                                                                                  0x032ba77c
                                                                                                                                  0x032ba77f
                                                                                                                                  0x032ba784
                                                                                                                                  0x032ba789
                                                                                                                                  0x032ba789
                                                                                                                                  0x032ba78c
                                                                                                                                  0x032ba791
                                                                                                                                  0x032ba796
                                                                                                                                  0x032ba796
                                                                                                                                  0x032ba799
                                                                                                                                  0x032ba79e
                                                                                                                                  0x032ba7a3
                                                                                                                                  0x032ba7a3
                                                                                                                                  0x032ba7ab
                                                                                                                                  0x032ba7b9
                                                                                                                                  0x032ba6a8
                                                                                                                                  0x032ba6a8
                                                                                                                                  0x032ba6ae
                                                                                                                                  0x032ba6af
                                                                                                                                  0x032ba6b0
                                                                                                                                  0x032ba6ba
                                                                                                                                  0x032ba7d1
                                                                                                                                  0x032ba7d9
                                                                                                                                  0x032ba7e1
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba6c0
                                                                                                                                  0x032ba6c5
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba6cb
                                                                                                                                  0x032ba6cb
                                                                                                                                  0x032ba6d1
                                                                                                                                  0x032ba6d7
                                                                                                                                  0x032ba6d8
                                                                                                                                  0x032ba6d9
                                                                                                                                  0x032ba6e3
                                                                                                                                  0x032ba7e6
                                                                                                                                  0x032ba7ee
                                                                                                                                  0x032ba7f6
                                                                                                                                  0x032ba7fb
                                                                                                                                  0x032ba803
                                                                                                                                  0x032ba80b
                                                                                                                                  0x032ba810
                                                                                                                                  0x032ba818
                                                                                                                                  0x032ba820
                                                                                                                                  0x032ba825
                                                                                                                                  0x032ba82d
                                                                                                                                  0x032ba835
                                                                                                                                  0x032ba83a
                                                                                                                                  0x032ba83b
                                                                                                                                  0x032ba83c
                                                                                                                                  0x032ba83d
                                                                                                                                  0x032ba83e
                                                                                                                                  0x032ba83f
                                                                                                                                  0x032ba843
                                                                                                                                  0x032ba853
                                                                                                                                  0x032ba84b
                                                                                                                                  0x032ba84d
                                                                                                                                  0x032ba84d
                                                                                                                                  0x032ba6e9
                                                                                                                                  0x032ba6f0
                                                                                                                                  0x032ba6f2
                                                                                                                                  0x032ba6fd
                                                                                                                                  0x032ba6fd
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba6f0
                                                                                                                                  0x032ba6e3
                                                                                                                                  0x032ba6c5
                                                                                                                                  0x032ba6ba
                                                                                                                                  0x032ba6a2
                                                                                                                                  0x032ba68a
                                                                                                                                  0x032ba4d9
                                                                                                                                  0x032ba4e0
                                                                                                                                  0x032ba4e2
                                                                                                                                  0x032ba4ed
                                                                                                                                  0x032ba4ed
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba4e0
                                                                                                                                  0x032ba4d3
                                                                                                                                  0x032ba4b5
                                                                                                                                  0x032ba4aa
                                                                                                                                  0x032ba492
                                                                                                                                  0x032ba47a
                                                                                                                                  0x032ba385
                                                                                                                                  0x032ba396
                                                                                                                                  0x032ba399
                                                                                                                                  0x032ba3a2
                                                                                                                                  0x032ba3a7
                                                                                                                                  0x032ba3a7
                                                                                                                                  0x032ba3aa
                                                                                                                                  0x032ba3af
                                                                                                                                  0x032ba3b4
                                                                                                                                  0x032ba3b4
                                                                                                                                  0x032ba3bc
                                                                                                                                  0x032ba3ca
                                                                                                                                  0x032ba3ca
                                                                                                                                  0x032ba37f
                                                                                                                                  0x032ba36d
                                                                                                                                  0x032ba358
                                                                                                                                  0x032ba02e
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba02e
                                                                                                                                  0x032ba028
                                                                                                                                  0x032ba014
                                                                                                                                  0x032b9f8b
                                                                                                                                  0x032b9f54
                                                                                                                                  0x032b9f35
                                                                                                                                  0x032b9f29
                                                                                                                                  0x032b9f20
                                                                                                                                  0x032b9f05

                                                                                                                                  APIs
                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 032B9EF1
                                                                                                                                  • SysStringLen.OLEAUT32(00000000), ref: 032B9EFD
                                                                                                                                  • CoCreateInstance.OLE32(032DCFC8,00000000,00000001,032DCFD8,?,00000007,?,00000000,?), ref: 032B9F4C
                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 032B9F7B
                                                                                                                                  • SysStringLen.OLEAUT32(00000000), ref: 032B9F83
                                                                                                                                  • SysAllocString.OLEAUT32(All), ref: 032B9FDD
                                                                                                                                  • CoCreateInstance.OLE32(032DD028,00000000,00000001,032DD038,00000000), ref: 032BA059
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 032BA10F
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 032BA11E
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 032BA125
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA18C
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA1A1
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA1B2
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA1C7
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA1DC
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA1F1
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA206
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA21B
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA230
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA24B
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA266
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA281
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA29C
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA2B7
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA2D2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw$String$AllocFree$CreateInstance
                                                                                                                                  • String ID: All
                                                                                                                                  • API String ID: 4091268867-55916349
                                                                                                                                  • Opcode ID: 2e8b3aa8ed4cfadc114ab741d3bc65d60e6c0ac816082975957045861ab8d064
                                                                                                                                  • Instruction ID: f7e77a2eccd0f631b5e7a4f19b0f81f93d8edd333432301aac8d8d22242eb2c1
                                                                                                                                  • Opcode Fuzzy Hash: 2e8b3aa8ed4cfadc114ab741d3bc65d60e6c0ac816082975957045861ab8d064
                                                                                                                                  • Instruction Fuzzy Hash: 39D12B74A20308AFDB20DFA4C888F9EBBB9BF48745F508159F519EB251DB71A985CF10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B5050 Relevance: 44.0, APIs: 23, Strings: 2, Instructions: 242memorystringregistryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 99%
                                                                                                                                  			E032B5050(void* _a8, char* _a12, void* _a16) {
				int _v8;
				long _v12;
				int _v16;
				void* __ebp;
				void* _t41;
				CHAR* _t42;
				long _t44;
				char* _t51;
				void* _t52;
				void* _t63;
				void _t65;
				void* _t73;
				void* _t74;
				void* _t78;
				intOrPtr _t80;
				int _t81;
				char* _t84;
				void* _t89;
				void* _t99;
				int _t102;
				char* _t110;
				void* _t113;
				void* _t114;
				void* _t115;
				void* _t116;
				void** _t118;
				void* _t120;
				void* _t125;
				void _t127;
				void** _t128;
				void* _t130;
				CHAR* _t131;
				intOrPtr* _t132;
				void* _t133;
				void* _t134;
				void* _t136;
				void* _t137;
				void* _t138;
				void* _t140;

				_t102 = _a8;
				_t137 = _t136 - 0xc;
				 *0x32efef8 = _a16;
				 *0x32efefc = _a12;
				 *0x32efef4 = _t102;
				_t41 = GlobalAlloc(0x40, _t102 + 1);
				_t118 =  *0x32efef8;
				_t125 = _t41;
				if(_t118 == 0) {
					L35:
					__eflags = _t125;
					if(_t125 != 0) {
						GlobalFree(_t125);
					}
					_t42 = E032B1F00();
					__eflags =  *0x32efef8;
					if( *0x32efef8 != 0) {
						_t44 =  *0x32efef4 + 8;
						__eflags = _t44;
						_t127 = GlobalAlloc(0x40, _t44);
						_t37 = _t127 + 4; // 0x4
						_t42 = lstrcpynA(_t37, "error",  *0x32efef4);
						_t115 =  *0x32efef8;
						 *_t127 =  *_t115;
						 *_t115 = _t127;
					}
					return _t42;
				} else {
					_t120 =  *_t118;
					if(_t120 == 0) {
						goto L35;
					} else {
						lstrcpyA(_t125, _t120 + 4);
						 *( *0x32efef8) =  *_t120;
						GlobalFree(_t120);
						_t51 = E032AD1A0(_t125);
						_t138 = _t137 + 4;
						_a12 = _t51;
						if(_t125 != 0) {
							GlobalFree(_t125);
						}
						_t52 = GlobalAlloc(0x40,  *0x32efef4 + 1);
						_t128 =  *0x32efef8;
						_t99 = _t52;
						if(_t128 == 0) {
							L31:
							__eflags = _t99;
							if(_t99 != 0) {
								GlobalFree(_t99);
							}
							E032B1F00();
							goto L34;
						} else {
							_t130 =  *_t128;
							if(_t130 == 0) {
								goto L31;
							} else {
								lstrcpyA(_t99, _t130 + 4);
								 *( *0x32efef8) =  *_t130;
								GlobalFree(_t130);
								_t131 = GlobalAlloc(0x40,  *0x32efef4 + 1);
								_t63 =  *0x32efef8;
								_v12 = _t131;
								if(_t63 == 0) {
									L29:
									__eflags = _t131;
									if(_t131 != 0) {
										GlobalFree(_t131);
									}
									goto L31;
								} else {
									_t65 =  *_t63;
									_a8 = _t65;
									if(_t65 == 0) {
										goto L29;
									} else {
										lstrcpyA(_t131, _t65 + 4);
										_t116 = _a8;
										 *( *0x32efef8) =  *_t116;
										GlobalFree(_t116);
										_a8 = GlobalAlloc(0x40,  *0x32efef4 + 1);
										_t73 = E032B1F30(_t72);
										_t138 = _t138 + 4;
										if(_t73 != 0) {
											L27:
											_t74 = _a8;
											__eflags = _t74;
											if(_t74 != 0) {
												GlobalFree(_t74);
											}
											goto L29;
										} else {
											_t110 = _a12;
											_a16 = _t73;
											if(_t110 != 0) {
												__eflags = _t110 - 1;
												_t78 = (0 | _t110 != 0x00000001) + 0x80000001;
												__eflags = _t78;
											} else {
												_t78 = 0x80000000;
											}
											if(RegCreateKeyExA(_t78, _t99, 0, 0, 0, 0x20006, 0,  &_a16,  &_v16) != 0) {
												goto L27;
											} else {
												_t132 = _a8;
												_t113 = _t132 + 1;
												do {
													_t80 =  *_t132;
													_t132 = _t132 + 1;
													_t152 = _t80;
												} while (_t80 != 0);
												_t133 = _t132 - _t113;
												_t81 = _t133 + 2;
												_push(_t81);
												_v8 = _t81;
												_a12 = E032BD9DC(_t152);
												E032BF440(_t82, _a8, _t133);
												_t84 = _a12;
												_t140 = _t138 + 0x10;
												_t114 = 0;
												_t84[_t133] = 0;
												if(_t133 > 0) {
													do {
														if( *((char*)(_t114 + _t84)) == 0x3b) {
															 *((char*)(_t114 + _t84)) = 0;
														}
														_t114 = _t114 + 1;
													} while (_t114 < _t133);
												}
												_t134 = _v12;
												_v12 = RegSetValueExA(_a16, _t134, 0, 7, _t84, _v8);
												RegCloseKey(_a16);
												L032BD9E5(_a12);
												_t89 = _a8;
												_t138 = _t140 + 4;
												if(_t89 != 0) {
													GlobalFree(_t89);
												}
												if(_t134 != 0) {
													GlobalFree(_t134);
												}
												if(_t99 != 0) {
													GlobalFree(_t99);
												}
												E032B1F00();
												if(_v12 == 0) {
													L34:
													return E032B1FC0("error");
												} else {
													return E032B1FC0("success");
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}










































                                                                                                                                  0x032b5053
                                                                                                                                  0x032b5056
                                                                                                                                  0x032b505c
                                                                                                                                  0x032b506d
                                                                                                                                  0x032b5078
                                                                                                                                  0x032b507e
                                                                                                                                  0x032b5080
                                                                                                                                  0x032b5086
                                                                                                                                  0x032b508a
                                                                                                                                  0x032b5298
                                                                                                                                  0x032b5298
                                                                                                                                  0x032b529a
                                                                                                                                  0x032b529d
                                                                                                                                  0x032b529d
                                                                                                                                  0x032b52a3
                                                                                                                                  0x032b52a8
                                                                                                                                  0x032b52af
                                                                                                                                  0x032b52b6
                                                                                                                                  0x032b52b6
                                                                                                                                  0x032b52c4
                                                                                                                                  0x032b52cb
                                                                                                                                  0x032b52cf
                                                                                                                                  0x032b52d5
                                                                                                                                  0x032b52dd
                                                                                                                                  0x032b52df
                                                                                                                                  0x032b52df
                                                                                                                                  0x032b52e7
                                                                                                                                  0x032b5090
                                                                                                                                  0x032b5090
                                                                                                                                  0x032b5094
                                                                                                                                  0x00000000
                                                                                                                                  0x032b509a
                                                                                                                                  0x032b509f
                                                                                                                                  0x032b50b3
                                                                                                                                  0x032b50b5
                                                                                                                                  0x032b50b8
                                                                                                                                  0x032b50bd
                                                                                                                                  0x032b50c0
                                                                                                                                  0x032b50c5
                                                                                                                                  0x032b50c8
                                                                                                                                  0x032b50c8
                                                                                                                                  0x032b50d4
                                                                                                                                  0x032b50d6
                                                                                                                                  0x032b50dc
                                                                                                                                  0x032b50e0
                                                                                                                                  0x032b5278
                                                                                                                                  0x032b5278
                                                                                                                                  0x032b527a
                                                                                                                                  0x032b527d
                                                                                                                                  0x032b527d
                                                                                                                                  0x032b527f
                                                                                                                                  0x00000000
                                                                                                                                  0x032b50e6
                                                                                                                                  0x032b50e6
                                                                                                                                  0x032b50ea
                                                                                                                                  0x00000000
                                                                                                                                  0x032b50f0
                                                                                                                                  0x032b50f5
                                                                                                                                  0x032b5103
                                                                                                                                  0x032b5105
                                                                                                                                  0x032b5116
                                                                                                                                  0x032b5118
                                                                                                                                  0x032b511d
                                                                                                                                  0x032b5122
                                                                                                                                  0x032b5271
                                                                                                                                  0x032b5271
                                                                                                                                  0x032b5273
                                                                                                                                  0x032b5276
                                                                                                                                  0x032b5276
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5128
                                                                                                                                  0x032b5128
                                                                                                                                  0x032b512a
                                                                                                                                  0x032b512f
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5135
                                                                                                                                  0x032b513a
                                                                                                                                  0x032b5140
                                                                                                                                  0x032b514b
                                                                                                                                  0x032b514d
                                                                                                                                  0x032b515f
                                                                                                                                  0x032b5162
                                                                                                                                  0x032b5167
                                                                                                                                  0x032b516c
                                                                                                                                  0x032b5267
                                                                                                                                  0x032b5267
                                                                                                                                  0x032b526a
                                                                                                                                  0x032b526c
                                                                                                                                  0x032b526f
                                                                                                                                  0x032b526f
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5172
                                                                                                                                  0x032b5172
                                                                                                                                  0x032b5175
                                                                                                                                  0x032b517a
                                                                                                                                  0x032b5185
                                                                                                                                  0x032b518b
                                                                                                                                  0x032b518b
                                                                                                                                  0x032b517c
                                                                                                                                  0x032b517c
                                                                                                                                  0x032b517c
                                                                                                                                  0x032b51af
                                                                                                                                  0x00000000
                                                                                                                                  0x032b51b5
                                                                                                                                  0x032b51b5
                                                                                                                                  0x032b51b8
                                                                                                                                  0x032b51c0
                                                                                                                                  0x032b51c0
                                                                                                                                  0x032b51c2
                                                                                                                                  0x032b51c3
                                                                                                                                  0x032b51c3
                                                                                                                                  0x032b51c7
                                                                                                                                  0x032b51c9
                                                                                                                                  0x032b51cc
                                                                                                                                  0x032b51cd
                                                                                                                                  0x032b51d9
                                                                                                                                  0x032b51dd
                                                                                                                                  0x032b51e2
                                                                                                                                  0x032b51e5
                                                                                                                                  0x032b51e8
                                                                                                                                  0x032b51ea
                                                                                                                                  0x032b51f2
                                                                                                                                  0x032b51f4
                                                                                                                                  0x032b51f8
                                                                                                                                  0x032b51fa
                                                                                                                                  0x032b51fa
                                                                                                                                  0x032b51fe
                                                                                                                                  0x032b51ff
                                                                                                                                  0x032b51f4
                                                                                                                                  0x032b5206
                                                                                                                                  0x032b521b
                                                                                                                                  0x032b521e
                                                                                                                                  0x032b5228
                                                                                                                                  0x032b522d
                                                                                                                                  0x032b5230
                                                                                                                                  0x032b5235
                                                                                                                                  0x032b5238
                                                                                                                                  0x032b5238
                                                                                                                                  0x032b523c
                                                                                                                                  0x032b523f
                                                                                                                                  0x032b523f
                                                                                                                                  0x032b5243
                                                                                                                                  0x032b5246
                                                                                                                                  0x032b5246
                                                                                                                                  0x032b5248
                                                                                                                                  0x032b5251
                                                                                                                                  0x032b5284
                                                                                                                                  0x032b5297
                                                                                                                                  0x032b5253
                                                                                                                                  0x032b5266
                                                                                                                                  0x032b5266
                                                                                                                                  0x032b5251
                                                                                                                                  0x032b51af
                                                                                                                                  0x032b516c
                                                                                                                                  0x032b512f
                                                                                                                                  0x032b5122
                                                                                                                                  0x032b50ea
                                                                                                                                  0x032b50e0
                                                                                                                                  0x032b5094

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B507E
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B509F
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B50B5
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B50C8
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B50D4
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B50F5
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B5105
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B5110
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B513A
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B514D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B5158
                                                                                                                                  • RegCreateKeyExA.ADVAPI32(-80000001,00000000,00000000,00000000,00000000,00020006,00000000,?,?), ref: 032B51A7
                                                                                                                                  • RegSetValueExA.ADVAPI32(?,?,00000000,00000007,?,?), ref: 032B5212
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 032B521E
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B5238
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B523F
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B5246
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B526F
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B5276
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B527D
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B529D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B52BC
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B52CF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc$lstrcpy$CloseCreateValuelstrcpyn
                                                                                                                                  • String ID: error$success
                                                                                                                                  • API String ID: 4239540534-58590040
                                                                                                                                  • Opcode ID: 20098c6fd8b601b8ec4f7eb5b618d0319216ced43ea6a7c21fe52288b5cb2b1c
                                                                                                                                  • Instruction ID: 176b0b741faf5e5687df5e3fdaa0ea75ae559aed08e8f6e06dfd325b71d57c34
                                                                                                                                  • Opcode Fuzzy Hash: 20098c6fd8b601b8ec4f7eb5b618d0319216ced43ea6a7c21fe52288b5cb2b1c
                                                                                                                                  • Instruction Fuzzy Hash: 8D81F276911312AFDB20EF64EC49EAAB7B8EF05780F2A8014ED15DB345D770E950CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B55C0 Relevance: 40.7, APIs: 27, Instructions: 183memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 95%
                                                                                                                                  			E032B55C0(void* __ecx, long _a4) {
				long _v8;
				long _v12;
				void* _v16;
				long _v20;
				void* _v24;
				union _TOKEN_INFORMATION_CLASS _v28;
				void* _v32;
				union _TOKEN_INFORMATION_CLASS _v36;
				union _SID_NAME_USE _v40;
				void* _v44;
				void* _t61;
				void* _t70;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t77;
				CHAR* _t88;
				void* _t95;
				void* _t108;
				void* _t113;

				_t108 = __ecx;
				_t61 = OpenProcess(0x400, 0, _a4);
				_v44 = _t61;
				if(_t61 == 0) {
					return 0;
				} else {
					_v36 = 0;
					_v16 = 0;
					if(OpenProcessToken(_t61, 8,  &_v16) != 0) {
						_a4 = 0;
						if(GetTokenInformation(_v16, 1, 0, 0,  &_a4) == 0 && GetLastError() == 0x7a) {
							_t70 = GlobalAlloc(0x40, _a4);
							_v32 = _t70;
							GetTokenInformation(_v16, 1, _t70, _a4,  &_a4);
							_t72 = _v32;
							if(_t72 != 0) {
								_t73 =  *_t72;
								_push(_t108);
								_push(_t73);
								_v24 = _t73;
								L032BD987();
								if(_t73 != 0) {
									_v28 = 0;
									_t75 = GetCurrentProcess();
									_v12 = _t75;
									if(_t75 != 0) {
										_v20 = 0;
										_t77 = GetCurrentProcess();
										if(DuplicateHandle(GetCurrentProcess(), _v12, _t77,  &_v20, 0, 0, 2) != 0) {
											_v12 = 0;
											if(OpenProcessToken(_v20, 8,  &_v12) != 0) {
												_v8 = 0;
												if(GetTokenInformation(_v12, 1, 0, 0,  &_v8) == 0 && GetLastError() == 0x7a) {
													_t95 = GlobalAlloc(0x40, _v8);
													_v40 = _t95;
													GetTokenInformation(_v12, 1, _t95, _v8,  &_v8);
													_t113 = _v40;
													if(_t113 != 0) {
														 *(_t108 + 0xc) = EqualSid( *_t113, _v24);
														_v28 = 1;
														GlobalFree(_t113);
													}
												}
												CloseHandle(_v12);
											}
											CloseHandle(_v20);
											if(_v28 != 0) {
												if( *(_t108 + 0xc) == 0) {
													_v12 = 0;
													_v20 = 0;
													LookupAccountSidA(0, _v24, 0,  &_v12, 0,  &_v20,  &_v40);
													 *(_t108 + 4) = GlobalAlloc(0x40, _v12);
													_t88 = GlobalAlloc(0x40, _v20);
													 *(_t108 + 8) = _t88;
													if(LookupAccountSidA(0, _v24,  *(_t108 + 4),  &_v12, _t88,  &_v20,  &_v40) == 0) {
														 *(_t108 + 0xc) = 1;
													}
												}
												_v36 = 1;
											}
										}
									}
								}
								GlobalFree(_v32);
							}
						}
						CloseHandle(_v16);
					}
					CloseHandle(_v44);
					return _v36;
				}
			}























                                                                                                                                  0x032b55ca
                                                                                                                                  0x032b55d3
                                                                                                                                  0x032b55d9
                                                                                                                                  0x032b55de
                                                                                                                                  0x032b57f0
                                                                                                                                  0x032b55e4
                                                                                                                                  0x032b55e8
                                                                                                                                  0x032b55f3
                                                                                                                                  0x032b5608
                                                                                                                                  0x032b5622
                                                                                                                                  0x032b562d
                                                                                                                                  0x032b5647
                                                                                                                                  0x032b5650
                                                                                                                                  0x032b565d
                                                                                                                                  0x032b565f
                                                                                                                                  0x032b5664
                                                                                                                                  0x032b566a
                                                                                                                                  0x032b566c
                                                                                                                                  0x032b566d
                                                                                                                                  0x032b566e
                                                                                                                                  0x032b5671
                                                                                                                                  0x032b5678
                                                                                                                                  0x032b567e
                                                                                                                                  0x032b5685
                                                                                                                                  0x032b568b
                                                                                                                                  0x032b5690
                                                                                                                                  0x032b569f
                                                                                                                                  0x032b56a7
                                                                                                                                  0x032b56c0
                                                                                                                                  0x032b56c9
                                                                                                                                  0x032b56de
                                                                                                                                  0x032b56e3
                                                                                                                                  0x032b56f8
                                                                                                                                  0x032b570a
                                                                                                                                  0x032b5713
                                                                                                                                  0x032b5720
                                                                                                                                  0x032b5722
                                                                                                                                  0x032b5727
                                                                                                                                  0x032b5735
                                                                                                                                  0x032b5738
                                                                                                                                  0x032b573f
                                                                                                                                  0x032b573f
                                                                                                                                  0x032b5727
                                                                                                                                  0x032b5748
                                                                                                                                  0x032b5748
                                                                                                                                  0x032b574d
                                                                                                                                  0x032b5753
                                                                                                                                  0x032b5759
                                                                                                                                  0x032b5768
                                                                                                                                  0x032b5775
                                                                                                                                  0x032b5784
                                                                                                                                  0x032b5794
                                                                                                                                  0x032b5799
                                                                                                                                  0x032b57a2
                                                                                                                                  0x032b57bb
                                                                                                                                  0x032b57bd
                                                                                                                                  0x032b57bd
                                                                                                                                  0x032b57bb
                                                                                                                                  0x032b57c4
                                                                                                                                  0x032b57c4
                                                                                                                                  0x032b5753
                                                                                                                                  0x032b56c0
                                                                                                                                  0x032b5690
                                                                                                                                  0x032b57ce
                                                                                                                                  0x032b57ce
                                                                                                                                  0x032b5664
                                                                                                                                  0x032b57d7
                                                                                                                                  0x032b57d9
                                                                                                                                  0x032b57dd
                                                                                                                                  0x032b57e7
                                                                                                                                  0x032b57e7

                                                                                                                                  APIs
                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000000,032AF489,?,?,?,?,?,?,?,?,?,032AF489,?), ref: 032B55D3
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000008,?,?), ref: 032B55FA
                                                                                                                                  • GetTokenInformation.ADVAPI32(00000000,00000001(TokenIntegrityLevel),00000000,00000000,032AF489,00000000), ref: 032B5629
                                                                                                                                  • GetLastError.KERNEL32 ref: 032B5633
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000), ref: 032B5647
                                                                                                                                  • GetTokenInformation.ADVAPI32(00000000,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 032B565D
                                                                                                                                  • ConvertSidToStringSidA.ADVAPI32(?,00000000), ref: 032B5671
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 032B5685
                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 032B56A7
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 032B56B1
                                                                                                                                  • DuplicateHandle.KERNEL32(00000000), ref: 032B56B8
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 032B56D6
                                                                                                                                  • GetTokenInformation.ADVAPI32(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 032B56F4
                                                                                                                                  • GetLastError.KERNEL32 ref: 032B56FA
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000), ref: 032B570A
                                                                                                                                  • GetTokenInformation.ADVAPI32(00000000,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 032B5720
                                                                                                                                  • EqualSid.ADVAPI32(?,?), ref: 032B572E
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B573F
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B5748
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B574D
                                                                                                                                  • LookupAccountSidA.ADVAPI32(00000000,?,00000000,00000000,00000000,00000000,?), ref: 032B5784
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000), ref: 032B578B
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000), ref: 032B5799
                                                                                                                                  • LookupAccountSidA.ADVAPI32(00000000,?,?,00000000,00000000,00000000,?), ref: 032B57B7
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B57CE
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B57D7
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 032B57DD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: GlobalProcessToken$Handle$AllocCloseInformation$CurrentOpen$AccountErrorFreeLastLookup$ConvertDuplicateEqualString
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3937964242-0
                                                                                                                                  • Opcode ID: c2799a79f75b35b1482e2a75dca272463bb4e91b5e60eb8844400685d0412fe2
                                                                                                                                  • Instruction ID: 4bdd5a8105ba4011fd104a1118380a9a21f634d1ce06d913c4f50caeec3bcf91
                                                                                                                                  • Opcode Fuzzy Hash: c2799a79f75b35b1482e2a75dca272463bb4e91b5e60eb8844400685d0412fe2
                                                                                                                                  • Instruction Fuzzy Hash: F561F671A1121AEFEF10DFA0EC49FEEBBB9FB04741F248055FA04A6190D7B19A50DB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B89E0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 104libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032B89E0() {
				struct _SECURITY_ATTRIBUTES* _t1;
				intOrPtr _t3;
				unsigned int _t13;
				intOrPtr _t14;
				intOrPtr _t21;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr _t28;
				struct HINSTANCE__* _t32;
				struct HINSTANCE__* _t33;
				intOrPtr _t34;

				_t1 =  *0x32eff88;
				if(_t1 != 0) {
					ResetEvent(_t1);
				} else {
					 *0x32eff88 = CreateEventA(_t1, _t1, _t1, _t1);
				}
				_t3 =  *0x32eff90;
				if(_t3 == 0) {
					L9:
					_t32 = GetModuleHandleA("ntdll.dll");
					 *0x32eff90 = GetProcAddress(_t32, "NtQuerySystemInformation");
					 *0x32eff94 = GetProcAddress(_t32, "NtQueryObject");
					 *0x32eff98 = GetProcAddress(_t32, "NtQueryInformationFile");
					_t33 = GetModuleHandleA("kernel32.dll");
					 *0x32effb0 = GetProcAddress(_t33, "QueryFullProcessImageNameA");
					 *0x32effb4 = GetProcAddress(_t33, "Wow64DisableWow64FsRedirection");
					 *0x32effb8 = GetProcAddress(_t33, "IsWow64Process");
					E032B8B20();
					_t13 = GetVersion();
					if(_t13 != 5 || _t13 >> 8 != 0) {
						_t14 = 0;
					} else {
						_t14 = 1;
					}
					_t24 =  *0x32eff94;
					_t25 =  *0x32eff98;
					_t34 =  *0x32eff9c;
					_t28 =  *0x32effa0;
					_t21 =  *0x32effa8;
					 *0x32eff8c = _t14;
					_t3 =  *0x32eff90;
					goto L14;
				} else {
					_t24 =  *0x32eff94;
					if(_t24 == 0) {
						goto L9;
					}
					_t25 =  *0x32eff98;
					if(_t25 == 0) {
						goto L9;
					}
					_t34 =  *0x32eff9c;
					if(_t34 == 0) {
						goto L9;
					}
					_t28 =  *0x32effa0;
					if(_t28 == 0) {
						goto L9;
					}
					_t21 =  *0x32effa8;
					if(_t21 != 0) {
						L14:
						if(_t3 == 0 || _t24 == 0 || _t25 == 0 || _t34 == 0 || _t28 == 0 || _t21 == 0) {
							return 0;
						} else {
							return 1;
						}
					}
					goto L9;
				}
			}














                                                                                                                                  0x032b89e0
                                                                                                                                  0x032b89e7
                                                                                                                                  0x032b89fb
                                                                                                                                  0x032b89e9
                                                                                                                                  0x032b89f3
                                                                                                                                  0x032b89f3
                                                                                                                                  0x032b8a01
                                                                                                                                  0x032b8a0b
                                                                                                                                  0x032b8a43
                                                                                                                                  0x032b8a56
                                                                                                                                  0x032b8a66
                                                                                                                                  0x032b8a73
                                                                                                                                  0x032b8a7f
                                                                                                                                  0x032b8a86
                                                                                                                                  0x032b8a96
                                                                                                                                  0x032b8aa3
                                                                                                                                  0x032b8aaa
                                                                                                                                  0x032b8aaf
                                                                                                                                  0x032b8ab4
                                                                                                                                  0x032b8abc
                                                                                                                                  0x032b8acc
                                                                                                                                  0x032b8ac5
                                                                                                                                  0x032b8ac5
                                                                                                                                  0x032b8ac5
                                                                                                                                  0x032b8ace
                                                                                                                                  0x032b8ad4
                                                                                                                                  0x032b8ada
                                                                                                                                  0x032b8ae0
                                                                                                                                  0x032b8ae6
                                                                                                                                  0x032b8aec
                                                                                                                                  0x032b8af1
                                                                                                                                  0x00000000
                                                                                                                                  0x032b8a0d
                                                                                                                                  0x032b8a0d
                                                                                                                                  0x032b8a15
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b8a17
                                                                                                                                  0x032b8a1f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b8a21
                                                                                                                                  0x032b8a29
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b8a2b
                                                                                                                                  0x032b8a33
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b8a35
                                                                                                                                  0x032b8a3d
                                                                                                                                  0x032b8af6
                                                                                                                                  0x032b8af8
                                                                                                                                  0x032b8b1c
                                                                                                                                  0x032b8b0e
                                                                                                                                  0x032b8b16
                                                                                                                                  0x032b8b16
                                                                                                                                  0x032b8af8
                                                                                                                                  0x00000000
                                                                                                                                  0x032b8a3d

                                                                                                                                  APIs
                                                                                                                                  • CreateEventA.KERNEL32(?,?,?,?,032B7C15,?), ref: 032B89ED
                                                                                                                                  • ResetEvent.KERNEL32(?,032B7C15,?), ref: 032B89FB
                                                                                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,00000000,?), ref: 032B8A4E
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 032B8A5E
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtQueryObject), ref: 032B8A6B
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtQueryInformationFile), ref: 032B8A78
                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 032B8A84
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameA), ref: 032B8A8E
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 032B8A9B
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 032B8AA8
                                                                                                                                  • GetVersion.KERNEL32 ref: 032B8AB4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$EventHandleModule$CreateResetVersion
                                                                                                                                  • String ID: IsWow64Process$NtQueryInformationFile$NtQueryObject$NtQuerySystemInformation$QueryFullProcessImageNameA$Wow64DisableWow64FsRedirection$kernel32.dll$ntdll.dll
                                                                                                                                  • API String ID: 484877967-3304139088
                                                                                                                                  • Opcode ID: 41190384392fbec6543d1615829bdf04367a506741135892537dc5e3f2104648
                                                                                                                                  • Instruction ID: 5ed14828fb19b4c651d4479371917d28c02a88f03a2c763502a3f2769af1bdaf
                                                                                                                                  • Opcode Fuzzy Hash: 41190384392fbec6543d1615829bdf04367a506741135892537dc5e3f2104648
                                                                                                                                  • Instruction Fuzzy Hash: 4C316571B21361AFDF10FB74BD89AAA777CAB8574031E8015EC18DB28DD770D880CA54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B25D0 Relevance: 31.7, APIs: 17, Strings: 4, Instructions: 234memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                  			E032B25D0(void* __ebx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, void* _a16) {
				signed int _v8;
				short _v2056;
				short _v4104;
				void* _v4108;
				void* _v4112;
				char* _v4116;
				char _v4124;
				void* __ebp;
				signed int _t36;
				void* _t44;
				void* _t46;
				void* _t58;
				void _t61;
				void* _t69;
				void* _t70;
				void* _t79;
				void* _t82;
				signed int _t89;
				signed int _t90;
				void* _t91;
				void* _t100;
				intOrPtr* _t111;
				char* _t112;
				void* _t116;
				char* _t117;
				void _t118;
				intOrPtr _t119;
				void* _t120;
				void* _t122;
				void** _t125;
				void* _t127;
				CHAR* _t128;
				void* _t130;
				void _t133;
				signed int _t134;
				void* _t135;
				void* _t137;
				void* _t138;

				E032BD9F0();
				_t36 =  *0x32ed474; // 0x444d31ba
				_v8 = _t36 ^ _t134;
				_push(__ebx);
				_push(__esi);
				 *0x32efef4 = _a8;
				 *0x32efef8 = _a16;
				_push(__edi);
				 *0x32efefc = _a12;
				E032B99F0( &_v4124);
				if(E032BA840( &_v4124) != 0) {
					_t44 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t125 =  *0x32efef8;
					_t122 = _t44;
					if(_t125 == 0) {
						L36:
						if(_t122 != 0) {
							GlobalFree(_t122);
						}
						L38:
						E032B1F00();
						L39:
						_t46 = 0x32dc484;
						L40:
						E032B1FC0(_t46);
						E032B9A10( &_v4124);
						return E032BD98D(_v8 ^ _t134);
					}
					_t127 =  *_t125;
					if(_t127 == 0) {
						goto L36;
					}
					lstrcpyA(_t122, _t127 + 4);
					_t100 = GlobalFree;
					 *( *0x32efef8) =  *_t127;
					GlobalFree(_t127);
					_t128 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t58 =  *0x32efef8;
					_v4116 = _t128;
					if(_t58 == 0) {
						L32:
						if(_t122 != 0) {
							GlobalFree(_t122);
						}
						if(_t128 != 0) {
							GlobalFree(_t128);
						}
						goto L38;
					}
					_t61 =  *_t58;
					_v4108 = _t61;
					if(_t61 == 0) {
						goto L32;
					}
					lstrcpyA(_t128, _t61 + 4);
					_t116 = _v4108;
					 *( *0x32efef8) =  *_t116;
					GlobalFree(_t116);
					_v4108 = 0x100;
					_v4112 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t69 = E032B1F30(_t68);
					_t137 = _t135 + 4;
					if(_t69 != 0) {
						L25:
						_t70 = _v4112;
						if(_t70 != 0) {
							GlobalFree(_t70);
						}
						E032BEF40(_t122,  &_v4104, 0, 0x800);
						E032BEF40(_t122,  &_v2056, 0, 0x800);
						_t130 = MultiByteToWideChar;
						_t138 = _t137 + 0x18;
						MultiByteToWideChar(0, 0, _t122, 0xffffffff,  &_v4104, 0x400);
						MultiByteToWideChar(0, 0, _v4116, 0xffffffff,  &_v2056, 0x400);
						if(_t122 != 0) {
							GlobalFree(_t122);
						}
						_t79 = _v4116;
						if(_t79 != 0) {
							GlobalFree(_t79);
						}
						_push( &_v2056);
						_push(_v4108);
						_push( &_v4104);
						_t82 = E032B9A70(_t100,  &_v4124, _t122, _t130);
						E032B1F00();
						E032B1F70(_t82);
						_t135 = _t138 + 4;
						_t46 =  ==  ? "success" : 0x32dc484;
						goto L40;
					}
					_t111 = _v4112;
					_t117 = "UDP";
					asm("o16 nop [eax+eax]");
					while(1) {
						_t89 =  *_t111;
						if(_t89 !=  *_t117) {
							break;
						}
						if(_t89 == 0) {
							L13:
							_t90 = 0;
							L15:
							if(_t90 != 0) {
								_t91 = _v4112;
								_t112 = "TCP";
								while(1) {
									_t118 =  *_t91;
									if(_t118 !=  *_t112) {
										break;
									}
									if(_t118 == 0) {
										L22:
										L24:
										_t132 =  ==  ? 6 : 0x100;
										_v4108 =  ==  ? 6 : 0x100;
										goto L25;
									}
									_t119 =  *((intOrPtr*)(_t91 + 1));
									if(_t119 != _t112[1]) {
										break;
									}
									_t91 = _t91 + 2;
									_t112 =  &(_t112[2]);
									if(_t119 != 0) {
										continue;
									}
									goto L22;
								}
								asm("sbb eax, eax");
								goto L24;
							}
							_v4108 = 0x11;
							goto L25;
						}
						_t89 =  *((intOrPtr*)(_t111 + 1));
						if(_t89 != _t117[1]) {
							break;
						}
						_t111 = _t111 + 2;
						_t117 =  &(_t117[2]);
						if(_t89 != 0) {
							continue;
						}
						goto L13;
					}
					asm("sbb eax, eax");
					_t90 = _t89 | 0x00000001;
					goto L15;
				}
				E032B1F00();
				if( *0x32efef8 != 0) {
					_t133 = GlobalAlloc(0x40,  *0x32efef4 + 8);
					_t7 = _t133 + 4; // 0x4
					wsprintfA(_t7, 0x32dc480, 0xf);
					_t120 =  *0x32efef8;
					_t135 = _t135 + 0xc;
					 *_t133 =  *_t120;
					 *_t120 = _t133;
				}
				goto L39;
			}









































                                                                                                                                  0x032b25d8
                                                                                                                                  0x032b25dd
                                                                                                                                  0x032b25e4
                                                                                                                                  0x032b25ed
                                                                                                                                  0x032b25ee
                                                                                                                                  0x032b25ef
                                                                                                                                  0x032b25f7
                                                                                                                                  0x032b2603
                                                                                                                                  0x032b2604
                                                                                                                                  0x032b2609
                                                                                                                                  0x032b261b
                                                                                                                                  0x032b2670
                                                                                                                                  0x032b2676
                                                                                                                                  0x032b267c
                                                                                                                                  0x032b2680
                                                                                                                                  0x032b2884
                                                                                                                                  0x032b2886
                                                                                                                                  0x032b2889
                                                                                                                                  0x032b2889
                                                                                                                                  0x032b288f
                                                                                                                                  0x032b288f
                                                                                                                                  0x032b2894
                                                                                                                                  0x032b2894
                                                                                                                                  0x032b2899
                                                                                                                                  0x032b289a
                                                                                                                                  0x032b28a8
                                                                                                                                  0x032b28bd
                                                                                                                                  0x032b28bd
                                                                                                                                  0x032b2686
                                                                                                                                  0x032b268a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2695
                                                                                                                                  0x032b26a2
                                                                                                                                  0x032b26a9
                                                                                                                                  0x032b26ab
                                                                                                                                  0x032b26bc
                                                                                                                                  0x032b26be
                                                                                                                                  0x032b26c3
                                                                                                                                  0x032b26cb
                                                                                                                                  0x032b2874
                                                                                                                                  0x032b2876
                                                                                                                                  0x032b2879
                                                                                                                                  0x032b2879
                                                                                                                                  0x032b287d
                                                                                                                                  0x032b2880
                                                                                                                                  0x032b2880
                                                                                                                                  0x00000000
                                                                                                                                  0x032b287d
                                                                                                                                  0x032b26d1
                                                                                                                                  0x032b26d3
                                                                                                                                  0x032b26db
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b26e6
                                                                                                                                  0x032b26ec
                                                                                                                                  0x032b26fa
                                                                                                                                  0x032b26fc
                                                                                                                                  0x032b2709
                                                                                                                                  0x032b2719
                                                                                                                                  0x032b271f
                                                                                                                                  0x032b2724
                                                                                                                                  0x032b2729
                                                                                                                                  0x032b27b5
                                                                                                                                  0x032b27b5
                                                                                                                                  0x032b27bd
                                                                                                                                  0x032b27c0
                                                                                                                                  0x032b27c0
                                                                                                                                  0x032b27d0
                                                                                                                                  0x032b27e3
                                                                                                                                  0x032b27e8
                                                                                                                                  0x032b27f4
                                                                                                                                  0x032b2804
                                                                                                                                  0x032b281e
                                                                                                                                  0x032b2822
                                                                                                                                  0x032b2825
                                                                                                                                  0x032b2825
                                                                                                                                  0x032b2827
                                                                                                                                  0x032b282f
                                                                                                                                  0x032b2832
                                                                                                                                  0x032b2832
                                                                                                                                  0x032b283a
                                                                                                                                  0x032b283b
                                                                                                                                  0x032b2847
                                                                                                                                  0x032b284e
                                                                                                                                  0x032b2855
                                                                                                                                  0x032b285b
                                                                                                                                  0x032b2860
                                                                                                                                  0x032b286f
                                                                                                                                  0x00000000
                                                                                                                                  0x032b286f
                                                                                                                                  0x032b272f
                                                                                                                                  0x032b2735
                                                                                                                                  0x032b273a
                                                                                                                                  0x032b2740
                                                                                                                                  0x032b2740
                                                                                                                                  0x032b2744
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2748
                                                                                                                                  0x032b275c
                                                                                                                                  0x032b275c
                                                                                                                                  0x032b2765
                                                                                                                                  0x032b2767
                                                                                                                                  0x032b2775
                                                                                                                                  0x032b277b
                                                                                                                                  0x032b2780
                                                                                                                                  0x032b2780
                                                                                                                                  0x032b2784
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2788
                                                                                                                                  0x032b279c
                                                                                                                                  0x032b27a5
                                                                                                                                  0x032b27ac
                                                                                                                                  0x032b27af
                                                                                                                                  0x00000000
                                                                                                                                  0x032b27af
                                                                                                                                  0x032b278a
                                                                                                                                  0x032b2790
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2792
                                                                                                                                  0x032b2795
                                                                                                                                  0x032b279a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b279a
                                                                                                                                  0x032b27a0
                                                                                                                                  0x00000000
                                                                                                                                  0x032b27a2
                                                                                                                                  0x032b2769
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2769
                                                                                                                                  0x032b274a
                                                                                                                                  0x032b2750
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2752
                                                                                                                                  0x032b2755
                                                                                                                                  0x032b275a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b275a
                                                                                                                                  0x032b2760
                                                                                                                                  0x032b2762
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2762
                                                                                                                                  0x032b261d
                                                                                                                                  0x032b2629
                                                                                                                                  0x032b2640
                                                                                                                                  0x032b2649
                                                                                                                                  0x032b264d
                                                                                                                                  0x032b2653
                                                                                                                                  0x032b2659
                                                                                                                                  0x032b265e
                                                                                                                                  0x032b2660
                                                                                                                                  0x032b2660
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B263A
                                                                                                                                  • wsprintfA.USER32 ref: 032B264D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2670
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B2695
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B26AB
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B26B6
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B26E6
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B26FC
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2712
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B27C0
                                                                                                                                    • Part of subcall function 032B1F00: GlobalFree.KERNEL32 ref: 032B1F1B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFree$lstrcpy$wsprintf
                                                                                                                                  • String ID: TCP$UDP$error$success
                                                                                                                                  • API String ID: 945503228-1822439350
                                                                                                                                  • Opcode ID: ba87d7c7102fce13b151936b94fec034e1dc4adb6c63a2744ed350ffb34a8d86
                                                                                                                                  • Instruction ID: fb65ed00aaf09c6eaaef00f14ed4cc5008bbace717260c9f48ebb88ad6582cf7
                                                                                                                                  • Opcode Fuzzy Hash: ba87d7c7102fce13b151936b94fec034e1dc4adb6c63a2744ed350ffb34a8d86
                                                                                                                                  • Instruction Fuzzy Hash: 8A811675920326EBDB21DF24ED45BE573B8AF09780F094594E949EB245DBB0EDC0CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B2BB0 Relevance: 31.7, APIs: 17, Strings: 4, Instructions: 231memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                  			E032B2BB0(void* __ebx, void* __edi, void* __esi, int _a8, intOrPtr _a12, void* _a16) {
				signed int _v8;
				short _v2056;
				short _v4104;
				void* _v4108;
				void* _v4112;
				char* _v4116;
				char _v4124;
				void* __ebp;
				signed int _t36;
				void* _t44;
				void* _t57;
				void _t60;
				void* _t68;
				void* _t69;
				void* _t78;
				signed int _t87;
				signed int _t88;
				void* _t89;
				intOrPtr* _t108;
				char* _t109;
				void* _t113;
				char* _t114;
				void _t115;
				intOrPtr _t116;
				void* _t117;
				void* _t119;
				void** _t122;
				void* _t124;
				CHAR* _t125;
				void* _t128;
				void _t130;
				signed int _t131;
				void* _t132;
				void* _t134;
				void* _t135;

				E032BD9F0();
				_t36 =  *0x32ed474; // 0x444d31ba
				_v8 = _t36 ^ _t131;
				 *0x32efef4 = _a8;
				 *0x32efef8 = _a16;
				 *0x32efefc = _a12;
				E032B99F0( &_v4124);
				if(E032BA840( &_v4124) != 0) {
					_t44 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t122 =  *0x32efef8;
					_t119 = _t44;
					if(_t122 == 0) {
						L37:
						if(_t119 != 0) {
							GlobalFree(_t119);
						}
						L39:
						E032B1F00();
						L40:
						_push("error");
						L41:
						E032B1FC0();
						L42:
						E032B9A10( &_v4124);
						return E032BD98D(_v8 ^ _t131);
					}
					_t124 =  *_t122;
					if(_t124 == 0) {
						goto L37;
					}
					lstrcpyA(_t119, _t124 + 4);
					 *( *0x32efef8) =  *_t124;
					GlobalFree(_t124);
					_t125 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t57 =  *0x32efef8;
					_v4116 = _t125;
					if(_t57 == 0) {
						L33:
						if(_t119 != 0) {
							GlobalFree(_t119);
						}
						if(_t125 != 0) {
							GlobalFree(_t125);
						}
						goto L39;
					}
					_t60 =  *_t57;
					_v4108 = _t60;
					if(_t60 == 0) {
						goto L33;
					}
					lstrcpyA(_t125, _t60 + 4);
					_t113 = _v4108;
					 *( *0x32efef8) =  *_t113;
					GlobalFree(_t113);
					_v4108 = 0x100;
					_v4112 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t68 = E032B1F30(_t67);
					_t134 = _t132 + 4;
					if(_t68 != 0) {
						L25:
						_t69 = _v4112;
						if(_t69 != 0) {
							GlobalFree(_t69);
						}
						E032BEF40(_t119,  &_v4104, 0, 0x800);
						E032BEF40(_t119,  &_v2056, 0, 0x800);
						_t135 = _t134 + 0x18;
						MultiByteToWideChar(0, 0, _t119, 0xffffffff,  &_v4104, 0x400);
						MultiByteToWideChar(0, 0, _v4116, 0xffffffff,  &_v2056, 0x400);
						if(_t119 != 0) {
							GlobalFree(_t119);
						}
						_t78 = _v4116;
						if(_t78 != 0) {
							GlobalFree(_t78);
						}
						_push( &_v2056);
						_t128 = E032BA860( &_v4124,  &_v4104, _v4108);
						E032B1F00();
						E032B1F70(_t128);
						_t132 = _t135 + 4;
						if(_t128 != 0) {
							goto L40;
						} else {
							_push("success");
							goto L41;
						}
					}
					_t108 = _v4112;
					_t114 = "UDP";
					while(1) {
						_t87 =  *_t108;
						if(_t87 !=  *_t114) {
							break;
						}
						if(_t87 == 0) {
							L13:
							_t88 = 0;
							L15:
							if(_t88 != 0) {
								_t89 = _v4112;
								_t109 = "TCP";
								while(1) {
									_t115 =  *_t89;
									if(_t115 !=  *_t109) {
										break;
									}
									if(_t115 == 0) {
										L22:
										L24:
										_t129 =  ==  ? 6 : 0x100;
										_v4108 =  ==  ? 6 : 0x100;
										goto L25;
									}
									_t116 =  *((intOrPtr*)(_t89 + 1));
									if(_t116 != _t109[1]) {
										break;
									}
									_t89 = _t89 + 2;
									_t109 =  &(_t109[2]);
									if(_t116 != 0) {
										continue;
									}
									goto L22;
								}
								asm("sbb eax, eax");
								goto L24;
							}
							_v4108 = 0x11;
							goto L25;
						}
						_t87 =  *((intOrPtr*)(_t108 + 1));
						if(_t87 != _t114[1]) {
							break;
						}
						_t108 = _t108 + 2;
						_t114 =  &(_t114[2]);
						if(_t87 != 0) {
							continue;
						}
						goto L13;
					}
					asm("sbb eax, eax");
					_t88 = _t87 | 0x00000001;
					goto L15;
				}
				E032B1F00();
				if( *0x32efef8 != 0) {
					_t130 = GlobalAlloc(0x40,  *0x32efef4 + 8);
					_t7 = _t130 + 4; // 0x4
					lstrcpynA(_t7, "error",  *0x32efef4);
					_t117 =  *0x32efef8;
					 *_t130 =  *_t117;
					 *_t117 = _t130;
				}
				goto L42;
			}






































                                                                                                                                  0x032b2bb8
                                                                                                                                  0x032b2bbd
                                                                                                                                  0x032b2bc4
                                                                                                                                  0x032b2bce
                                                                                                                                  0x032b2bd6
                                                                                                                                  0x032b2be3
                                                                                                                                  0x032b2be8
                                                                                                                                  0x032b2bfa
                                                                                                                                  0x032b2c51
                                                                                                                                  0x032b2c57
                                                                                                                                  0x032b2c5d
                                                                                                                                  0x032b2c61
                                                                                                                                  0x032b2e5e
                                                                                                                                  0x032b2e60
                                                                                                                                  0x032b2e63
                                                                                                                                  0x032b2e63
                                                                                                                                  0x032b2e69
                                                                                                                                  0x032b2e69
                                                                                                                                  0x032b2e6e
                                                                                                                                  0x032b2e6e
                                                                                                                                  0x032b2e73
                                                                                                                                  0x032b2e73
                                                                                                                                  0x032b2e7c
                                                                                                                                  0x032b2e82
                                                                                                                                  0x032b2e96
                                                                                                                                  0x032b2e96
                                                                                                                                  0x032b2c67
                                                                                                                                  0x032b2c6b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2c76
                                                                                                                                  0x032b2c8a
                                                                                                                                  0x032b2c8c
                                                                                                                                  0x032b2c9d
                                                                                                                                  0x032b2c9f
                                                                                                                                  0x032b2ca4
                                                                                                                                  0x032b2cac
                                                                                                                                  0x032b2e4e
                                                                                                                                  0x032b2e50
                                                                                                                                  0x032b2e53
                                                                                                                                  0x032b2e53
                                                                                                                                  0x032b2e57
                                                                                                                                  0x032b2e5a
                                                                                                                                  0x032b2e5a
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2e57
                                                                                                                                  0x032b2cb2
                                                                                                                                  0x032b2cb4
                                                                                                                                  0x032b2cbc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2cc7
                                                                                                                                  0x032b2ccd
                                                                                                                                  0x032b2cdb
                                                                                                                                  0x032b2cdd
                                                                                                                                  0x032b2cea
                                                                                                                                  0x032b2cfa
                                                                                                                                  0x032b2d00
                                                                                                                                  0x032b2d05
                                                                                                                                  0x032b2d0a
                                                                                                                                  0x032b2d95
                                                                                                                                  0x032b2d95
                                                                                                                                  0x032b2d9d
                                                                                                                                  0x032b2da0
                                                                                                                                  0x032b2da0
                                                                                                                                  0x032b2db0
                                                                                                                                  0x032b2dc3
                                                                                                                                  0x032b2dd4
                                                                                                                                  0x032b2de4
                                                                                                                                  0x032b2dfe
                                                                                                                                  0x032b2e02
                                                                                                                                  0x032b2e05
                                                                                                                                  0x032b2e05
                                                                                                                                  0x032b2e07
                                                                                                                                  0x032b2e0f
                                                                                                                                  0x032b2e12
                                                                                                                                  0x032b2e12
                                                                                                                                  0x032b2e1a
                                                                                                                                  0x032b2e33
                                                                                                                                  0x032b2e35
                                                                                                                                  0x032b2e3b
                                                                                                                                  0x032b2e40
                                                                                                                                  0x032b2e45
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2e47
                                                                                                                                  0x032b2e47
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2e47
                                                                                                                                  0x032b2e45
                                                                                                                                  0x032b2d10
                                                                                                                                  0x032b2d16
                                                                                                                                  0x032b2d20
                                                                                                                                  0x032b2d20
                                                                                                                                  0x032b2d24
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2d28
                                                                                                                                  0x032b2d3c
                                                                                                                                  0x032b2d3c
                                                                                                                                  0x032b2d45
                                                                                                                                  0x032b2d47
                                                                                                                                  0x032b2d55
                                                                                                                                  0x032b2d5b
                                                                                                                                  0x032b2d60
                                                                                                                                  0x032b2d60
                                                                                                                                  0x032b2d64
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2d68
                                                                                                                                  0x032b2d7c
                                                                                                                                  0x032b2d85
                                                                                                                                  0x032b2d8c
                                                                                                                                  0x032b2d8f
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2d8f
                                                                                                                                  0x032b2d6a
                                                                                                                                  0x032b2d70
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2d72
                                                                                                                                  0x032b2d75
                                                                                                                                  0x032b2d7a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2d7a
                                                                                                                                  0x032b2d80
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2d82
                                                                                                                                  0x032b2d49
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2d49
                                                                                                                                  0x032b2d2a
                                                                                                                                  0x032b2d30
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2d32
                                                                                                                                  0x032b2d35
                                                                                                                                  0x032b2d3a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2d3a
                                                                                                                                  0x032b2d40
                                                                                                                                  0x032b2d42
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2d42
                                                                                                                                  0x032b2bfc
                                                                                                                                  0x032b2c08
                                                                                                                                  0x032b2c25
                                                                                                                                  0x032b2c2c
                                                                                                                                  0x032b2c30
                                                                                                                                  0x032b2c36
                                                                                                                                  0x032b2c3e
                                                                                                                                  0x032b2c40
                                                                                                                                  0x032b2c40
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2C19
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B2C30
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2C51
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B2C76
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2C8C
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2C97
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B2CC7
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2CDD
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2CF3
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2DA0
                                                                                                                                    • Part of subcall function 032B1F00: GlobalFree.KERNEL32 ref: 032B1F1B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFree$lstrcpy$lstrcpyn
                                                                                                                                  • String ID: TCP$UDP$error$success
                                                                                                                                  • API String ID: 1080806646-1822439350
                                                                                                                                  • Opcode ID: 04dc4f18ff3236c6da8ecc81677f0cc269a107aee74d10f051eec24639825034
                                                                                                                                  • Instruction ID: 9cfdb9f7ff9fc0feb452e0efbaf4e64623d3a6a096d9e172b1b6a9bdd12bf7c8
                                                                                                                                  • Opcode Fuzzy Hash: 04dc4f18ff3236c6da8ecc81677f0cc269a107aee74d10f051eec24639825034
                                                                                                                                  • Instruction Fuzzy Hash: ED811775920326EFD721DF24DD45BEA73B8AF08780F098594E959EB245DBB0E9C0CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AD5B0 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 215stringmemorysleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E032AD5B0(CHAR* _a4, CHAR* _a8, intOrPtr _a12, struct HWND__*** _a16) {
				void* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				struct HWND__* _v20;
				void* _t60;
				signed int _t71;
				signed int _t97;
				void* _t102;
				int _t103;
				void* _t106;
				void* _t107;
				void* _t108;
				signed int _t109;
				struct HWND__* _t111;
				void** _t115;
				void* _t116;
				signed int _t118;
				struct HWND__*** _t120;
				struct HWND__** _t121;
				void _t122;
				void _t123;
				void _t124;
				void* _t125;
				void* _t126;

				_t120 = _a16;
				if(_t120[1] != 0) {
					L5:
					_v12 = 0;
					_v8 = GlobalAlloc(0x40,  *0x32efcd0);
					if( *0x32efcd4 != 0) {
						_t123 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t11 = _t123 + 4; // 0x4
						lstrcpynA(_t11, _a4,  *0x32efcd0);
						_t107 =  *0x32efcd4;
						 *_t123 =  *_t107;
						 *_t107 = _t123;
						_t124 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t13 = _t124 + 4; // 0x4
						lstrcpynA(_t13, _a8,  *0x32efcd0);
						_t108 =  *0x32efcd4;
						 *_t124 =  *_t108;
						 *_t108 = _t124;
						_t120 = _a16;
					}
					wsprintfA(_v8, "%u", ( *_t120)[1]);
					_t126 = _t125 + 0xc;
					if( *0x32efcd4 != 0) {
						_t122 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t18 = _t122 + 4; // 0x4
						lstrcpynA(_t18, _v8,  *0x32efcd0);
						_t106 =  *0x32efcd4;
						 *_t122 =  *_t106;
						 *_t106 = _t122;
						_t120 = _a16;
					}
					_push( *0x32efccc);
					_push(_a12);
					if( *((intOrPtr*)( *((intOrPtr*)( *0x32ee1d8 + 4))))() != 0) {
						L33:
						LocalFree(_v8);
						return _v12;
					} else {
						_t115 =  *0x32efcd4;
						if(_t115 == 0) {
							goto L33;
						} else {
							_t116 =  *_t115;
							if(_t116 == 0) {
								goto L33;
							} else {
								_t102 = _v8;
								lstrcpyA(_t102, _t116 + 4);
								_t105 =  *_t116;
								 *( *0x32efcd4) =  *_t116;
								GlobalFree(_t116);
								if(lstrcmpiA(_t102, "true") != 0) {
									if(lstrcmpiA(_t102, "autoclose") == 0) {
										_t103 = _a16;
										_t118 = 0;
										_v12 = 1;
										while(1) {
											_t121 =  *_t120;
											if(_a16[1] != 0) {
												goto L29;
											}
											if(_t118 != 0) {
												if(_t118 == 1 || _t103 == 0) {
													goto L25;
												} else {
													goto L32;
												}
											} else {
												_t103 = IsWindow( *_t121);
												if(_t103 == 0) {
													if(_t121[2] == 0) {
														L25:
														_t61 = _t121[1];
														if(_t121[1] == 0) {
															L32:
															E032B1000(_a4);
															E032B1000(_a8);
															E032B1000("-1");
															 *((intOrPtr*)( *((intOrPtr*)( *0x32ee1d8 + 4))))(_a12,  *0x32efccc);
															_v12 = 0;
														} else {
															E032AF880(_t61);
															_t126 = _t126 + 4;
															Sleep(0x1f4);
															goto L27;
														}
													} else {
														_t105 =  *0x32efc68;
														E032B74E0( *0x32efc68, _t121[1]);
														_t118 = 1;
														goto L28;
													}
												} else {
													E032ADD80( *_t121);
													_t126 = _t126 + 4;
													_t118 = 1;
													Sleep(0x7d0);
													L27:
													L28:
													_v16 = 0;
													_v20 = _t121[1];
													_t71 = E032B79F0(_t105, E032AEAA0,  &_v20);
													asm("sbb eax, eax");
													_t60 =  ~_t71 + 1;
													L30:
													if(_t60 != 0) {
														_t120 = _a16;
														continue;
													}
												}
											}
											goto L33;
											L29:
											_t60 = E032AF7B0(_t105,  *_t121);
											_t126 = _t126 + 4;
											goto L30;
										}
									}
									goto L33;
								} else {
									_v12 = 1;
									LocalFree(_t102);
									return _v12;
								}
							}
						}
					}
				} else {
					_t109 =  *0x32efc58;
					_t111 = ( *_t120)[1];
					_t97 = 0;
					if(_t109 == 0) {
						L4:
						 *(0x32ef458 + _t109 * 4) = _t111;
						 *0x32efc58 = _t109 + 1;
						goto L5;
					} else {
						while( *((intOrPtr*)(0x32ef458 + _t97 * 4)) != _t111) {
							_t97 = _t97 + 1;
							if(_t97 < _t109) {
								continue;
							} else {
								goto L4;
							}
							goto L34;
						}
						return 1;
					}
				}
				L34:
			}



























                                                                                                                                  0x032ad5b7
                                                                                                                                  0x032ad5be
                                                                                                                                  0x032ad5f1
                                                                                                                                  0x032ad601
                                                                                                                                  0x032ad617
                                                                                                                                  0x032ad61a
                                                                                                                                  0x032ad62f
                                                                                                                                  0x032ad634
                                                                                                                                  0x032ad638
                                                                                                                                  0x032ad63a
                                                                                                                                  0x032ad642
                                                                                                                                  0x032ad64c
                                                                                                                                  0x032ad659
                                                                                                                                  0x032ad65e
                                                                                                                                  0x032ad662
                                                                                                                                  0x032ad664
                                                                                                                                  0x032ad66c
                                                                                                                                  0x032ad66e
                                                                                                                                  0x032ad670
                                                                                                                                  0x032ad670
                                                                                                                                  0x032ad680
                                                                                                                                  0x032ad686
                                                                                                                                  0x032ad690
                                                                                                                                  0x032ad6a5
                                                                                                                                  0x032ad6aa
                                                                                                                                  0x032ad6ae
                                                                                                                                  0x032ad6b0
                                                                                                                                  0x032ad6b8
                                                                                                                                  0x032ad6ba
                                                                                                                                  0x032ad6bc
                                                                                                                                  0x032ad6bc
                                                                                                                                  0x032ad6c4
                                                                                                                                  0x032ad6ca
                                                                                                                                  0x032ad6d4
                                                                                                                                  0x032ad845
                                                                                                                                  0x032ad848
                                                                                                                                  0x032ad857
                                                                                                                                  0x032ad6da
                                                                                                                                  0x032ad6da
                                                                                                                                  0x032ad6e2
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad6e8
                                                                                                                                  0x032ad6e8
                                                                                                                                  0x032ad6ec
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad6f2
                                                                                                                                  0x032ad6f2
                                                                                                                                  0x032ad6fa
                                                                                                                                  0x032ad705
                                                                                                                                  0x032ad708
                                                                                                                                  0x032ad70a
                                                                                                                                  0x032ad720
                                                                                                                                  0x032ad74e
                                                                                                                                  0x032ad754
                                                                                                                                  0x032ad757
                                                                                                                                  0x032ad759
                                                                                                                                  0x032ad760
                                                                                                                                  0x032ad763
                                                                                                                                  0x032ad769
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad771
                                                                                                                                  0x032ad7b5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad773
                                                                                                                                  0x032ad77b
                                                                                                                                  0x032ad77f
                                                                                                                                  0x032ad79b
                                                                                                                                  0x032ad7bb
                                                                                                                                  0x032ad7bb
                                                                                                                                  0x032ad7c0
                                                                                                                                  0x032ad80e
                                                                                                                                  0x032ad811
                                                                                                                                  0x032ad819
                                                                                                                                  0x032ad823
                                                                                                                                  0x032ad83c
                                                                                                                                  0x032ad83e
                                                                                                                                  0x032ad7c2
                                                                                                                                  0x032ad7c3
                                                                                                                                  0x032ad7c8
                                                                                                                                  0x032ad7d0
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad7d0
                                                                                                                                  0x032ad79d
                                                                                                                                  0x032ad7a0
                                                                                                                                  0x032ad7a6
                                                                                                                                  0x032ad7ab
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad7ab
                                                                                                                                  0x032ad781
                                                                                                                                  0x032ad783
                                                                                                                                  0x032ad788
                                                                                                                                  0x032ad78b
                                                                                                                                  0x032ad7d0
                                                                                                                                  0x032ad7d0
                                                                                                                                  0x032ad7d6
                                                                                                                                  0x032ad7d6
                                                                                                                                  0x032ad7e0
                                                                                                                                  0x032ad7ec
                                                                                                                                  0x032ad7f3
                                                                                                                                  0x032ad7f5
                                                                                                                                  0x032ad802
                                                                                                                                  0x032ad804
                                                                                                                                  0x032ad806
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad806
                                                                                                                                  0x032ad804
                                                                                                                                  0x032ad77f
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad7f8
                                                                                                                                  0x032ad7fa
                                                                                                                                  0x032ad7ff
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad7ff
                                                                                                                                  0x032ad760
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad722
                                                                                                                                  0x032ad723
                                                                                                                                  0x032ad72a
                                                                                                                                  0x032ad739
                                                                                                                                  0x032ad739
                                                                                                                                  0x032ad720
                                                                                                                                  0x032ad6ec
                                                                                                                                  0x032ad6e2
                                                                                                                                  0x032ad5c0
                                                                                                                                  0x032ad5c2
                                                                                                                                  0x032ad5c8
                                                                                                                                  0x032ad5cb
                                                                                                                                  0x032ad5cf
                                                                                                                                  0x032ad5e3
                                                                                                                                  0x032ad5e3
                                                                                                                                  0x032ad5eb
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad5d1
                                                                                                                                  0x032ad5d1
                                                                                                                                  0x032ad5de
                                                                                                                                  0x032ad5e1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad5e1
                                                                                                                                  0x032ad743
                                                                                                                                  0x032ad743
                                                                                                                                  0x032ad5cf
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,0000000C), ref: 032AD608
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032AD627
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,00000000), ref: 032AD638
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032AD651
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,?), ref: 032AD662
                                                                                                                                  • wsprintfA.USER32 ref: 032AD680
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032AD69D
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,?), ref: 032AD6AE
                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000), ref: 032AD6FA
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AD70A
                                                                                                                                  • lstrcmpiA.KERNEL32(?,true), ref: 032AD71C
                                                                                                                                  • LocalFree.KERNEL32(?), ref: 032AD72A
                                                                                                                                  • lstrcmpiA.KERNEL32(?,autoclose), ref: 032AD74A
                                                                                                                                  • IsWindow.USER32(?), ref: 032AD775
                                                                                                                                  • Sleep.KERNEL32(000001F4), ref: 032AD7D0
                                                                                                                                  • LocalFree.KERNEL32(?), ref: 032AD848
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloc$Freelstrcpyn$Locallstrcmpi$SleepWindowlstrcpywsprintf
                                                                                                                                  • String ID: autoclose$true
                                                                                                                                  • API String ID: 966514990-1742614948
                                                                                                                                  • Opcode ID: 43503889f29b6ab6ecb2c653d7a916da96110e4d79371260dfefcbfa9b41f78c
                                                                                                                                  • Instruction ID: 6f96e919b75824d30ca077150b5e86cce4ce34be11768a028fb1f2a6cd90166f
                                                                                                                                  • Opcode Fuzzy Hash: 43503889f29b6ab6ecb2c653d7a916da96110e4d79371260dfefcbfa9b41f78c
                                                                                                                                  • Instruction Fuzzy Hash: E081CF76A10215EFDB10EF6CFD89A59BBB8FF48305F258064ED04AB654DB72E890CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B72A0 Relevance: 30.2, APIs: 20, Instructions: 172windowservicethreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 75%
                                                                                                                                  			E032B72A0(void* __ebx, struct HINSTANCE__** __ecx, void* __edi, char* __esi, intOrPtr _a44, char _a48) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v40;
				char _v44;
				void _v56;
				char* _v60;
				struct HWND__* _v64;
				void* _v68;
				char _v72;
				struct tagMSG _v100;
				void* __ebp;
				signed int _t34;
				void* _t38;
				intOrPtr _t40;
				intOrPtr _t46;
				int _t47;
				struct HINSTANCE__** _t71;
				intOrPtr* _t78;
				void* _t79;
				void* _t80;
				struct HINSTANCE__* _t81;
				struct HWND__* _t86;
				int* _t90;
				CHAR* _t91;
				struct HWND__* _t92;
				signed int _t94;

				_t34 =  *0x32ed474; // 0x444d31ba
				_v8 = _t34 ^ _t94;
				asm("movups xmm1, [ebp+0x8]");
				asm("movups xmm0, [ebp+0x18]");
				_push(__esi);
				asm("movd esi, xmm1");
				_t71 = __ecx;
				asm("movups [ebp-0x20], xmm0");
				_v12 = _a44;
				asm("movq xmm0, [ebp+0x28]");
				asm("movq [ebp-0x10], xmm0");
				_v60 = __esi;
				if(__esi != 0) {
					_t38 = OpenServiceA( *(__ecx + 8), __esi, 0x24);
					_v56 = _t38;
					if(_t38 != 0) {
						__imp__QueryServiceStatusEx(_t38, 0,  &_v44, 0x24,  &_v72);
						if(_t38 != 0) {
							_t40 = _v40;
							if(_t40 != 1 && _t40 != 3) {
								if(_a48 != 0) {
									E032B7550(_t71, __edi, __esi,  &_v56);
								} else {
									 *0x32eff84 = 0;
									_v68 = CreateThread(0, 0, E032B7550,  &_v56, 0, 0);
									_v64 = CreateDialogParamA( *_t71, 0x68, _t71[1], E032B6F90, 0);
									EnableWindow(_t71[1], 0);
									_t78 = __esi;
									_t16 = _t78 + 1; // 0x32ad7ac
									_t80 = _t16;
									do {
										_t46 =  *_t78;
										_t78 = _t78 + 1;
									} while (_t46 != 0);
									_t79 = _t78 - _t80;
									_t81 = _t71[5];
									_t90 =  &(_t81->i);
									do {
										_t47 = _t81->i;
										_t81 =  &(_t81->i);
										_t105 = _t47;
									} while (_t47 != 0);
									_push(__edi);
									_t19 = _t79 - 1; // 0x32ad7ab
									_push(_t19 + _t81 - _t90);
									_t91 = E032BD9DC(_t105);
									E032B75F0(_t79, _t91, _t19 + _t81 - _t90, _t71[5], _v60);
									_t86 = _v64;
									SetWindowTextA(_t86, _t91);
									ShowWindow(_t86, 5);
									_t92 = GetDlgItem(_t86, 0x4d2);
									SetWindowLongA(_t92, 0xfffffff0, GetWindowLongA(_t92, 0xfffffff0) | 0x00000008);
									SendMessageA(_t92, 0x40a, 1, 0x64);
									while( *0x32eff84 == 0) {
										if(GetMessageA( &_v100, 0, 0, 0) == 0 || IsDialogMessageA(_t86,  &_v100) != 0 || IsDialogMessageA(_t71[1],  &_v100) != 0) {
											goto L17;
										} else {
											if(_v100.message != 0x12) {
												TranslateMessage( &_v100);
												DispatchMessageA( &_v100);
												goto L17;
											}
										}
										goto L18;
										L17:
									}
									L18:
									EnableWindow(_t71[1], 1);
									DestroyWindow(_t86);
									CloseHandle(_v68);
								}
							}
						}
						_t38 = _v56;
					}
					CloseServiceHandle(_t38);
				}
				return E032BD98D(_v8 ^ _t94);
			}





























                                                                                                                                  0x032b72a6
                                                                                                                                  0x032b72ad
                                                                                                                                  0x032b72b0
                                                                                                                                  0x032b72b7
                                                                                                                                  0x032b72bc
                                                                                                                                  0x032b72bd
                                                                                                                                  0x032b72c1
                                                                                                                                  0x032b72c3
                                                                                                                                  0x032b72c7
                                                                                                                                  0x032b72ca
                                                                                                                                  0x032b72cf
                                                                                                                                  0x032b72d4
                                                                                                                                  0x032b72d9
                                                                                                                                  0x032b72e5
                                                                                                                                  0x032b72eb
                                                                                                                                  0x032b72f0
                                                                                                                                  0x032b7303
                                                                                                                                  0x032b730b
                                                                                                                                  0x032b7311
                                                                                                                                  0x032b7317
                                                                                                                                  0x032b732d
                                                                                                                                  0x032b747e
                                                                                                                                  0x032b7333
                                                                                                                                  0x032b7341
                                                                                                                                  0x032b735b
                                                                                                                                  0x032b736d
                                                                                                                                  0x032b7370
                                                                                                                                  0x032b7376
                                                                                                                                  0x032b7378
                                                                                                                                  0x032b7378
                                                                                                                                  0x032b7380
                                                                                                                                  0x032b7380
                                                                                                                                  0x032b7382
                                                                                                                                  0x032b7383
                                                                                                                                  0x032b7387
                                                                                                                                  0x032b7389
                                                                                                                                  0x032b738c
                                                                                                                                  0x032b7390
                                                                                                                                  0x032b7390
                                                                                                                                  0x032b7392
                                                                                                                                  0x032b7393
                                                                                                                                  0x032b7393
                                                                                                                                  0x032b7397
                                                                                                                                  0x032b739a
                                                                                                                                  0x032b739f
                                                                                                                                  0x032b73a8
                                                                                                                                  0x032b73af
                                                                                                                                  0x032b73b4
                                                                                                                                  0x032b73bc
                                                                                                                                  0x032b73c5
                                                                                                                                  0x032b73d7
                                                                                                                                  0x032b73e9
                                                                                                                                  0x032b73f9
                                                                                                                                  0x032b7406
                                                                                                                                  0x032b7422
                                                                                                                                  0x00000000
                                                                                                                                  0x032b743c
                                                                                                                                  0x032b7440
                                                                                                                                  0x032b7446
                                                                                                                                  0x032b7450
                                                                                                                                  0x00000000
                                                                                                                                  0x032b7450
                                                                                                                                  0x032b7440
                                                                                                                                  0x00000000
                                                                                                                                  0x032b7456
                                                                                                                                  0x032b7456
                                                                                                                                  0x032b745f
                                                                                                                                  0x032b7464
                                                                                                                                  0x032b746b
                                                                                                                                  0x032b7474
                                                                                                                                  0x032b747a
                                                                                                                                  0x032b732d
                                                                                                                                  0x032b7317
                                                                                                                                  0x032b7483
                                                                                                                                  0x032b7483
                                                                                                                                  0x032b7487
                                                                                                                                  0x032b7487
                                                                                                                                  0x032b749c

                                                                                                                                  APIs
                                                                                                                                  • OpenServiceA.ADVAPI32(00000000,032AD7AB,00000024,032AD7AB,00000000), ref: 032B72E5
                                                                                                                                  • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,?), ref: 032B7303
                                                                                                                                  • CreateThread.KERNEL32 ref: 032B734B
                                                                                                                                  • CreateDialogParamA.USER32(?,00000068,00000000,032B6F90,00000000), ref: 032B7362
                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 032B7370
                                                                                                                                  • SetWindowTextA.USER32(?,00000000), ref: 032B73BC
                                                                                                                                  • ShowWindow.USER32(?,00000005,?,?,?,?,?), ref: 032B73C5
                                                                                                                                  • GetDlgItem.USER32 ref: 032B73D1
                                                                                                                                  • GetWindowLongA.USER32 ref: 032B73DC
                                                                                                                                  • SetWindowLongA.USER32 ref: 032B73E9
                                                                                                                                  • SendMessageA.USER32 ref: 032B73F9
                                                                                                                                  • GetMessageA.USER32 ref: 032B741A
                                                                                                                                  • IsDialogMessageA.USER32(?,?,?,?,?,?,?), ref: 032B7429
                                                                                                                                  • IsDialogMessageA.USER32(00000000,?,?,?,?,?,?), ref: 032B7436
                                                                                                                                  • TranslateMessage.USER32(?), ref: 032B7446
                                                                                                                                  • DispatchMessageA.USER32 ref: 032B7450
                                                                                                                                  • EnableWindow.USER32(00000000,00000001), ref: 032B7464
                                                                                                                                  • DestroyWindow.USER32(?,?,?,?,?,?), ref: 032B746B
                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 032B7474
                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 032B7487
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Message$DialogService$CloseCreateEnableHandleLong$DestroyDispatchItemOpenParamQuerySendShowStatusTextThreadTranslate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 946554509-0
                                                                                                                                  • Opcode ID: 919c0a2fbf5417c1db176f45e157fcd667492243e45b5928e11b1d18127192f8
                                                                                                                                  • Instruction ID: abd5da1626d1574d4fd3e6423a7df31cd4c2cd651f99d2d9d7e65911c168a7df
                                                                                                                                  • Opcode Fuzzy Hash: 919c0a2fbf5417c1db176f45e157fcd667492243e45b5928e11b1d18127192f8
                                                                                                                                  • Instruction Fuzzy Hash: 9851B031911319ABDF10EFA8ED4DFEEBB79EF49741F048144F905AA185DB70A890CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A8150 Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 338networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                  			E032A8150(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t56;
				void* _t60;
				signed int _t62;
				intOrPtr* _t64;
				void* _t74;
				intOrPtr _t77;
				intOrPtr* _t90;
				int _t97;
				void* _t107;
				void* _t120;
				void* _t124;
				void* _t158;
				signed int _t169;
				void* _t176;
				void* _t177;
				void* _t182;
				intOrPtr _t183;
				void* _t188;
				intOrPtr* _t195;
				signed int _t201;
				signed int _t202;
				void* _t203;
				signed int _t204;
				void* _t205;
				void* _t206;
				void* _t207;
				signed int _t210;
				void* _t211;

				_t182 = __esi;
				_t120 = __ebx;
				_t56 =  *0x32ed474; // 0x444d31ba
				 *(_t201 + 0x62c) = _t56 ^ _t201;
				_push(__edi);
				E032A3960(_t56 ^ _t201);
				_t60 = E032A4810(1, _t201 + 0xc);
				_t202 = _t201 + 4;
				if(_t60 != 0) {
					_push(__esi);
					_t128 = 0xb;
					_t62 = E032A4B90( *((intOrPtr*)(_t202 + 0xc)), 2);
					_t203 = _t202 + 4;
					asm("sbb edi, edi");
					_t169 =  ~_t62 + 1;
					if( *0x32f2b8c != 0) {
						L16:
						_push(_t120);
						if(_t169 != 0 ||  *0x32f2b90 != _t169) {
							L29:
							_t33 = _t169 + 0x18; // 0x18
							asm("sbb ebx, ebx");
							_t124 = ( ~_t33 & 0x0000008f) + 0x8b;
							_push(_t124);
							_t183 = E032C64F9(_t128);
							_push(0x18);
							 *((intOrPtr*)(_t203 + 0x18)) = _t183;
							_t64 = E032C64F9(_t128);
							_t204 = _t203 + 8;
							_t195 = _t64;
							if(_t183 == 0 || _t195 == 0) {
								E032A3960(_t64);
							} else {
								E032BEF40(_t169, _t183, 0, _t124);
								 *_t195 = 0;
								_t36 = _t124 - 0x18; // -139
								 *((intOrPtr*)(_t195 + 4)) = 0;
								 *((intOrPtr*)(_t195 + 8)) = 0;
								 *((intOrPtr*)(_t195 + 0xc)) = 0;
								asm("sbb ecx, ecx");
								 *((intOrPtr*)(_t195 + 0x10)) = 0;
								 *((intOrPtr*)(_t195 + 0x14)) = 0;
								E032A48A0(_t183, ( ~_t169 & 0xffffffe7) + 0x5b,  *((intOrPtr*)( *((intOrPtr*)(_t204 + 0x20)) + 0x10)), _t36);
								_t205 = _t204 + 0x10;
								if(_t169 == 0) {
									_t47 = _t183 + 0x18; // 0x18
									memcpy(_t47, 0x32ed320, 0x22 << 2);
									_t206 = _t205 + 0xc;
									asm("movsw");
									asm("movsb");
									_t183 =  *((intOrPtr*)(_t206 + 0x10));
								} else {
									_t43 = _t183 + 0x3a; // 0x3a
									_t176 = _t43;
									E032C6BF0(_t176, 0x32ed321, 0x20);
									 *((char*)(_t176 + 0x1f)) = 0;
									_t45 = _t183 + 0x5a; // 0x5a
									_t177 = _t45;
									E032C6BF0(_t177, 0x32ed377, 0x20);
									_t206 = _t205 + 0x18;
									 *((char*)(_t177 + 0x1f)) = 0;
								}
								_t74 = E032A8110(_t195,  *((intOrPtr*)(_t206 + 0x14)) + 0x14,  *((intOrPtr*)(_t206 + 0x14)), _t183, 0x18);
								_t207 = _t206 + 8;
								if(_t74 != 0) {
									E032C5A6B(_t183);
									E032C5A6B(_t195);
									_t204 = _t207 + 8;
								} else {
									_t77 =  *((intOrPtr*)(_t195 + 8));
									if(_t77 != 0) {
										_push(_t77);
										E032A3960(_t77);
										E032C5A6B(_t183);
										E032C5A6B(_t195);
										_t204 = _t207 + 0xc;
									} else {
										E032A3960(_t77);
										E032C5A6B(_t183);
										E032C5A6B(_t195);
										_t204 = _t207 + 8;
									}
								}
							}
						} else {
							_push(0x32ed351);
							_t86 = E032A48C0(0x32ed341, _t169, _t182);
							_t204 = _t203 + 4;
							if(_t86 == 0 || E032A4D00(_t169, 0x32ed357) == 0) {
								L22:
							} else {
								_t86 = E032A49D0();
								 *0x32ed397 = _t86;
								if(_t86 == 0 || E032A4A60(_t169, 0x32ed39b, 1) == 0) {
									goto L22;
								} else {
									 *((char*)(_t204 + 0x1c8)) = 0;
									_t188 = 0;
									do {
										_t26 = _t188 + 0x32ed351; // 0x0
										swprintf(_t204 + 0x1cc, 0x64, "%s%2X-", _t204 + 0x1cc,  *_t26 & 0x000000ff);
										_t188 = _t188 + 1;
										_t204 = _t204 + 0x14;
									} while (_t188 < 6);
									_t90 = _t204 + 0x1c8;
									_t158 = _t90 + 1;
									do {
										_t128 =  *_t90;
										_t90 = _t90 + 1;
									} while (_t128 != 0);
									 *((char*)(_t204 + _t90 - _t158 + 0x1c7)) = 0;
									_push(0x32ed357);
									_push(_t204 + 0x1cc);
									E032A3960(_t204 + 0x1cc);
									_t203 = _t204 + 8;
									 *0x32f2b90 = 1;
									goto L29;
								}
							}
						}
						return E032BD98D( *(_t204 + 0x63c) ^ _t204);
					} else {
						_push(_t203 + 0x14);
						_push(1);
						L032BD963();
						if(_t62 != 0) {
							L032BD915();
							_push(_t62);
							E032A3960(_t62);
							return E032BD98D( *(_t203 + 0x630) ^ _t203 + 0x00000004);
						} else {
							_t97 = gethostname(_t203 + 0x1a8, 0x20);
							if(_t97 == 0) {
								 *((char*)(_t203 + 0x1cf)) = 0;
								_t97 = E032C6BF0(0x32ed321, _t203 + 0x1a8, 0x20);
								_t203 = _t203 + 0xc;
								_push(_t203 + 0x1a4);
								L032BD969();
								if(_t97 == 0) {
									goto L5;
								} else {
									_push(0x10);
									L032BD91B();
									E032C6BF0(0x32ed341,  *((intOrPtr*)( *((intOrPtr*)(_t97 + 0xc)))),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t97 + 0xc)))))));
									_t210 = _t203 + 0xc;
								}
							} else {
								L5:
								L032BD915();
								_push(_t97);
								E032A3960(_t97);
								_t210 = _t203 + 4;
								_t182 = 0xffffffff;
							}
							L032BD90F();
							if(_t182 == 0) {
								if(GetModuleFileNameA(0, _t210 + 0x22c, 0x104) != 0) {
									E032C6F66(_t210 + 0x238, _t210 + 0x18, _t210 + 0x53c, _t210 + 0x434, _t210 + 0x32c);
									_push(_t210 + 0x340);
									_t128 = _t210 + 0x244;
									E032B6CF0(_t210 + 0x244, "%s%s", _t210 + 0x448);
									E032C6BF0(0x32ed377, _t210 + 0x250, 0x20);
									_t107 = E032C6FD1(_t120, 0x32ed321, 0x20);
									_t211 = _t210 + 0x38;
									if(_t107 != 0) {
										_t107 = E032C6FD1(_t120, 0x32ed377, 0x20);
										_t211 = _t211 + 8;
										if(_t107 != 0) {
											_t107 = E032C6FD1(_t120, 0x32ed341, 0x10);
											_t211 = _t211 + 8;
										}
									}
									_push(0x32ed377);
									_push(0x32ed341);
									_push(0x32ed321);
									E032A3960(_t107);
									_t203 = _t211 + 0xc;
									 *0x32f2b8c = 1;
									goto L16;
								} else {
									_push(GetLastError());
									E032A3960(_t109);
									return E032BD98D( *(_t210 + 0x630) ^ _t210 + 0x00000004);
								}
							} else {
								return E032BD98D( *(_t210 + 0x62c) ^ _t210);
							}
						}
					}
				} else {
					E032A3960(_t60);
					return E032BD98D( *(_t202 + 0x62c) ^ _t202);
				}
			}
































                                                                                                                                  0x032a8150
                                                                                                                                  0x032a8150
                                                                                                                                  0x032a8156
                                                                                                                                  0x032a815d
                                                                                                                                  0x032a8165
                                                                                                                                  0x032a8166
                                                                                                                                  0x032a8177
                                                                                                                                  0x032a817c
                                                                                                                                  0x032a8181
                                                                                                                                  0x032a81a6
                                                                                                                                  0x032a81a9
                                                                                                                                  0x032a81ae
                                                                                                                                  0x032a81b3
                                                                                                                                  0x032a81ba
                                                                                                                                  0x032a81bc
                                                                                                                                  0x032a81c5
                                                                                                                                  0x032a836b
                                                                                                                                  0x032a836d
                                                                                                                                  0x032a836e
                                                                                                                                  0x032a8460
                                                                                                                                  0x032a8460
                                                                                                                                  0x032a8465
                                                                                                                                  0x032a846d
                                                                                                                                  0x032a8473
                                                                                                                                  0x032a8479
                                                                                                                                  0x032a847b
                                                                                                                                  0x032a847d
                                                                                                                                  0x032a8481
                                                                                                                                  0x032a8486
                                                                                                                                  0x032a848b
                                                                                                                                  0x032a848d
                                                                                                                                  0x032a858f
                                                                                                                                  0x032a849b
                                                                                                                                  0x032a849f
                                                                                                                                  0x032a84aa
                                                                                                                                  0x032a84ad
                                                                                                                                  0x032a84b1
                                                                                                                                  0x032a84b4
                                                                                                                                  0x032a84bb
                                                                                                                                  0x032a84be
                                                                                                                                  0x032a84c0
                                                                                                                                  0x032a84c3
                                                                                                                                  0x032a84d1
                                                                                                                                  0x032a84d6
                                                                                                                                  0x032a84db
                                                                                                                                  0x032a850a
                                                                                                                                  0x032a8517
                                                                                                                                  0x032a8517
                                                                                                                                  0x032a8519
                                                                                                                                  0x032a851b
                                                                                                                                  0x032a851c
                                                                                                                                  0x032a84dd
                                                                                                                                  0x032a84df
                                                                                                                                  0x032a84df
                                                                                                                                  0x032a84e8
                                                                                                                                  0x032a84ef
                                                                                                                                  0x032a84f3
                                                                                                                                  0x032a84f3
                                                                                                                                  0x032a84fc
                                                                                                                                  0x032a8501
                                                                                                                                  0x032a8504
                                                                                                                                  0x032a8504
                                                                                                                                  0x032a8532
                                                                                                                                  0x032a8537
                                                                                                                                  0x032a853c
                                                                                                                                  0x032a857f
                                                                                                                                  0x032a8585
                                                                                                                                  0x032a858a
                                                                                                                                  0x032a853e
                                                                                                                                  0x032a853e
                                                                                                                                  0x032a8543
                                                                                                                                  0x032a855d
                                                                                                                                  0x032a855e
                                                                                                                                  0x032a856a
                                                                                                                                  0x032a8570
                                                                                                                                  0x032a8575
                                                                                                                                  0x032a8545
                                                                                                                                  0x032a8545
                                                                                                                                  0x032a854d
                                                                                                                                  0x032a8553
                                                                                                                                  0x032a8558
                                                                                                                                  0x032a8558
                                                                                                                                  0x032a8543
                                                                                                                                  0x032a853c
                                                                                                                                  0x032a8380
                                                                                                                                  0x032a8380
                                                                                                                                  0x032a838a
                                                                                                                                  0x032a838f
                                                                                                                                  0x032a8394
                                                                                                                                  0x032a83c2
                                                                                                                                  0x032a83a4
                                                                                                                                  0x032a83a4
                                                                                                                                  0x032a83ad
                                                                                                                                  0x032a83b2
                                                                                                                                  0x00000000
                                                                                                                                  0x032a83f3
                                                                                                                                  0x032a83f3
                                                                                                                                  0x032a83fa
                                                                                                                                  0x032a8400
                                                                                                                                  0x032a8400
                                                                                                                                  0x032a841a
                                                                                                                                  0x032a841f
                                                                                                                                  0x032a8421
                                                                                                                                  0x032a8424
                                                                                                                                  0x032a8429
                                                                                                                                  0x032a8430
                                                                                                                                  0x032a8433
                                                                                                                                  0x032a8433
                                                                                                                                  0x032a8435
                                                                                                                                  0x032a8438
                                                                                                                                  0x032a843e
                                                                                                                                  0x032a8445
                                                                                                                                  0x032a8451
                                                                                                                                  0x032a8452
                                                                                                                                  0x032a8457
                                                                                                                                  0x032a845a
                                                                                                                                  0x00000000
                                                                                                                                  0x032a845a
                                                                                                                                  0x032a83b2
                                                                                                                                  0x032a8394
                                                                                                                                  0x032a85b2
                                                                                                                                  0x032a81cb
                                                                                                                                  0x032a81cf
                                                                                                                                  0x032a81d0
                                                                                                                                  0x032a81d1
                                                                                                                                  0x032a81d8
                                                                                                                                  0x032a83ca
                                                                                                                                  0x032a83cf
                                                                                                                                  0x032a83d0
                                                                                                                                  0x032a83f2
                                                                                                                                  0x032a81de
                                                                                                                                  0x032a81ea
                                                                                                                                  0x032a81f1
                                                                                                                                  0x032a8215
                                                                                                                                  0x032a821d
                                                                                                                                  0x032a8222
                                                                                                                                  0x032a822c
                                                                                                                                  0x032a822d
                                                                                                                                  0x032a8234
                                                                                                                                  0x00000000
                                                                                                                                  0x032a8236
                                                                                                                                  0x032a823d
                                                                                                                                  0x032a8240
                                                                                                                                  0x032a824b
                                                                                                                                  0x032a8250
                                                                                                                                  0x032a8250
                                                                                                                                  0x032a81f3
                                                                                                                                  0x032a81f3
                                                                                                                                  0x032a81f3
                                                                                                                                  0x032a81f8
                                                                                                                                  0x032a81f9
                                                                                                                                  0x032a81fe
                                                                                                                                  0x032a8201
                                                                                                                                  0x032a8201
                                                                                                                                  0x032a8253
                                                                                                                                  0x032a825a
                                                                                                                                  0x032a828d
                                                                                                                                  0x032a82de
                                                                                                                                  0x032a82ea
                                                                                                                                  0x032a82f3
                                                                                                                                  0x032a8300
                                                                                                                                  0x032a8314
                                                                                                                                  0x032a8320
                                                                                                                                  0x032a8325
                                                                                                                                  0x032a832a
                                                                                                                                  0x032a8333
                                                                                                                                  0x032a8338
                                                                                                                                  0x032a833d
                                                                                                                                  0x032a8346
                                                                                                                                  0x032a834b
                                                                                                                                  0x032a834b
                                                                                                                                  0x032a833d
                                                                                                                                  0x032a834e
                                                                                                                                  0x032a8353
                                                                                                                                  0x032a8358
                                                                                                                                  0x032a835d
                                                                                                                                  0x032a8362
                                                                                                                                  0x032a8365
                                                                                                                                  0x00000000
                                                                                                                                  0x032a828f
                                                                                                                                  0x032a8295
                                                                                                                                  0x032a8296
                                                                                                                                  0x032a82b8
                                                                                                                                  0x032a82b8
                                                                                                                                  0x032a825c
                                                                                                                                  0x032a8275
                                                                                                                                  0x032a8275
                                                                                                                                  0x032a825a
                                                                                                                                  0x032a81d8
                                                                                                                                  0x032a8183
                                                                                                                                  0x032a8183
                                                                                                                                  0x032a81a1
                                                                                                                                  0x032a81a1

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032A4810: GetCurrentThreadId.KERNEL32 ref: 032A4838
                                                                                                                                    • Part of subcall function 032A4810: GetCurrentProcessId.KERNEL32(?,032A874F,00000001,00000001,76D86490,032BB3FE,032BAD47,?,?,00000000,?,00000000,032DBCDE,000000FF,?,032ACBE6), ref: 032A483F
                                                                                                                                  • WSAStartup.WS2_32(00000001,?), ref: 032A81D1
                                                                                                                                  • gethostname.WS2_32(?,00000020), ref: 032A81EA
                                                                                                                                  • WSAGetLastError.WS2_32(00000020,00000001,?,00000000,00000000), ref: 032A81F3
                                                                                                                                  • WSACleanup.WS2_32 ref: 032A8253
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Current$CleanupErrorLastProcessStartupThreadgethostname
                                                                                                                                  • String ID: %s%2X-$%s%s
                                                                                                                                  • API String ID: 1768631116-4048649878
                                                                                                                                  • Opcode ID: 8c9017d321e4ec1400f7aa315c95a7f9b5fa177cd9e4cac69855232ef532e06e
                                                                                                                                  • Instruction ID: 4fa7d398fad820a2e0d3b1ac902a84bb6f8e889e6a4a1016aada0765b124771a
                                                                                                                                  • Opcode Fuzzy Hash: 8c9017d321e4ec1400f7aa315c95a7f9b5fa177cd9e4cac69855232ef532e06e
                                                                                                                                  • Instruction Fuzzy Hash: F7B140BA934B419FD320EF68DC41BEF77945F84710F48452CE94D5B281EBB1E5848792
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C176B Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196stringwindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                  			E031C176B(void* __edi, void* __esi, void* __eflags, signed int _a8, void* _a16) {
				char _v8;
				char* _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				CHAR* _v32;
				char* _v36;
				char _v40;
				char _v44;
				signed int _v68;
				int _v88;
				CHAR* _v92;
				intOrPtr _v108;
				void _v116;
				char _v120;
				char _v380;
				intOrPtr _t63;
				intOrPtr _t64;
				char* _t66;
				void _t70;
				int _t78;
				char _t83;
				CHAR* _t86;
				char* _t87;
				CHAR* _t88;
				int _t91;
				intOrPtr* _t95;
				intOrPtr* _t98;
				signed int _t101;
				short* _t103;
				intOrPtr _t106;
				signed int _t107;
				void* _t116;
				CHAR* _t120;
				char* _t121;
				int _t122;
				void* _t124;
				intOrPtr* _t127;
				intOrPtr _t132;
				void* _t134;

				_t124 = __esi;
				_t116 = __edi;
				_t101 = E031C103E(_a8);
				_t132 =  *0x31c6680; // 0x0
				_a8 = _t101;
				if(_t132 != 0 || _t101 < 0) {
					L36:
					return 0;
				} else {
					_t63 =  *0x31c6804; // 0x71c3d0
					_t106 =  *((intOrPtr*)(_t101 * 0x54 + _t63 + 0x20));
					_t134 = _t106 - 6;
					if(_t134 == 0) {
						_t101 = _t101 - 1;
						_a8 = _t101;
						L12:
						if(_a16 != 0) {
							goto L36;
						}
						L13:
						_push(_t124);
						_t127 = _t101 * 0x54 + _t63;
						_push(_t116);
						_t64 =  *((intOrPtr*)(_t127 + 0x20));
						if(_t64 < 7) {
							L34:
							if(( *(_t127 + 0x34) & 0x00000001) != 0) {
								 *0x31c67bc = _t101 + 1;
								SendMessageA( *0x31c67c8, 0x408, 1, 0);
							}
							goto L36;
						}
						if(_t64 <= 8) {
							_t66 =  *(_t127 + 4);
							if( *_t66 != 0) {
								ShellExecuteA( *0x31c67c8, 0, _t66, 0, 0, 0xa);
							}
							goto L34;
						}
						if(_t64 == 0xd) {
							_t107 = 0x12;
							memset( &_v116, 0, _t107 << 2);
							_t70 =  *0x31c67c4; // 0xb0384
							_v116 = _t70;
							_v108 =  *((intOrPtr*)(_t127 + 0x10));
							_v92 =  &_v380;
							_v88 = 0x104;
							_v120 = 0x4c;
							_v68 =  *(_t127 + 0x34) & 0x00083806;
							GetWindowTextA( *(_t127 + 0x38),  &_v380, 0x104);
							_t120 = "All Files|*.*";
							while(1) {
								GetCurrentDirectoryA(0x2000, _t120);
								_push( &_v120);
								if(( *(_t127 + 0x36) & 0x00000004) == 0) {
									_t78 = GetOpenFileNameA();
								} else {
									_t78 = GetSaveFileNameA();
								}
								if(_t78 != 0) {
									break;
								}
								if(_v380 == _t78 || CommDlgExtendedError() != 0x3002) {
									goto L34;
								} else {
									_v380 = _v380 & 0x00000000;
									continue;
								}
							}
							_push( &_v380);
							E031C1087( &_v380,  *(_t127 + 0x38));
							SetCurrentDirectoryA(_t120);
						} else {
							if(_t64 == 0xe) {
								_t83 =  *0x31c67c4; // 0xb0384
								_v36 = 0;
								_v40 = _t83;
								_v32 =  &_v380;
								_v28 =  *_t127;
								_t86 =  *(_t127 + 8);
								_v24 = 0x45;
								_v20 = E031C1097;
								_v16 = _t101;
								_v12 = 0;
								if(_t86 != 0) {
									_t91 = lstrlenA(_t86);
									_t20 = _t91 + 2; // 0x2
									_t122 = _t91 + _t20;
									_t103 = E031C1000(_t122);
									MultiByteToWideChar(0, 0,  *(_t127 + 8), 0xffffffff, _t103, _t122);
									__imp__SHGetDesktopFolder( &_a16);
									_t95 = _a16;
									 *((intOrPtr*)( *_t95 + 0xc))(_t95,  *0x31c67c4, 0, _t103,  &_v44,  &_v8, 0);
									_v36 = _v8;
									_t98 = _a16;
									E031C100F( *((intOrPtr*)( *_t98 + 8))(_t98), _t103);
									_t101 = _a8;
								}
								_t87 =  &_v40;
								__imp__SHBrowseForFolderA(_t87);
								_t121 = _t87;
								if(_t121 != 0) {
									_t88 =  &_v380;
									__imp__SHGetPathFromIDListA(_t121, _t88);
									if(_t88 != 0) {
										_push( &_v380);
										E031C1087( &_v380,  *(_t127 + 0x38));
									}
									__imp__CoTaskMemFree(_t121);
								}
							}
						}
						goto L34;
					}
					if(_t134 <= 0) {
						goto L36;
					}
					if(_t106 <= 8) {
						goto L12;
					}
					if(_t106 <= 9) {
						goto L36;
					}
					if(_t106 <= 0xb) {
						goto L12;
					}
					if(_t106 <= 0xe || _t106 > 0x10 || _a16 != 1) {
						goto L36;
					} else {
						goto L13;
					}
				}
			}












































                                                                                                                                  0x031c176b
                                                                                                                                  0x031c176b
                                                                                                                                  0x031c177f
                                                                                                                                  0x031c1781
                                                                                                                                  0x031c1787
                                                                                                                                  0x031c178a
                                                                                                                                  0x031c19e0
                                                                                                                                  0x031c19e4
                                                                                                                                  0x031c1798
                                                                                                                                  0x031c179a
                                                                                                                                  0x031c17a2
                                                                                                                                  0x031c17a6
                                                                                                                                  0x031c17a9
                                                                                                                                  0x031c17e1
                                                                                                                                  0x031c17e2
                                                                                                                                  0x031c17e5
                                                                                                                                  0x031c17e8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c17ee
                                                                                                                                  0x031c17ee
                                                                                                                                  0x031c17f4
                                                                                                                                  0x031c17f6
                                                                                                                                  0x031c17f7
                                                                                                                                  0x031c17fd
                                                                                                                                  0x031c19bd
                                                                                                                                  0x031c19c3
                                                                                                                                  0x031c19d5
                                                                                                                                  0x031c19db
                                                                                                                                  0x031c19db
                                                                                                                                  0x00000000
                                                                                                                                  0x031c19c3
                                                                                                                                  0x031c1806
                                                                                                                                  0x031c19a3
                                                                                                                                  0x031c19a9
                                                                                                                                  0x031c19b7
                                                                                                                                  0x031c19b7
                                                                                                                                  0x00000000
                                                                                                                                  0x031c19a9
                                                                                                                                  0x031c180f
                                                                                                                                  0x031c18f7
                                                                                                                                  0x031c18fb
                                                                                                                                  0x031c18fd
                                                                                                                                  0x031c1905
                                                                                                                                  0x031c190b
                                                                                                                                  0x031c1914
                                                                                                                                  0x031c191c
                                                                                                                                  0x031c192d
                                                                                                                                  0x031c1937
                                                                                                                                  0x031c193a
                                                                                                                                  0x031c1940
                                                                                                                                  0x031c1945
                                                                                                                                  0x031c194b
                                                                                                                                  0x031c1958
                                                                                                                                  0x031c1959
                                                                                                                                  0x031c1963
                                                                                                                                  0x031c195b
                                                                                                                                  0x031c195b
                                                                                                                                  0x031c195b
                                                                                                                                  0x031c196b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1973
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1982
                                                                                                                                  0x031c1982
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1982
                                                                                                                                  0x031c1973
                                                                                                                                  0x031c1991
                                                                                                                                  0x031c1995
                                                                                                                                  0x031c199b
                                                                                                                                  0x031c1815
                                                                                                                                  0x031c1818
                                                                                                                                  0x031c181e
                                                                                                                                  0x031c1823
                                                                                                                                  0x031c1826
                                                                                                                                  0x031c182f
                                                                                                                                  0x031c1834
                                                                                                                                  0x031c1837
                                                                                                                                  0x031c183c
                                                                                                                                  0x031c1843
                                                                                                                                  0x031c184a
                                                                                                                                  0x031c184d
                                                                                                                                  0x031c1850
                                                                                                                                  0x031c1853
                                                                                                                                  0x031c1859
                                                                                                                                  0x031c1859
                                                                                                                                  0x031c1863
                                                                                                                                  0x031c1870
                                                                                                                                  0x031c187a
                                                                                                                                  0x031c1880
                                                                                                                                  0x031c1897
                                                                                                                                  0x031c189d
                                                                                                                                  0x031c18a0
                                                                                                                                  0x031c18aa
                                                                                                                                  0x031c18af
                                                                                                                                  0x031c18af
                                                                                                                                  0x031c18b2
                                                                                                                                  0x031c18b6
                                                                                                                                  0x031c18bc
                                                                                                                                  0x031c18c0
                                                                                                                                  0x031c18c6
                                                                                                                                  0x031c18ce
                                                                                                                                  0x031c18d6
                                                                                                                                  0x031c18de
                                                                                                                                  0x031c18e2
                                                                                                                                  0x031c18e2
                                                                                                                                  0x031c18e8
                                                                                                                                  0x031c18e8
                                                                                                                                  0x031c18c0
                                                                                                                                  0x031c1818
                                                                                                                                  0x00000000
                                                                                                                                  0x031c180f
                                                                                                                                  0x031c17ab
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c17b4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c17b9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c17c2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c17c7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c17c7

                                                                                                                                  APIs
                                                                                                                                  • lstrlenA.KERNEL32(?,?,?,?), ref: 031C1853
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000002,00000002,?,?,?), ref: 031C1870
                                                                                                                                  • SHGetDesktopFolder.SHELL32(00000045,?,?,?), ref: 031C187A
                                                                                                                                  • SHBrowseForFolderA.SHELL32(?,?,?,?), ref: 031C18B6
                                                                                                                                  • SHGetPathFromIDListA.SHELL32(00000000,?,?,?,?), ref: 031C18CE
                                                                                                                                  • CoTaskMemFree.OLE32(00000000,?,?,?), ref: 031C18E8
                                                                                                                                  • GetWindowTextA.USER32 ref: 031C193A
                                                                                                                                  • GetCurrentDirectoryA.KERNEL32(00002000,All Files|*.*,?,?,?), ref: 031C194B
                                                                                                                                  • GetSaveFileNameA.COMDLG32(0000004C,?,?,?), ref: 031C195B
                                                                                                                                  • GetOpenFileNameA.COMDLG32(0000004C,?,?,?), ref: 031C1963
                                                                                                                                  • CommDlgExtendedError.COMDLG32(?,?,?), ref: 031C1975
                                                                                                                                  • SetCurrentDirectoryA.KERNEL32(All Files|*.*,?,?,?,?,?), ref: 031C199B
                                                                                                                                  • ShellExecuteA.SHELL32(00000000,?,00000000,00000000,0000000A), ref: 031C19B7
                                                                                                                                  • SendMessageA.USER32 ref: 031C19DB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748522491.00000000031C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 031C0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748395968.00000000031C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748634965.00000000031C3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748656419.00000000031C4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748694802.00000000031C6000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748715226.00000000031C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_31c0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentDirectoryFileFolderName$BrowseByteCharCommDesktopErrorExecuteExtendedFreeFromListMessageMultiOpenPathSaveSendShellTaskTextWideWindowlstrlen
                                                                                                                                  • String ID: All Files|*.*$E$L
                                                                                                                                  • API String ID: 3574472847-3122172703
                                                                                                                                  • Opcode ID: 6c57b4b5fa96a0c5f62cdd6ed3e691281059374c7d4b92094188749eb8cec3cc
                                                                                                                                  • Instruction ID: cc2ca15b6530dcfffed9efba0f209c41287afe45eeb94c435c016ba8b98dde94
                                                                                                                                  • Opcode Fuzzy Hash: 6c57b4b5fa96a0c5f62cdd6ed3e691281059374c7d4b92094188749eb8cec3cc
                                                                                                                                  • Instruction Fuzzy Hash: 6471C075950288BFDB24DFA4C888AAEBBF8FF5D304F14456DE406E7256D7359980CB20
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B8BC0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 138memorywindowstringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 66%
                                                                                                                                  			E032B8BC0(void* __ebx, void* __edi, void* __esi, void* __eflags, struct HINSTANCE__* _a4, struct HWND__* _a8, intOrPtr _a12, intOrPtr _a16, void* _a20) {
				signed int _v8;
				int _v12;
				CHAR* _v20;
				struct tagRECT _v40;
				struct HWND__* _v48;
				intOrPtr _v52;
				void* _v56;
				struct HINSTANCE__* _v60;
				struct HWND__* _v64;
				struct HWND__* _v68;
				intOrPtr _v72;
				void* __ebp;
				signed int _t25;
				CHAR* _t32;
				void* _t37;
				struct HWND__* _t47;
				intOrPtr _t51;
				void* _t68;
				void** _t70;
				void* _t72;
				struct HWND__* _t73;
				CHAR* _t75;
				void* _t76;
				signed int _t77;

				_t25 =  *0x32ed474; // 0x444d31ba
				_v8 = _t25 ^ _t77;
				_v60 = _a4;
				_v64 = _a8;
				 *0x32effbc = _a12;
				 *0x32effc0 = _a20;
				 *0x32effc4 = _a16;
				_v68 = E032B8DC0(__ebx, __esi);
				_t32 = GlobalAlloc(0x40,  *0x32effbc + 1);
				_t70 =  *0x32effc0;
				_t75 = _t32;
				if(_t70 == 0) {
					L7:
					if(_t75 != 0) {
						GlobalFree(_t75);
					}
					E032B8D90();
					if( *0x32effc0 != 0) {
						_t37 = GlobalAlloc(0x40,  *0x32effbc + 8);
						_push( *0x32effbc);
						_push("error");
						goto L11;
					}
				} else {
					_t72 =  *_t70;
					if(_t72 == 0) {
						goto L7;
					} else {
						lstrcpyA(_t75, _t72 + 4);
						 *( *0x32effc0) =  *_t72;
						GlobalFree(_t72);
						_v72 = E032B8DC0(GlobalAlloc, _t75);
						_t73 = CreateWindowExA(0, "tooltips_class32", 0, 0x80000001, 0x80000000, 0x80000000, 0x80000000, 0x80000000, _v64, 0, _v60, 0);
						SendMessageA(_t73, 0x403, 2, 0x7fff);
						_t47 = _v68;
						asm("xorps xmm0, xmm0");
						_v12 = 0;
						asm("movlpd [ebp-0x28], xmm0");
						asm("movlpd [ebp-0x20], xmm0");
						asm("movlpd [ebp-0x18], xmm0");
						asm("movlpd [ebp-0x10], xmm0");
						_v56 = 0x30;
						_v48 = _t47;
						_v52 = 0x10;
						GetClientRect(_t47,  &_v40);
						_v20 = _t75;
						SendMessageA(_t73, 0x404, 0,  &_v56);
						_t51 = _v72;
						if(_t51 <= 0) {
							_push(0x208);
						} else {
							_push(_t51);
						}
						SendMessageA(_t73, 0x418, 0, ??);
						E032B8D90();
						if( *0x32effc0 != 0) {
							_t37 = GlobalAlloc(0x40,  *0x32effbc + 8);
							_push( *0x32effbc);
							_push("success");
							L11:
							_t76 = _t37;
							_t23 = _t76 + 4; // 0x4
							lstrcpynA(_t23, ??, ??);
							_t68 =  *0x32effc0;
							 *_t76 =  *_t68;
							 *_t68 = _t76;
						}
					}
				}
				return E032BD98D(_v8 ^ _t77);
			}



























                                                                                                                                  0x032b8bc6
                                                                                                                                  0x032b8bcd
                                                                                                                                  0x032b8bd6
                                                                                                                                  0x032b8bdd
                                                                                                                                  0x032b8be4
                                                                                                                                  0x032b8bed
                                                                                                                                  0x032b8bf3
                                                                                                                                  0x032b8c0d
                                                                                                                                  0x032b8c10
                                                                                                                                  0x032b8c12
                                                                                                                                  0x032b8c18
                                                                                                                                  0x032b8c1c
                                                                                                                                  0x032b8d2b
                                                                                                                                  0x032b8d2d
                                                                                                                                  0x032b8d30
                                                                                                                                  0x032b8d30
                                                                                                                                  0x032b8d36
                                                                                                                                  0x032b8d42
                                                                                                                                  0x032b8d4f
                                                                                                                                  0x032b8d51
                                                                                                                                  0x032b8d57
                                                                                                                                  0x00000000
                                                                                                                                  0x032b8d57
                                                                                                                                  0x032b8c22
                                                                                                                                  0x032b8c22
                                                                                                                                  0x032b8c26
                                                                                                                                  0x00000000
                                                                                                                                  0x032b8c2c
                                                                                                                                  0x032b8c31
                                                                                                                                  0x032b8c3f
                                                                                                                                  0x032b8c41
                                                                                                                                  0x032b8c51
                                                                                                                                  0x032b8c87
                                                                                                                                  0x032b8c96
                                                                                                                                  0x032b8c98
                                                                                                                                  0x032b8c9e
                                                                                                                                  0x032b8ca1
                                                                                                                                  0x032b8caa
                                                                                                                                  0x032b8caf
                                                                                                                                  0x032b8cb4
                                                                                                                                  0x032b8cb9
                                                                                                                                  0x032b8cbe
                                                                                                                                  0x032b8cc5
                                                                                                                                  0x032b8cc8
                                                                                                                                  0x032b8ccf
                                                                                                                                  0x032b8cd8
                                                                                                                                  0x032b8ce4
                                                                                                                                  0x032b8ce6
                                                                                                                                  0x032b8ceb
                                                                                                                                  0x032b8cf0
                                                                                                                                  0x032b8ced
                                                                                                                                  0x032b8ced
                                                                                                                                  0x032b8ced
                                                                                                                                  0x032b8cfd
                                                                                                                                  0x032b8cff
                                                                                                                                  0x032b8d0b
                                                                                                                                  0x032b8d18
                                                                                                                                  0x032b8d1e
                                                                                                                                  0x032b8d24
                                                                                                                                  0x032b8d5c
                                                                                                                                  0x032b8d5c
                                                                                                                                  0x032b8d5e
                                                                                                                                  0x032b8d62
                                                                                                                                  0x032b8d68
                                                                                                                                  0x032b8d70
                                                                                                                                  0x032b8d72
                                                                                                                                  0x032b8d72
                                                                                                                                  0x032b8d0b
                                                                                                                                  0x032b8c26
                                                                                                                                  0x032b8d84

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032B8DC0: lstrcpynA.KERNEL32(?,?,00000080), ref: 032B8DFD
                                                                                                                                    • Part of subcall function 032B8DC0: GlobalFree.KERNEL32 ref: 032B8E0D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B8C10
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B8C31
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B8C41
                                                                                                                                  • CreateWindowExA.USER32 ref: 032B8C7B
                                                                                                                                  • SendMessageA.USER32 ref: 032B8C96
                                                                                                                                  • GetClientRect.USER32 ref: 032B8CCF
                                                                                                                                  • SendMessageA.USER32 ref: 032B8CE4
                                                                                                                                  • SendMessageA.USER32 ref: 032B8CFD
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B8D18
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B8D30
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B8D4F
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B8D62
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFreeMessageSend$lstrcpyn$ClientCreateRectWindowlstrcpy
                                                                                                                                  • String ID: 0$error$success$tooltips_class32
                                                                                                                                  • API String ID: 921689269-450748744
                                                                                                                                  • Opcode ID: 1a2a09c2cb168c6bbc1cb7bb46a36bac93ddfe2e8ea0bcd7e26aa2b5f488d803
                                                                                                                                  • Instruction ID: 00081b4698472f0c4a77b228f2bf23dc37772887b45ba7e1e31e47b374dc9925
                                                                                                                                  • Opcode Fuzzy Hash: 1a2a09c2cb168c6bbc1cb7bb46a36bac93ddfe2e8ea0bcd7e26aa2b5f488d803
                                                                                                                                  • Instruction Fuzzy Hash: 66515071911315EFD710EF64ED89BADB7B8FB59740F10811AFA05EB284DBB0A850CB54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0; // 0x69fab8
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "ibaAnalyzer v7.3.6 (x64) Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423ea8; // 0xa038c
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                                                                                                                  0x0040100a
                                                                                                                                  0x00401039
                                                                                                                                  0x00401047
                                                                                                                                  0x0040104d
                                                                                                                                  0x00401051
                                                                                                                                  0x0040105b
                                                                                                                                  0x00401061
                                                                                                                                  0x00401064
                                                                                                                                  0x004010f3
                                                                                                                                  0x00401089
                                                                                                                                  0x0040108c
                                                                                                                                  0x004010a6
                                                                                                                                  0x004010bd
                                                                                                                                  0x004010cc
                                                                                                                                  0x004010cf
                                                                                                                                  0x004010d5
                                                                                                                                  0x004010d9
                                                                                                                                  0x004010e4
                                                                                                                                  0x004010ed
                                                                                                                                  0x004010ef
                                                                                                                                  0x004010ef
                                                                                                                                  0x00401100
                                                                                                                                  0x00401105
                                                                                                                                  0x0040110d
                                                                                                                                  0x00401110
                                                                                                                                  0x00401112
                                                                                                                                  0x00401118
                                                                                                                                  0x0040111f
                                                                                                                                  0x00401126
                                                                                                                                  0x00401130
                                                                                                                                  0x00401142
                                                                                                                                  0x00401156
                                                                                                                                  0x00401160
                                                                                                                                  0x00401165
                                                                                                                                  0x00401165
                                                                                                                                  0x00401110
                                                                                                                                  0x0040116e
                                                                                                                                  0x00000000
                                                                                                                                  0x00401178
                                                                                                                                  0x00401010
                                                                                                                                  0x00401013
                                                                                                                                  0x00401015
                                                                                                                                  0x00401019
                                                                                                                                  0x0040101f
                                                                                                                                  0x0040101f
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                  • GetClientRect.USER32 ref: 0040105B
                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                  • FillRect.USER32 ref: 004010E4
                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                  • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                  • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                  • DrawTextA.USER32(00000000,ibaAnalyzer v7.3.6 (x64) Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                  • String ID: F$ibaAnalyzer v7.3.6 (x64) Setup
                                                                                                                                  • API String ID: 941294808-2738001811
                                                                                                                                  • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                                                  • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                                                                                                                                  • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                                                  • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B1D30 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 115stringmemorysynchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                  			E032B1D30(long _a8, intOrPtr _a12, void* _a16) {
				intOrPtr _t10;
				CHAR* _t13;
				CHAR* _t14;
				int _t15;
				int _t21;
				void* _t35;
				long _t37;
				void* _t42;
				void* _t43;
				void** _t46;
				void* _t49;
				void* _t50;
				void _t52;
				CHAR* _t53;

				_t37 = _a8;
				_t42 = _a16;
				_t10 = _a12;
				 *0x32efcd0 = _t37;
				 *0x32efcd4 = _t42;
				 *0x32efcd8 = _t10;
				if( *0x32efc60 == 0) {
					if(_t42 == 0) {
						return _t10;
					} else {
						_t52 = GlobalAlloc(0x40, _t37 + 8);
						_t9 = _t52 + 4; // 0x4
						_t13 = lstrcpynA(_t9, "error",  *0x32efcd0);
						_t43 =  *0x32efcd4;
						 *_t52 =  *_t43;
						 *_t43 = _t52;
						return _t13;
					}
				}
				_t35 = 1;
				_t14 = GlobalAlloc(0x40, _t37);
				_t46 =  *0x32efcd4;
				_t53 = _t14;
				if(_t46 == 0) {
					L11:
					L12:
					_t15 = GlobalFree(_t53);
					if(_t35 != 0) {
						WaitForSingleObject( *0x32efc60, 0xffffffff);
						_t15 = CloseHandle( *0x32efc60);
						 *0x32efc60 = 0;
					}
					return _t15;
				}
				_t49 =  *_t46;
				if(_t49 == 0) {
					goto L11;
				}
				lstrcpyA(_t53, _t49 + 4);
				 *( *0x32efcd4) =  *_t49;
				GlobalFree(_t49);
				_t21 = lstrcmpiA(_t53, "/time");
				_push(_t53);
				if(_t21 != 0) {
					E032B1000();
					goto L11;
				}
				_t35 = 0;
				E032B0FC0();
				_t50 =  *0x32efc60;
				if(_t50 == 0) {
					goto L11;
				} else {
					if(WaitForSingleObject(_t50, E032B0E70(_t53)) != 0x102) {
						_a8 = 0xffffffff;
						GetExitCodeThread( *0x32efc60,  &_a8);
						if(_a8 != 0xffffffff) {
							_t29 =  !=  ? "done" : "cancel";
							E032B1000( !=  ? "done" : "cancel");
						} else {
							E032B1000(0x32dc484);
						}
					} else {
						E032B1000("wait");
					}
					goto L12;
				}
			}

















                                                                                                                                  0x032b1d3a
                                                                                                                                  0x032b1d3d
                                                                                                                                  0x032b1d40
                                                                                                                                  0x032b1d44
                                                                                                                                  0x032b1d4a
                                                                                                                                  0x032b1d50
                                                                                                                                  0x032b1d55
                                                                                                                                  0x032b1e78
                                                                                                                                  0x032b1e75
                                                                                                                                  0x032b1e7a
                                                                                                                                  0x032b1e8c
                                                                                                                                  0x032b1e93
                                                                                                                                  0x032b1e97
                                                                                                                                  0x032b1e9d
                                                                                                                                  0x032b1ea5
                                                                                                                                  0x032b1ea7
                                                                                                                                  0x032b1eab
                                                                                                                                  0x032b1eab
                                                                                                                                  0x032b1e78
                                                                                                                                  0x032b1d60
                                                                                                                                  0x032b1d65
                                                                                                                                  0x032b1d6b
                                                                                                                                  0x032b1d71
                                                                                                                                  0x032b1d75
                                                                                                                                  0x032b1e40
                                                                                                                                  0x032b1e46
                                                                                                                                  0x032b1e47
                                                                                                                                  0x032b1e4f
                                                                                                                                  0x032b1e59
                                                                                                                                  0x032b1e61
                                                                                                                                  0x032b1e67
                                                                                                                                  0x032b1e67
                                                                                                                                  0x00000000
                                                                                                                                  0x032b1e72
                                                                                                                                  0x032b1d7b
                                                                                                                                  0x032b1d7f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b1d8a
                                                                                                                                  0x032b1d98
                                                                                                                                  0x032b1d9a
                                                                                                                                  0x032b1da6
                                                                                                                                  0x032b1dac
                                                                                                                                  0x032b1daf
                                                                                                                                  0x032b1e38
                                                                                                                                  0x00000000
                                                                                                                                  0x032b1e3d
                                                                                                                                  0x032b1db5
                                                                                                                                  0x032b1db7
                                                                                                                                  0x032b1dbc
                                                                                                                                  0x032b1dc7
                                                                                                                                  0x00000000
                                                                                                                                  0x032b1dc9
                                                                                                                                  0x032b1dde
                                                                                                                                  0x032b1df2
                                                                                                                                  0x032b1e00
                                                                                                                                  0x032b1e0c
                                                                                                                                  0x032b1e2a
                                                                                                                                  0x032b1e2e
                                                                                                                                  0x032b1e0e
                                                                                                                                  0x032b1e14
                                                                                                                                  0x032b1e19
                                                                                                                                  0x032b1de0
                                                                                                                                  0x032b1de5
                                                                                                                                  0x032b1dea
                                                                                                                                  0x00000000
                                                                                                                                  0x032b1dde

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B1D65
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B1D8A
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B1D9A
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/time), ref: 032B1DA6
                                                                                                                                    • Part of subcall function 032B0FC0: lstrcpyA.KERNEL32(?,?,00000000,?,032B1571,?), ref: 032B0FDB
                                                                                                                                    • Part of subcall function 032B0FC0: GlobalFree.KERNEL32 ref: 032B0FEB
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000000,00000000), ref: 032B1DD7
                                                                                                                                  • GetExitCodeThread.KERNEL32(?), ref: 032B1E00
                                                                                                                                    • Part of subcall function 032B1000: GlobalAlloc.KERNEL32(00000040,?,?,?,032B18CA,error), ref: 032B1018
                                                                                                                                    • Part of subcall function 032B1000: lstrcpynA.KERNEL32(00000004,?,?,032B18CA,error), ref: 032B102D
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B1E47
                                                                                                                                  • WaitForSingleObject.KERNEL32(000000FF), ref: 032B1E59
                                                                                                                                  • CloseHandle.KERNEL32 ref: 032B1E61
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B1E80
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B1E97
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFree$ObjectSingleWaitlstrcpylstrcpyn$CloseCodeExitHandleThreadlstrcmpi
                                                                                                                                  • String ID: /time$cancel$done$error$wait
                                                                                                                                  • API String ID: 3149715892-1199983804
                                                                                                                                  • Opcode ID: b175e937bc4c8970ca999cff4f778ffe33d6ee7281a5bf8d06f6af93b9053e66
                                                                                                                                  • Instruction ID: 734515e50dcb557d5e226ec3f9b2d0493e49f2589ce58508aaf363861db0906d
                                                                                                                                  • Opcode Fuzzy Hash: b175e937bc4c8970ca999cff4f778ffe33d6ee7281a5bf8d06f6af93b9053e66
                                                                                                                                  • Instruction Fuzzy Hash: 14412576510225EFD700EF60F95D9AA7379FF88391B298124FD158B248CB31E860CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B2EA0 Relevance: 27.2, APIs: 15, Strings: 3, Instructions: 188memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E032B2EA0(void* __ebx, void* __edi, void* __esi, int _a8, intOrPtr _a12, void* _a16) {
				signed int _v8;
				short _v2056;
				intOrPtr _v2060;
				char _v2068;
				void* __ebp;
				signed int _t20;
				void* _t28;
				intOrPtr _t38;
				void* _t39;
				void* _t45;
				void* _t50;
				void** _t70;
				void* _t71;
				void* _t73;
				char* _t84;
				void _t89;
				intOrPtr _t90;
				void* _t91;
				void** _t93;
				void* _t95;
				void* _t96;
				void* _t98;
				void* _t100;
				void* _t101;
				void _t102;
				signed int _t103;
				void* _t104;
				void* _t106;

				_t20 =  *0x32ed474; // 0x444d31ba
				_v8 = _t20 ^ _t103;
				 *0x32efef4 = _a8;
				 *0x32efef8 = _a16;
				 *0x32efefc = _a12;
				E032B99F0( &_v2068);
				if(E032BA840( &_v2068) != 0) {
					_t28 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t93 =  *0x32efef8;
					_t98 = _t28;
					if(_t93 == 0) {
						L25:
						if(_t98 != 0) {
							GlobalFree(_t98);
						}
						L27:
						E032B1F00();
						L28:
						_push("error");
						L29:
						E032B1FC0();
						L30:
						E032B9A10( &_v2068);
						return E032BD98D(_v8 ^ _t103);
					}
					_t95 =  *_t93;
					if(_t95 == 0) {
						goto L25;
					}
					lstrcpyA(_t98, _t95 + 4);
					_t96 = GlobalFree;
					 *( *0x32efef8) =  *_t95;
					GlobalFree(_t95);
					_t38 = E032AD1A0(_t98);
					_t104 = _t104 + 4;
					_v2060 = _t38;
					if(_t98 != 0) {
						GlobalFree(_t98);
					}
					_t39 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t70 =  *0x32efef8;
					_t100 = _t39;
					if(_t70 == 0) {
						L19:
						if(_t100 != 0) {
							GlobalFree(_t100);
						}
						goto L27;
					} else {
						_t71 =  *_t70;
						if(_t71 == 0) {
							goto L19;
						}
						lstrcpyA(_t100, _t71 + 4);
						 *( *0x32efef8) =  *_t71;
						GlobalFree(_t71);
						_t84 = "UDP";
						_t45 = _t100;
						while(1) {
							_t89 =  *_t45;
							if(_t89 !=  *_t84) {
								break;
							}
							if(_t89 == 0) {
								L14:
								L16:
								_t73 =  !=  ? 6 : 0x11;
								if(_t100 != 0) {
									GlobalFree(_t100);
								}
								_t100 = GlobalAlloc(0x40,  *0x32efef4 + 1);
								_t50 = E032B1F30(_t100);
								_t104 = _t104 + 4;
								if(_t50 == 0) {
									E032BEF40(_t96,  &_v2056, 0, 0x800);
									_t106 = _t104 + 0xc;
									MultiByteToWideChar(0, 0, _t100, 0xffffffff,  &_v2056, 0x400);
									if(_t100 != 0) {
										GlobalFree(_t100);
									}
									_t101 = E032BAA90( &_v2068, _v2060, _t73,  &_v2056);
									E032B1F00();
									E032B1F70(_t101);
									_t104 = _t106 + 4;
									if(_t101 != 0) {
										goto L28;
									} else {
										_push("success");
										goto L29;
									}
								} else {
									goto L19;
								}
							}
							_t90 =  *((intOrPtr*)(_t45 + 1));
							if(_t90 != _t84[1]) {
								break;
							}
							_t45 = _t45 + 2;
							_t84 =  &(_t84[2]);
							if(_t90 != 0) {
								continue;
							}
							goto L14;
						}
						asm("sbb eax, eax");
						goto L16;
					}
				}
				E032B1F00();
				if( *0x32efef8 != 0) {
					_t102 = GlobalAlloc(0x40,  *0x32efef4 + 8);
					_t7 = _t102 + 4; // 0x4
					lstrcpynA(_t7, "error",  *0x32efef4);
					_t91 =  *0x32efef8;
					 *_t102 =  *_t91;
					 *_t91 = _t102;
				}
				goto L30;
			}































                                                                                                                                  0x032b2ea9
                                                                                                                                  0x032b2eb0
                                                                                                                                  0x032b2eb9
                                                                                                                                  0x032b2ec1
                                                                                                                                  0x032b2ece
                                                                                                                                  0x032b2ed3
                                                                                                                                  0x032b2ee5
                                                                                                                                  0x032b2f43
                                                                                                                                  0x032b2f45
                                                                                                                                  0x032b2f4b
                                                                                                                                  0x032b2f4f
                                                                                                                                  0x032b309c
                                                                                                                                  0x032b309e
                                                                                                                                  0x032b30a1
                                                                                                                                  0x032b30a1
                                                                                                                                  0x032b30a7
                                                                                                                                  0x032b30a7
                                                                                                                                  0x032b30ac
                                                                                                                                  0x032b30ac
                                                                                                                                  0x032b30b1
                                                                                                                                  0x032b30b1
                                                                                                                                  0x032b30bb
                                                                                                                                  0x032b30c1
                                                                                                                                  0x032b30d4
                                                                                                                                  0x032b30d4
                                                                                                                                  0x032b2f55
                                                                                                                                  0x032b2f59
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2f64
                                                                                                                                  0x032b2f72
                                                                                                                                  0x032b2f78
                                                                                                                                  0x032b2f7a
                                                                                                                                  0x032b2f7d
                                                                                                                                  0x032b2f82
                                                                                                                                  0x032b2f85
                                                                                                                                  0x032b2f8d
                                                                                                                                  0x032b2f90
                                                                                                                                  0x032b2f90
                                                                                                                                  0x032b2f9c
                                                                                                                                  0x032b2f9e
                                                                                                                                  0x032b2fa4
                                                                                                                                  0x032b2fa8
                                                                                                                                  0x032b3029
                                                                                                                                  0x032b302b
                                                                                                                                  0x032b302e
                                                                                                                                  0x032b302e
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2faa
                                                                                                                                  0x032b2faa
                                                                                                                                  0x032b2fae
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2fb5
                                                                                                                                  0x032b2fc3
                                                                                                                                  0x032b2fc5
                                                                                                                                  0x032b2fc7
                                                                                                                                  0x032b2fcc
                                                                                                                                  0x032b2fd0
                                                                                                                                  0x032b2fd0
                                                                                                                                  0x032b2fd4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2fd8
                                                                                                                                  0x032b2fec
                                                                                                                                  0x032b2ff5
                                                                                                                                  0x032b3001
                                                                                                                                  0x032b3006
                                                                                                                                  0x032b3009
                                                                                                                                  0x032b3009
                                                                                                                                  0x032b301a
                                                                                                                                  0x032b301d
                                                                                                                                  0x032b3022
                                                                                                                                  0x032b3027
                                                                                                                                  0x032b3040
                                                                                                                                  0x032b3045
                                                                                                                                  0x032b305b
                                                                                                                                  0x032b3063
                                                                                                                                  0x032b3066
                                                                                                                                  0x032b3066
                                                                                                                                  0x032b3081
                                                                                                                                  0x032b3083
                                                                                                                                  0x032b3089
                                                                                                                                  0x032b308e
                                                                                                                                  0x032b3093
                                                                                                                                  0x00000000
                                                                                                                                  0x032b3095
                                                                                                                                  0x032b3095
                                                                                                                                  0x00000000
                                                                                                                                  0x032b3095
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b3027
                                                                                                                                  0x032b2fda
                                                                                                                                  0x032b2fe0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2fe2
                                                                                                                                  0x032b2fe5
                                                                                                                                  0x032b2fea
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2fea
                                                                                                                                  0x032b2ff0
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2ff2
                                                                                                                                  0x032b2fa8
                                                                                                                                  0x032b2ee7
                                                                                                                                  0x032b2ef3
                                                                                                                                  0x032b2f10
                                                                                                                                  0x032b2f17
                                                                                                                                  0x032b2f1b
                                                                                                                                  0x032b2f21
                                                                                                                                  0x032b2f29
                                                                                                                                  0x032b2f2b
                                                                                                                                  0x032b2f2b
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2F04
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B2F1B
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2F43
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B2F64
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2F7A
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2F90
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2F9C
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B2FB5
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2FC5
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B3009
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B3014
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B302E
                                                                                                                                    • Part of subcall function 032B1F00: GlobalFree.KERNEL32 ref: 032B1F1B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc$lstrcpy$lstrcpyn
                                                                                                                                  • String ID: UDP$error$success
                                                                                                                                  • API String ID: 3210890967-3678539246
                                                                                                                                  • Opcode ID: b554721473af10b90de6588202fa62770d59b1e7667a4d2d20e8ae3eb5b01731
                                                                                                                                  • Instruction ID: fd8e481094311531f8b5ef09c9f38944de8fee98e3dc72d393cc5b9546c928b3
                                                                                                                                  • Opcode Fuzzy Hash: b554721473af10b90de6588202fa62770d59b1e7667a4d2d20e8ae3eb5b01731
                                                                                                                                  • Instruction Fuzzy Hash: 6C514B7A910325AFD721EF20ED85BEAB3B8EF04740F0A8454EA459B245DB70AD84CBD1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B28C0 Relevance: 27.2, APIs: 15, Strings: 3, Instructions: 187memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 76%
                                                                                                                                  			E032B28C0(void* __ebx, void* __edi, void* __esi, int _a8, intOrPtr _a12, void* _a16) {
				signed int _v8;
				short _v2056;
				intOrPtr _v2060;
				char _v2068;
				void* __ebp;
				signed int _t20;
				void* _t28;
				intOrPtr _t38;
				void* _t39;
				void* _t45;
				void* _t50;
				void** _t70;
				void* _t71;
				void* _t73;
				char* _t84;
				void _t89;
				intOrPtr _t90;
				void* _t91;
				void** _t93;
				void* _t95;
				void* _t96;
				void* _t98;
				void* _t100;
				void* _t101;
				void _t102;
				signed int _t103;
				void* _t104;
				void* _t106;

				_t20 =  *0x32ed474; // 0x444d31ba
				_v8 = _t20 ^ _t103;
				 *0x32efef4 = _a8;
				 *0x32efef8 = _a16;
				_push(__esi);
				 *0x32efefc = _a12;
				E032B99F0( &_v2068);
				if(E032BA840( &_v2068) != 0) {
					_push(__ebx);
					_push(__edi);
					_t28 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t93 =  *0x32efef8;
					_t98 = _t28;
					if(_t93 == 0) {
						L25:
						if(_t98 != 0) {
							GlobalFree(_t98);
						}
						L27:
						E032B1F00();
						L28:
						_push("error");
						L29:
						E032B1FC0();
						L30:
						E032B9A10( &_v2068);
						return E032BD98D(_v8 ^ _t103);
					}
					_t95 =  *_t93;
					if(_t95 == 0) {
						goto L25;
					}
					lstrcpyA(_t98, _t95 + 4);
					_t96 = GlobalFree;
					 *( *0x32efef8) =  *_t95;
					GlobalFree(_t95);
					_t38 = E032AD1A0(_t98);
					_t104 = _t104 + 4;
					_v2060 = _t38;
					if(_t98 != 0) {
						GlobalFree(_t98);
					}
					_t39 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t70 =  *0x32efef8;
					_t100 = _t39;
					if(_t70 == 0) {
						L19:
						if(_t100 != 0) {
							GlobalFree(_t100);
						}
						goto L27;
					} else {
						_t71 =  *_t70;
						if(_t71 == 0) {
							goto L19;
						}
						lstrcpyA(_t100, _t71 + 4);
						 *( *0x32efef8) =  *_t71;
						GlobalFree(_t71);
						_t84 = "UDP";
						_t45 = _t100;
						while(1) {
							_t89 =  *_t45;
							if(_t89 !=  *_t84) {
								break;
							}
							if(_t89 == 0) {
								L14:
								L16:
								_t73 =  !=  ? 6 : 0x11;
								if(_t100 != 0) {
									GlobalFree(_t100);
								}
								_t100 = GlobalAlloc(0x40,  *0x32efef4 + 1);
								_t50 = E032B1F30(_t100);
								_t104 = _t104 + 4;
								if(_t50 == 0) {
									E032BEF40(_t96,  &_v2056, 0, 0x800);
									_t106 = _t104 + 0xc;
									MultiByteToWideChar(0, 0, _t100, 0xffffffff,  &_v2056, 0x400);
									if(_t100 != 0) {
										GlobalFree(_t100);
									}
									_push( &_v2056);
									_push(_t73);
									_push(_v2060);
									_t101 = E032B9E80(_t73,  &_v2068, _t96, _t100);
									E032B1F00();
									E032B1F70(_t101);
									_t104 = _t106 + 4;
									if(_t101 != 0) {
										goto L28;
									} else {
										_push("success");
										goto L29;
									}
								} else {
									goto L19;
								}
							}
							_t90 =  *((intOrPtr*)(_t45 + 1));
							if(_t90 != _t84[1]) {
								break;
							}
							_t45 = _t45 + 2;
							_t84 =  &(_t84[2]);
							if(_t90 != 0) {
								continue;
							}
							goto L14;
						}
						asm("sbb eax, eax");
						goto L16;
					}
				}
				E032B1F00();
				if( *0x32efef8 != 0) {
					_t102 = GlobalAlloc(0x40,  *0x32efef4 + 8);
					_t7 = _t102 + 4; // 0x4
					lstrcpynA(_t7, "error",  *0x32efef4);
					_t91 =  *0x32efef8;
					 *_t102 =  *_t91;
					 *_t91 = _t102;
				}
				goto L30;
			}































                                                                                                                                  0x032b28c9
                                                                                                                                  0x032b28d0
                                                                                                                                  0x032b28d9
                                                                                                                                  0x032b28e1
                                                                                                                                  0x032b28ed
                                                                                                                                  0x032b28ee
                                                                                                                                  0x032b28f3
                                                                                                                                  0x032b2905
                                                                                                                                  0x032b2957
                                                                                                                                  0x032b295f
                                                                                                                                  0x032b2963
                                                                                                                                  0x032b2965
                                                                                                                                  0x032b296b
                                                                                                                                  0x032b296f
                                                                                                                                  0x032b2abc
                                                                                                                                  0x032b2abe
                                                                                                                                  0x032b2ac1
                                                                                                                                  0x032b2ac1
                                                                                                                                  0x032b2ac7
                                                                                                                                  0x032b2ac7
                                                                                                                                  0x032b2acc
                                                                                                                                  0x032b2acc
                                                                                                                                  0x032b2ad1
                                                                                                                                  0x032b2ad1
                                                                                                                                  0x032b2adb
                                                                                                                                  0x032b2ae1
                                                                                                                                  0x032b2af4
                                                                                                                                  0x032b2af4
                                                                                                                                  0x032b2975
                                                                                                                                  0x032b2979
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2984
                                                                                                                                  0x032b2992
                                                                                                                                  0x032b2998
                                                                                                                                  0x032b299a
                                                                                                                                  0x032b299d
                                                                                                                                  0x032b29a2
                                                                                                                                  0x032b29a5
                                                                                                                                  0x032b29ad
                                                                                                                                  0x032b29b0
                                                                                                                                  0x032b29b0
                                                                                                                                  0x032b29bc
                                                                                                                                  0x032b29be
                                                                                                                                  0x032b29c4
                                                                                                                                  0x032b29c8
                                                                                                                                  0x032b2a49
                                                                                                                                  0x032b2a4b
                                                                                                                                  0x032b2a4e
                                                                                                                                  0x032b2a4e
                                                                                                                                  0x00000000
                                                                                                                                  0x032b29ca
                                                                                                                                  0x032b29ca
                                                                                                                                  0x032b29ce
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b29d5
                                                                                                                                  0x032b29e3
                                                                                                                                  0x032b29e5
                                                                                                                                  0x032b29e7
                                                                                                                                  0x032b29ec
                                                                                                                                  0x032b29f0
                                                                                                                                  0x032b29f0
                                                                                                                                  0x032b29f4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b29f8
                                                                                                                                  0x032b2a0c
                                                                                                                                  0x032b2a15
                                                                                                                                  0x032b2a21
                                                                                                                                  0x032b2a26
                                                                                                                                  0x032b2a29
                                                                                                                                  0x032b2a29
                                                                                                                                  0x032b2a3a
                                                                                                                                  0x032b2a3d
                                                                                                                                  0x032b2a42
                                                                                                                                  0x032b2a47
                                                                                                                                  0x032b2a60
                                                                                                                                  0x032b2a65
                                                                                                                                  0x032b2a7b
                                                                                                                                  0x032b2a83
                                                                                                                                  0x032b2a86
                                                                                                                                  0x032b2a86
                                                                                                                                  0x032b2a8e
                                                                                                                                  0x032b2a8f
                                                                                                                                  0x032b2a90
                                                                                                                                  0x032b2aa1
                                                                                                                                  0x032b2aa3
                                                                                                                                  0x032b2aa9
                                                                                                                                  0x032b2aae
                                                                                                                                  0x032b2ab3
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2ab5
                                                                                                                                  0x032b2ab5
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2ab5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2a47
                                                                                                                                  0x032b29fa
                                                                                                                                  0x032b2a00
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2a02
                                                                                                                                  0x032b2a05
                                                                                                                                  0x032b2a0a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2a0a
                                                                                                                                  0x032b2a10
                                                                                                                                  0x00000000
                                                                                                                                  0x032b2a12
                                                                                                                                  0x032b29c8
                                                                                                                                  0x032b2907
                                                                                                                                  0x032b2913
                                                                                                                                  0x032b2930
                                                                                                                                  0x032b2937
                                                                                                                                  0x032b293b
                                                                                                                                  0x032b2941
                                                                                                                                  0x032b2949
                                                                                                                                  0x032b294b
                                                                                                                                  0x032b294b
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2924
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B293B
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2963
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B2984
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B299A
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B29B0
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B29BC
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B29D5
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B29E5
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2A29
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B2A34
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B2A4E
                                                                                                                                    • Part of subcall function 032B1F00: GlobalFree.KERNEL32 ref: 032B1F1B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc$lstrcpy$lstrcpyn
                                                                                                                                  • String ID: UDP$error$success
                                                                                                                                  • API String ID: 3210890967-3678539246
                                                                                                                                  • Opcode ID: 4aa0774ef601c751d931bd82b3b201968001ab3e09144fa2baff3972c9aa2890
                                                                                                                                  • Instruction ID: 736b7a8296be2012ab653c9163a315dc16444c047aa813cf1eb8a7f50b4978eb
                                                                                                                                  • Opcode Fuzzy Hash: 4aa0774ef601c751d931bd82b3b201968001ab3e09144fa2baff3972c9aa2890
                                                                                                                                  • Instruction Fuzzy Hash: 44510976910325EBD721EF60ED85BEAB3B8EF05740F1A8564DD059B245DB70A980CBD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B1350 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 176stringmemorywindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                  			E032B1350(void* __ecx, intOrPtr _a4, long _a8, intOrPtr _a12, void* _a16, intOrPtr _a20) {
				void* _v8;
				void* _t22;
				void* _t27;
				void _t28;
				int _t35;
				void* _t47;
				void* _t51;
				void* _t54;
				void* _t59;
				long _t60;
				intOrPtr _t79;
				void* _t82;
				void* _t83;
				signed int _t84;
				int _t90;
				void _t95;
				CHAR* _t96;
				void* _t97;
				void* _t100;
				void* _t101;

				if( *0x32efcc8 == 0) {
					 *0x32efccc = _a4;
					 *0x32efcd0 = _a8;
					 *0x32efcd4 = _a16;
					 *0x32efcd8 = _a12;
					_t22 =  *((intOrPtr*)( *((intOrPtr*)(_a20 + 0xc))))( *0x32efcc4, E032AFFB0);
					 *0x32efcc8 = 1;
				}
				_t71 = GlobalAlloc;
				_t90 = 0;
				if( *0x32ef450 >= 0x80) {
					L15:
					if( *0x32efcd4 != 0) {
						_t95 =  *_t71(0x40,  *0x32efcd0 + 8);
						_t16 = _t95 + 4; // 0x4
						_t22 = lstrcpynA(_t16, "error",  *0x32efcd0);
						_t82 =  *0x32efcd4;
						 *_t95 =  *_t82;
						 *_t82 = _t95;
					}
					goto L17;
				} else {
					_t96 = GlobalAlloc(0x40,  *0x32efcd0);
					_t27 =  *0x32efcd4;
					if(_t27 == 0) {
						L13:
						_t22 = GlobalFree(_t96);
						if(_t90 != 0) {
							L17:
							return _t22;
						}
						_t71 = GlobalAlloc;
						goto L15;
					}
					_t28 =  *_t27;
					_v8 = _t28;
					if(_t28 == 0) {
						goto L13;
					}
					lstrcpyA(_t96, _t28 + 4);
					_t83 = _v8;
					 *( *0x32efcd4) =  *_t83;
					GlobalFree(_t83);
					 *(( *0x32ef450 << 4) + 0x32eea48) = GlobalAlloc(0x40,  *0x32efcd0);
					 *(( *0x32ef450 << 4) + 0x32eea4c) = GlobalAlloc(0x40,  *0x32efcd0);
					_t35 = lstrcmpiA(_t96, "/icon");
					_push(_t96);
					if(_t35 != 0) {
						lstrcpyA( *(( *0x32ef450 << 4) + 0x32eea48), ??);
						L19:
						if(E032B0FC0( *(( *0x32ef450 << 4) + 0x32eea4c)) != 0 || E032B0FC0(_t96) != 0) {
							L11:
							_t84 =  *0x32ef450;
							goto L12;
						} else {
							_t47 = E032B0E70(_t96);
							_t84 =  *0x32ef450;
							_t19 = _t47 - 1; // -1
							_t79 = _t19;
							 *((intOrPtr*)((_t84 << 4) + 0x32eea40)) = _t79;
							if(_t79 <= 0) {
								L12:
								GlobalFree( *((_t84 << 4) + 0x32eea48));
								GlobalFree( *(( *0x32ef450 << 4) + 0x32eea4c));
								_t90 = 0;
								goto L13;
							}
							 *0x32ef450 = _t84 + 1;
							_t90 = 1;
							 *0x32ee1d8 = _a20;
							goto L13;
						}
					}
					_t51 = E032B0FC0();
					_t100 = _t97 + 4;
					if(_t51 != 0) {
						goto L11;
					}
					 *(( *0x32ef450 << 4) + 0x32eea44) = 0;
					_t54 = E032B7620(_t96, ".ico");
					_t101 = _t100 + 8;
					if(_t54 == 0) {
						ExtractIconExA(_t96, 0, 0, ( *0x32ef450 << 4) + 0x32eea44, 1);
						_t87 =  *0x32ef450;
					} else {
						_t60 = LoadImageA(0, _t96, 1, 0, 0, 0x50);
						_t87 =  *0x32ef450;
						 *(( *0x32ef450 << 4) + 0x32eea44) = _t60;
					}
					_t59 = E032B0FC0( *((intOrPtr*)((_t87 << 4) + 0x32eea48)));
					_t97 = _t101 + 4;
					if(_t59 == 0) {
						goto L19;
					} else {
						goto L11;
					}
				}
			}























                                                                                                                                  0x032b135b
                                                                                                                                  0x032b1360
                                                                                                                                  0x032b1368
                                                                                                                                  0x032b1370
                                                                                                                                  0x032b1378
                                                                                                                                  0x032b138e
                                                                                                                                  0x032b1390
                                                                                                                                  0x032b1390
                                                                                                                                  0x032b139a
                                                                                                                                  0x032b13a2
                                                                                                                                  0x032b13ae
                                                                                                                                  0x032b150b
                                                                                                                                  0x032b1512
                                                                                                                                  0x032b1527
                                                                                                                                  0x032b152e
                                                                                                                                  0x032b1532
                                                                                                                                  0x032b1538
                                                                                                                                  0x032b1540
                                                                                                                                  0x032b1542
                                                                                                                                  0x032b1542
                                                                                                                                  0x00000000
                                                                                                                                  0x032b13b4
                                                                                                                                  0x032b13c5
                                                                                                                                  0x032b13c7
                                                                                                                                  0x032b13ce
                                                                                                                                  0x032b14fd
                                                                                                                                  0x032b14fe
                                                                                                                                  0x032b1503
                                                                                                                                  0x032b1544
                                                                                                                                  0x032b1549
                                                                                                                                  0x032b1549
                                                                                                                                  0x032b1505
                                                                                                                                  0x00000000
                                                                                                                                  0x032b1505
                                                                                                                                  0x032b13d4
                                                                                                                                  0x032b13d6
                                                                                                                                  0x032b13db
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b13e6
                                                                                                                                  0x032b13ec
                                                                                                                                  0x032b13f7
                                                                                                                                  0x032b13f9
                                                                                                                                  0x032b141c
                                                                                                                                  0x032b1433
                                                                                                                                  0x032b1439
                                                                                                                                  0x032b143f
                                                                                                                                  0x032b1442
                                                                                                                                  0x032b1558
                                                                                                                                  0x032b155e
                                                                                                                                  0x032b1576
                                                                                                                                  0x032b14da
                                                                                                                                  0x032b14da
                                                                                                                                  0x00000000
                                                                                                                                  0x032b158d
                                                                                                                                  0x032b158e
                                                                                                                                  0x032b1593
                                                                                                                                  0x032b1599
                                                                                                                                  0x032b1599
                                                                                                                                  0x032b15a1
                                                                                                                                  0x032b15a9
                                                                                                                                  0x032b14e0
                                                                                                                                  0x032b14e9
                                                                                                                                  0x032b14f9
                                                                                                                                  0x032b14fb
                                                                                                                                  0x00000000
                                                                                                                                  0x032b14fb
                                                                                                                                  0x032b15b3
                                                                                                                                  0x032b15b9
                                                                                                                                  0x032b15be
                                                                                                                                  0x00000000
                                                                                                                                  0x032b15be
                                                                                                                                  0x032b1576
                                                                                                                                  0x032b1448
                                                                                                                                  0x032b144d
                                                                                                                                  0x032b1452
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b1466
                                                                                                                                  0x032b1470
                                                                                                                                  0x032b1475
                                                                                                                                  0x032b147a
                                                                                                                                  0x032b14b5
                                                                                                                                  0x032b14bb
                                                                                                                                  0x032b147c
                                                                                                                                  0x032b1487
                                                                                                                                  0x032b148d
                                                                                                                                  0x032b1498
                                                                                                                                  0x032b1498
                                                                                                                                  0x032b14ca
                                                                                                                                  0x032b14cf
                                                                                                                                  0x032b14d4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b14d4

                                                                                                                                  APIs
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B13E6
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B13F9
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032B1409
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 032B1422
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/icon), ref: 032B1439
                                                                                                                                  • LoadImageA.USER32 ref: 032B1487
                                                                                                                                  • ExtractIconExA.SHELL32(00000000,00000000,00000000,?,00000001), ref: 032B14B5
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B14E9
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B14F9
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B14FE
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B1532
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc$ExtractIconImageLoadlstrcmpilstrcpylstrcpyn
                                                                                                                                  • String ID: .ico$/icon$error
                                                                                                                                  • API String ID: 230762479-2780475704
                                                                                                                                  • Opcode ID: 6667c054b51144716087807cd22d596d2271ba60b81f50160e72cfdf526541a5
                                                                                                                                  • Instruction ID: 04f24bc281fbc5dd276475aac763dca17e76056b69f5fd83f4e616bc3f04792d
                                                                                                                                  • Opcode Fuzzy Hash: 6667c054b51144716087807cd22d596d2271ba60b81f50160e72cfdf526541a5
                                                                                                                                  • Instruction Fuzzy Hash: 5461B176600211AFE711EF28F94AB9A37B5FB84388F158128EA05DB358DB31F851CB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AF240 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 139stringmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E032AF240(long _a4, long _a12, intOrPtr _a16, void* _a20) {
				intOrPtr _v8;
				char _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t29;
				CHAR* _t33;
				int _t43;
				void* _t54;
				long _t55;
				void* _t61;
				void** _t67;
				void* _t68;
				long _t69;
				void** _t70;
				void* _t71;
				void* _t73;
				void _t75;

				_t55 = _a12;
				 *0x32efcc4 = _a4;
				 *0x32efcd4 = _a20;
				 *0x32efcd0 = _t55;
				 *0x32efcd8 = _a16;
				_t29 = GlobalAlloc(0x40, _t55);
				_t73 = _t29;
				if(_t73 == 0) {
					if( *0x32efcd4 == 0) {
						goto L21;
					} else {
						_t75 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t25 = _t75 + 4; // 0x4
						_t33 = lstrcpynA(_t25, "error",  *0x32efcd0);
						_t61 =  *0x32efcd4;
						 *_t75 =  *_t61;
						 *_t61 = _t75;
						return _t33;
					}
				} else {
					_a4 = 0;
					_t67 =  *0x32efcd4;
					_a12 = 0;
					if(_t67 == 0) {
						L18:
						_push("error");
						goto L19;
					} else {
						_t68 =  *_t67;
						if(_t68 == 0) {
							goto L18;
						} else {
							lstrcpyA(_t73, _t68 + 4);
							 *( *0x32efcd4) =  *_t68;
							GlobalFree(_t68);
							_t54 = lstrcmpiA;
							L4:
							while(1) {
								if(lstrcmpiA(_t73, "/yesno") != 0) {
									if(lstrcmpiA(_t73, "/user") != 0) {
										if( *_t73 == 0) {
											goto L18;
										} else {
											CharLowerA(_t73);
											_t43 = lstrlenA(_t73);
											while(_t43 > 0) {
												 *((char*)(_t73 + _t43)) =  *((intOrPtr*)(_t43 + _t73 - 1));
												_t43 = _t43 - 1;
											}
											_t69 = _a4;
											_v16 = _a12;
											_v12 =  &_v28;
											 *_t73 = 0x5c;
											_v20 = 0;
											_v24 = _t69;
											_v28 = _t73;
											_v8 = 0;
											E032B7BE0(_t54, _t69, _t73, E032AF3F0,  &_v12, 0);
											if(_v20 == 0) {
												if(_t69 == 0) {
													_push(0x32dc4cc);
												} else {
													_push("no");
												}
												L19:
												E032B1000();
											}
										}
									} else {
										_a12 = 1;
										goto L8;
									}
								} else {
									_a4 = 1;
									L8:
									_t70 =  *0x32efcd4;
									if(_t70 == 0) {
										goto L18;
									} else {
										_t71 =  *_t70;
										if(_t71 == 0) {
											goto L18;
										} else {
											lstrcpyA(_t73, _t71 + 4);
											 *( *0x32efcd4) =  *_t71;
											GlobalFree(_t71);
											continue;
										}
									}
								}
								goto L20;
							}
						}
					}
					L20:
					_t29 = GlobalFree(_t73);
					L21:
					return _t29;
				}
			}

























                                                                                                                                  0x032af249
                                                                                                                                  0x032af24c
                                                                                                                                  0x032af25d
                                                                                                                                  0x032af267
                                                                                                                                  0x032af26d
                                                                                                                                  0x032af272
                                                                                                                                  0x032af274
                                                                                                                                  0x032af278
                                                                                                                                  0x032af3b2
                                                                                                                                  0x00000000
                                                                                                                                  0x032af3b4
                                                                                                                                  0x032af3c7
                                                                                                                                  0x032af3ce
                                                                                                                                  0x032af3d2
                                                                                                                                  0x032af3d8
                                                                                                                                  0x032af3e1
                                                                                                                                  0x032af3e3
                                                                                                                                  0x032af3e9
                                                                                                                                  0x032af3e9
                                                                                                                                  0x032af27e
                                                                                                                                  0x032af282
                                                                                                                                  0x032af285
                                                                                                                                  0x032af28b
                                                                                                                                  0x032af291
                                                                                                                                  0x032af390
                                                                                                                                  0x032af390
                                                                                                                                  0x00000000
                                                                                                                                  0x032af297
                                                                                                                                  0x032af297
                                                                                                                                  0x032af29b
                                                                                                                                  0x00000000
                                                                                                                                  0x032af2a1
                                                                                                                                  0x032af2a6
                                                                                                                                  0x032af2b4
                                                                                                                                  0x032af2b6
                                                                                                                                  0x032af2bc
                                                                                                                                  0x00000000
                                                                                                                                  0x032af2c2
                                                                                                                                  0x032af2cc
                                                                                                                                  0x032af2e1
                                                                                                                                  0x032af322
                                                                                                                                  0x00000000
                                                                                                                                  0x032af324
                                                                                                                                  0x032af325
                                                                                                                                  0x032af32c
                                                                                                                                  0x032af334
                                                                                                                                  0x032af33a
                                                                                                                                  0x032af33d
                                                                                                                                  0x032af33e
                                                                                                                                  0x032af345
                                                                                                                                  0x032af348
                                                                                                                                  0x032af34e
                                                                                                                                  0x032af35c
                                                                                                                                  0x032af35f
                                                                                                                                  0x032af366
                                                                                                                                  0x032af369
                                                                                                                                  0x032af36c
                                                                                                                                  0x032af373
                                                                                                                                  0x032af37c
                                                                                                                                  0x032af380
                                                                                                                                  0x032af389
                                                                                                                                  0x032af382
                                                                                                                                  0x032af382
                                                                                                                                  0x032af382
                                                                                                                                  0x032af395
                                                                                                                                  0x032af395
                                                                                                                                  0x032af39a
                                                                                                                                  0x032af37c
                                                                                                                                  0x032af2e3
                                                                                                                                  0x032af2e3
                                                                                                                                  0x00000000
                                                                                                                                  0x032af2e3
                                                                                                                                  0x032af2ce
                                                                                                                                  0x032af2ce
                                                                                                                                  0x032af2ea
                                                                                                                                  0x032af2ea
                                                                                                                                  0x032af2f2
                                                                                                                                  0x00000000
                                                                                                                                  0x032af2f8
                                                                                                                                  0x032af2f8
                                                                                                                                  0x032af2fc
                                                                                                                                  0x00000000
                                                                                                                                  0x032af302
                                                                                                                                  0x032af307
                                                                                                                                  0x032af315
                                                                                                                                  0x032af317
                                                                                                                                  0x00000000
                                                                                                                                  0x032af317
                                                                                                                                  0x032af2fc
                                                                                                                                  0x032af2f2
                                                                                                                                  0x00000000
                                                                                                                                  0x032af2cc
                                                                                                                                  0x032af2c2
                                                                                                                                  0x032af29b
                                                                                                                                  0x032af39d
                                                                                                                                  0x032af39e
                                                                                                                                  0x032af3a5
                                                                                                                                  0x032af3aa
                                                                                                                                  0x032af3aa

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032AF272
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032AF2A6
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF2B6
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/yesno), ref: 032AF2C8
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/user), ref: 032AF2DD
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032AF307
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF317
                                                                                                                                  • CharLowerA.USER32(00000000), ref: 032AF325
                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 032AF32C
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF39E
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032AF3BF
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032AF3D2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloclstrcmpilstrcpy$CharLowerlstrcpynlstrlen
                                                                                                                                  • String ID: /user$/yesno$error
                                                                                                                                  • API String ID: 2687994038-228508144
                                                                                                                                  • Opcode ID: b80bb83da1b4a36e20659e48e8cdc377f8bb6d258350f5cc7f2a53f76bf79c74
                                                                                                                                  • Instruction ID: 1dea4ab71f5d4acd1945f46f1f8989320ced626c36483a94b50f610da9024ae5
                                                                                                                                  • Opcode Fuzzy Hash: b80bb83da1b4a36e20659e48e8cdc377f8bb6d258350f5cc7f2a53f76bf79c74
                                                                                                                                  • Instruction Fuzzy Hash: 7051CFB2511B66AFD710EFACEE49AAEBBB8FF45300F15811AED0597304DB759480CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 004058B4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                  			E004058B4() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405E88(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422630 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca8, "%s=%s\r\n", 0x422630, 0x4220a8);
						_t18 =  *0x423eb0; // 0x69fab8
						_t56 = _t55 + 0x10;
						E00405B88(_t43, 0x400, 0x4220a8, 0x4220a8,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040583D(0x4220a8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057B2(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057B2(_t26 + 0xa, 0x409350);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E004057FE(_t51 + _t29, 0x421ca8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B66(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040583D(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422630, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                                                                                                                  0x004058ba
                                                                                                                                  0x004058c1
                                                                                                                                  0x004058c5
                                                                                                                                  0x004058ce
                                                                                                                                  0x004058d2
                                                                                                                                  0x00405a11
                                                                                                                                  0x00405a11
                                                                                                                                  0x00000000
                                                                                                                                  0x00405a11
                                                                                                                                  0x004058d2
                                                                                                                                  0x004058de
                                                                                                                                  0x004058f4
                                                                                                                                  0x0040591c
                                                                                                                                  0x00405927
                                                                                                                                  0x0040592b
                                                                                                                                  0x0040594b
                                                                                                                                  0x0040594d
                                                                                                                                  0x00405952
                                                                                                                                  0x0040595c
                                                                                                                                  0x00405969
                                                                                                                                  0x0040596e
                                                                                                                                  0x00405973
                                                                                                                                  0x00405977
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405986
                                                                                                                                  0x00405988
                                                                                                                                  0x00405995
                                                                                                                                  0x00405999
                                                                                                                                  0x00405a0a
                                                                                                                                  0x00405a0b
                                                                                                                                  0x00000000
                                                                                                                                  0x004059b5
                                                                                                                                  0x004059c2
                                                                                                                                  0x00405a27
                                                                                                                                  0x00405a2e
                                                                                                                                  0x004059d5
                                                                                                                                  0x004059d5
                                                                                                                                  0x004059d7
                                                                                                                                  0x004059e0
                                                                                                                                  0x004059eb
                                                                                                                                  0x004059fd
                                                                                                                                  0x00405a04
                                                                                                                                  0x00000000
                                                                                                                                  0x00405a04
                                                                                                                                  0x00405a30
                                                                                                                                  0x00405a31
                                                                                                                                  0x00405a36
                                                                                                                                  0x00405a38
                                                                                                                                  0x00405a45
                                                                                                                                  0x00405a45
                                                                                                                                  0x00405a49
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405a3a
                                                                                                                                  0x00405a3a
                                                                                                                                  0x00405a3d
                                                                                                                                  0x00405a40
                                                                                                                                  0x00405a41
                                                                                                                                  0x00000000
                                                                                                                                  0x00405a3a
                                                                                                                                  0x004059cd
                                                                                                                                  0x004059d2
                                                                                                                                  0x00000000
                                                                                                                                  0x004059d2
                                                                                                                                  0x00405999
                                                                                                                                  0x004058f6
                                                                                                                                  0x00405901
                                                                                                                                  0x0040590a
                                                                                                                                  0x0040590e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x0040590e
                                                                                                                                  0x00405a1b

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                    • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                    • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405649,?,00000000,000000F1,?), ref: 00405901
                                                                                                                                  • GetShortPathNameA.KERNEL32 ref: 0040590A
                                                                                                                                  • GetShortPathNameA.KERNEL32 ref: 00405927
                                                                                                                                  • wsprintfA.USER32 ref: 00405945
                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,004220A8,C0000000,00000004,004220A8,?,?,?,00000000,000000F1,?), ref: 00405980
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 0040598F
                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059A5
                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA8,00000000,-0000000A,00409350,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059EB
                                                                                                                                  • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004059FD
                                                                                                                                  • GlobalFree.KERNEL32 ref: 00405A04
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A0B
                                                                                                                                    • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                                                    • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                                                  • String ID: %s=%s$0&B$[Rename]
                                                                                                                                  • API String ID: 3772915668-951905037
                                                                                                                                  • Opcode ID: 73d0c5d55c6a66a5fc5f40039b5a9282ef929e2af51c157191695387f36ba956
                                                                                                                                  • Instruction ID: 8912a0e40cac8f66f34925055924fb713260e7a12edb00ecfb1cfbef244c1689
                                                                                                                                  • Opcode Fuzzy Hash: 73d0c5d55c6a66a5fc5f40039b5a9282ef929e2af51c157191695387f36ba956
                                                                                                                                  • Instruction Fuzzy Hash: D9411332B05B11BBD3216B61AD88F6B3A5CDB84715F140136FE05F22C2E678A801CEBD
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032ADDB0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 144stringmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032ADDB0(void* __eflags, intOrPtr _a4, long _a12, intOrPtr _a16, void* _a20) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				signed int _v24;
				void* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t23;
				int _t33;
				int _t35;
				CHAR* _t45;
				void* _t49;
				void** _t55;
				void* _t60;
				void** _t64;
				void* _t65;
				signed int _t66;
				long _t71;
				void* _t72;
				void* _t74;
				void _t76;

				 *0x32efcc4 = _a4;
				 *0x32efcd4 = _a20;
				_t71 = _a12;
				 *0x32efcd0 = _t71;
				 *0x32efcd8 = _a16;
				_t23 = E032AE6D0();
				if(_t23 != 0) {
					_t23 = GlobalAlloc(0x40, _t71);
					_t72 = _t23;
					if(_t72 == 0) {
						L16:
						if( *0x32efcd4 != 0) {
							_t74 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
							_t53 =  ==  ? 0x32dc484 : "ok";
							_t19 = _t74 + 4; // 0x4
							lstrcpynA(_t19,  ==  ? 0x32dc484 : "ok",  *0x32efcd0);
							_t55 =  *0x32efcd4;
							_t23 =  *_t55;
							 *_t74 = _t23;
							 *_t55 = _t74;
						}
						goto L19;
					} else {
						_t64 =  *0x32efcd4;
						_t49 = GlobalFree;
						if(_t64 == 0) {
							L14:
							goto L15;
						} else {
							_t65 =  *_t64;
							if(_t65 == 0) {
								goto L14;
							} else {
								lstrcpyA(_t72, _t65 + 4);
								 *( *0x32efcd4) =  *_t65;
								GlobalFree(_t65);
								_t33 = lstrcmpiA(_t72, "/kill");
								if(_t33 != 0) {
									_t66 = 0;
									goto L10;
								} else {
									_t7 = _t33 + 1; // 0x1
									_t66 = _t7;
									if(E032B0FC0(_t72) == 0) {
										L10:
										if( *_t72 == 0) {
											goto L14;
										} else {
											CharLowerA(_t72);
											_t35 = lstrlenA(_t72);
											while(_t35 > 0) {
												 *((char*)(_t72 + _t35)) =  *((intOrPtr*)(_t35 + _t72 - 1));
												_t35 = _t35 - 1;
											}
											_v24 = _t66;
											_v12 =  &_v28;
											 *_t72 = 0x5c;
											_v28 = _t72;
											_v20 = 0;
											_v8 = _t66 ^ 0x00000001;
											E032B7BE0(_t49, _t66 ^ 0x00000001, _t72, E032ADF60,  &_v12, 0);
											_t62 =  !=  ? 1 : 0;
										}
										L15:
										_t23 = GlobalFree(_t72);
										goto L16;
									} else {
										return GlobalFree(_t72);
									}
								}
							}
						}
					}
				} else {
					if( *0x32efcd4 == _t23) {
						L19:
						return _t23;
					} else {
						_t76 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t5 = _t76 + 4; // 0x4
						_t45 = lstrcpynA(_t5, "error",  *0x32efcd0);
						_t60 =  *0x32efcd4;
						 *_t76 =  *_t60;
						 *_t60 = _t76;
						return _t45;
					}
				}
			}

























                                                                                                                                  0x032addb9
                                                                                                                                  0x032addc1
                                                                                                                                  0x032addca
                                                                                                                                  0x032addcd
                                                                                                                                  0x032addd3
                                                                                                                                  0x032addd8
                                                                                                                                  0x032adddf
                                                                                                                                  0x032ade33
                                                                                                                                  0x032ade35
                                                                                                                                  0x032ade39
                                                                                                                                  0x032adf09
                                                                                                                                  0x032adf10
                                                                                                                                  0x032adf25
                                                                                                                                  0x032adf33
                                                                                                                                  0x032adf37
                                                                                                                                  0x032adf3b
                                                                                                                                  0x032adf41
                                                                                                                                  0x032adf47
                                                                                                                                  0x032adf49
                                                                                                                                  0x032adf4b
                                                                                                                                  0x032adf4b
                                                                                                                                  0x00000000
                                                                                                                                  0x032ade3f
                                                                                                                                  0x032ade3f
                                                                                                                                  0x032ade45
                                                                                                                                  0x032ade4d
                                                                                                                                  0x032adefe
                                                                                                                                  0x00000000
                                                                                                                                  0x032ade53
                                                                                                                                  0x032ade53
                                                                                                                                  0x032ade57
                                                                                                                                  0x00000000
                                                                                                                                  0x032ade5d
                                                                                                                                  0x032ade62
                                                                                                                                  0x032ade70
                                                                                                                                  0x032ade72
                                                                                                                                  0x032ade7a
                                                                                                                                  0x032ade82
                                                                                                                                  0x032ade9e
                                                                                                                                  0x00000000
                                                                                                                                  0x032ade84
                                                                                                                                  0x032ade85
                                                                                                                                  0x032ade85
                                                                                                                                  0x032ade92
                                                                                                                                  0x032adea0
                                                                                                                                  0x032adea3
                                                                                                                                  0x00000000
                                                                                                                                  0x032adea5
                                                                                                                                  0x032adea6
                                                                                                                                  0x032adead
                                                                                                                                  0x032adeb5
                                                                                                                                  0x032adebb
                                                                                                                                  0x032adebe
                                                                                                                                  0x032adebf
                                                                                                                                  0x032adec6
                                                                                                                                  0x032adec9
                                                                                                                                  0x032aded4
                                                                                                                                  0x032adedd
                                                                                                                                  0x032adee0
                                                                                                                                  0x032adee7
                                                                                                                                  0x032adeea
                                                                                                                                  0x032adef9
                                                                                                                                  0x032adef9
                                                                                                                                  0x032adf00
                                                                                                                                  0x032adf01
                                                                                                                                  0x00000000
                                                                                                                                  0x032ade94
                                                                                                                                  0x032ade9d
                                                                                                                                  0x032ade9d
                                                                                                                                  0x032ade92
                                                                                                                                  0x032ade82
                                                                                                                                  0x032ade57
                                                                                                                                  0x032ade4d
                                                                                                                                  0x032adde1
                                                                                                                                  0x032adde7
                                                                                                                                  0x032adf4f
                                                                                                                                  0x032adf53
                                                                                                                                  0x032added
                                                                                                                                  0x032ade04
                                                                                                                                  0x032ade0b
                                                                                                                                  0x032ade0f
                                                                                                                                  0x032ade15
                                                                                                                                  0x032ade1d
                                                                                                                                  0x032ade1f
                                                                                                                                  0x032ade25
                                                                                                                                  0x032ade25
                                                                                                                                  0x032adde7

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032AE6D0: GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,032B1805), ref: 032AE6EF
                                                                                                                                    • Part of subcall function 032AE6D0: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,032B1805), ref: 032AE6F6
                                                                                                                                    • Part of subcall function 032AE6D0: LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 032AE70B
                                                                                                                                    • Part of subcall function 032AE6D0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 032AE73E
                                                                                                                                    • Part of subcall function 032AE6D0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,032B1805), ref: 032AE75D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032ADDF8
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032ADE0F
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032ADE33
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032ADE62
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032ADE72
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/kill), ref: 032ADE7A
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032ADE95
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFreeProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValuelstrcmpilstrcpylstrcpyn
                                                                                                                                  • String ID: /kill$error
                                                                                                                                  • API String ID: 1730306834-1806998956
                                                                                                                                  • Opcode ID: 03465b14ea190c2fa47ed63b755a7ad79ff0a366caf966ff891abd2698961bed
                                                                                                                                  • Instruction ID: 8559889cea3396ffe85725274f44b942eaab78d72ec97a400c834294bcf7e23e
                                                                                                                                  • Opcode Fuzzy Hash: 03465b14ea190c2fa47ed63b755a7ad79ff0a366caf966ff891abd2698961bed
                                                                                                                                  • Instruction Fuzzy Hash: CE510072A11622AFD710EF6CFA59AAAB7E8FF89700F15805AED04D7304DB71D840CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B42A0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 119servicememorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 95%
                                                                                                                                  			E032B42A0(void* __ebx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, void* _a16) {
				signed int _v8;
				intOrPtr _v32;
				struct _SERVICE_STATUS _v36;
				void* __ebp;
				signed int _t12;
				void* _t19;
				void* _t22;
				void** _t46;
				void* _t48;
				void* _t49;
				void* _t58;
				void* _t60;
				void _t62;
				void* _t64;
				signed int _t65;
				void* _t66;

				_t12 =  *0x32ed474; // 0x444d31ba
				_v8 = _t12 ^ _t65;
				 *0x32efef4 = _a8;
				 *0x32efef8 = _a16;
				 *0x32efefc = _a12;
				_t64 = OpenSCManagerA(0, 0, 0xf003f);
				if(_t64 != 0) {
					_v32 = 1;
					_t19 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t46 =  *0x32efef8;
					_t60 = _t19;
					if(_t46 == 0) {
						L9:
						if(_t60 != 0) {
							GlobalFree(_t60);
						}
						L11:
						E032B1F00();
						E032B1F70(_v32);
						_t66 = _t66 + 4;
						goto L12;
					}
					_t48 =  *_t46;
					if(_t48 == 0) {
						goto L9;
					}
					lstrcpyA(_t60, _t48 + 4);
					 *( *0x32efef8) =  *_t48;
					GlobalFree(_t48);
					_t49 = OpenServiceA(_t64, _t60, 0xf01ff);
					if(_t60 != 0) {
						GlobalFree(_t60);
					}
					if(_t49 == 0) {
						goto L11;
					} else {
						QueryServiceStatus(_t49,  &_v36);
						CloseServiceHandle(_t49);
						E032B1F00();
						E032B1F70(_v32);
						_t66 = _t66 + 4;
						_t22 =  !=  ? "success" : 0x32dc484;
						goto L13;
					}
				} else {
					E032B1F00();
					if( *0x32efef8 != 0) {
						_t62 = GlobalAlloc(0x40,  *0x32efef4 + 8);
						_t5 = _t62 + 4; // 0x4
						wsprintfA(_t5, 0x32dc480, 0x64);
						_t58 =  *0x32efef8;
						_t66 = _t66 + 0xc;
						 *_t62 =  *_t58;
						 *_t58 = _t62;
					}
					L12:
					_t22 = 0x32dc484;
					L13:
					E032B1FC0(_t22);
					if(_t64 != 0) {
						CloseServiceHandle(_t64);
					}
					return E032BD98D(_v8 ^ _t65);
				}
			}



















                                                                                                                                  0x032b42a6
                                                                                                                                  0x032b42ad
                                                                                                                                  0x032b42c0
                                                                                                                                  0x032b42ca
                                                                                                                                  0x032b42d0
                                                                                                                                  0x032b42e1
                                                                                                                                  0x032b42e5
                                                                                                                                  0x032b4337
                                                                                                                                  0x032b4341
                                                                                                                                  0x032b4347
                                                                                                                                  0x032b434d
                                                                                                                                  0x032b4351
                                                                                                                                  0x032b43c9
                                                                                                                                  0x032b43cb
                                                                                                                                  0x032b43ce
                                                                                                                                  0x032b43ce
                                                                                                                                  0x032b43d4
                                                                                                                                  0x032b43d4
                                                                                                                                  0x032b43dc
                                                                                                                                  0x032b43e7
                                                                                                                                  0x00000000
                                                                                                                                  0x032b43e7
                                                                                                                                  0x032b4353
                                                                                                                                  0x032b4357
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b435e
                                                                                                                                  0x032b436c
                                                                                                                                  0x032b436e
                                                                                                                                  0x032b4381
                                                                                                                                  0x032b4385
                                                                                                                                  0x032b4388
                                                                                                                                  0x032b4388
                                                                                                                                  0x032b4390
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4392
                                                                                                                                  0x032b4397
                                                                                                                                  0x032b43a6
                                                                                                                                  0x032b43a8
                                                                                                                                  0x032b43b0
                                                                                                                                  0x032b43b5
                                                                                                                                  0x032b43c4
                                                                                                                                  0x00000000
                                                                                                                                  0x032b43c4
                                                                                                                                  0x032b42e7
                                                                                                                                  0x032b42e7
                                                                                                                                  0x032b42f3
                                                                                                                                  0x032b430a
                                                                                                                                  0x032b4313
                                                                                                                                  0x032b4317
                                                                                                                                  0x032b431d
                                                                                                                                  0x032b4323
                                                                                                                                  0x032b4328
                                                                                                                                  0x032b432a
                                                                                                                                  0x032b432a
                                                                                                                                  0x032b43ea
                                                                                                                                  0x032b43ea
                                                                                                                                  0x032b43ef
                                                                                                                                  0x032b43f0
                                                                                                                                  0x032b43fa
                                                                                                                                  0x032b43fd
                                                                                                                                  0x032b43fd
                                                                                                                                  0x032b440f
                                                                                                                                  0x032b440f

                                                                                                                                  APIs
                                                                                                                                  • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 032B42D5
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B4304
                                                                                                                                  • wsprintfA.USER32 ref: 032B4317
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B4341
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B435E
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B436E
                                                                                                                                  • OpenServiceA.ADVAPI32(00000000,00000000,000F01FF), ref: 032B437B
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4388
                                                                                                                                  • QueryServiceStatus.ADVAPI32(00000000,?), ref: 032B4397
                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 032B43A6
                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 032B43FD
                                                                                                                                    • Part of subcall function 032B1F00: GlobalFree.KERNEL32 ref: 032B1F1B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Service$Free$AllocCloseHandleOpen$ManagerQueryStatuslstrcpywsprintf
                                                                                                                                  • String ID: error$success
                                                                                                                                  • API String ID: 2925065071-58590040
                                                                                                                                  • Opcode ID: dbffd5a23a58377e53fa6fe102a9ce5cc40edf13c26fa623df2b264bb2dfe7dd
                                                                                                                                  • Instruction ID: 91212c820f1dfe0a812c11ca20fe52794ad6a6d234166dc231376b98494052d3
                                                                                                                                  • Opcode Fuzzy Hash: dbffd5a23a58377e53fa6fe102a9ce5cc40edf13c26fa623df2b264bb2dfe7dd
                                                                                                                                  • Instruction Fuzzy Hash: E141C676A11315AFC700FF65F8DDA6A7378EF48781F298124F9158B34ACB70A950CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B4E80 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 112servicememorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 95%
                                                                                                                                  			E032B4E80(void* __ebx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, void* _a16) {
				signed int _v8;
				struct _SERVICE_STATUS _v36;
				void* __ebp;
				signed int _t9;
				void* _t16;
				char* _t18;
				int _t29;
				void** _t40;
				void* _t42;
				void* _t43;
				void* _t51;
				void* _t53;
				void _t55;
				void* _t57;
				signed int _t58;
				void* _t59;

				_t9 =  *0x32ed474; // 0x444d31ba
				_v8 = _t9 ^ _t58;
				 *0x32efef4 = _a8;
				 *0x32efef8 = _a16;
				 *0x32efefc = _a12;
				_t57 = OpenSCManagerA(0, 0, 0xf003f);
				if(_t57 != 0) {
					_t16 = GlobalAlloc(0x40,  *0x32efef4 + 1);
					_t40 =  *0x32efef8;
					_t53 = _t16;
					if(_t40 == 0) {
						L10:
						if(_t53 != 0) {
							GlobalFree(_t53);
						}
						L12:
						E032B1F00();
						goto L13;
					}
					_t42 =  *_t40;
					if(_t42 == 0) {
						goto L10;
					}
					lstrcpyA(_t53, _t42 + 4);
					 *( *0x32efef8) =  *_t42;
					GlobalFree(_t42);
					_t43 = OpenServiceA(_t57, _t53, 0xf01ff);
					if(_t53 != 0) {
						GlobalFree(_t53);
					}
					if(_t43 == 0) {
						goto L12;
					} else {
						_t29 = ControlService(_t43, 1,  &_v36);
						CloseServiceHandle(_t43);
						E032B1F00();
						if(_t29 == 0) {
							goto L13;
						}
						_t18 = "success";
						goto L14;
					}
				} else {
					E032B1F00();
					if( *0x32efef8 != 0) {
						_t55 = GlobalAlloc(0x40,  *0x32efef4 + 8);
						_t5 = _t55 + 4; // 0x4
						wsprintfA(_t5, 0x32dc480, 0x64);
						_t51 =  *0x32efef8;
						_t59 = _t59 + 0xc;
						 *_t55 =  *_t51;
						 *_t51 = _t55;
					}
					L13:
					_t18 = 0x32dc484;
					L14:
					E032B1FC0(_t18);
					if(_t57 != 0) {
						CloseServiceHandle(_t57);
					}
					return E032BD98D(_v8 ^ _t58);
				}
			}



















                                                                                                                                  0x032b4e86
                                                                                                                                  0x032b4e8d
                                                                                                                                  0x032b4ea0
                                                                                                                                  0x032b4eaa
                                                                                                                                  0x032b4eb0
                                                                                                                                  0x032b4ec1
                                                                                                                                  0x032b4ec5
                                                                                                                                  0x032b4f1a
                                                                                                                                  0x032b4f20
                                                                                                                                  0x032b4f26
                                                                                                                                  0x032b4f2a
                                                                                                                                  0x032b4f93
                                                                                                                                  0x032b4f95
                                                                                                                                  0x032b4f98
                                                                                                                                  0x032b4f98
                                                                                                                                  0x032b4f9e
                                                                                                                                  0x032b4f9e
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4fa3
                                                                                                                                  0x032b4f2c
                                                                                                                                  0x032b4f30
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4f37
                                                                                                                                  0x032b4f45
                                                                                                                                  0x032b4f47
                                                                                                                                  0x032b4f5a
                                                                                                                                  0x032b4f5e
                                                                                                                                  0x032b4f61
                                                                                                                                  0x032b4f61
                                                                                                                                  0x032b4f69
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4f6b
                                                                                                                                  0x032b4f72
                                                                                                                                  0x032b4f81
                                                                                                                                  0x032b4f83
                                                                                                                                  0x032b4f8a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4f8c
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4f8c
                                                                                                                                  0x032b4ec7
                                                                                                                                  0x032b4ec7
                                                                                                                                  0x032b4ed3
                                                                                                                                  0x032b4eea
                                                                                                                                  0x032b4ef3
                                                                                                                                  0x032b4ef7
                                                                                                                                  0x032b4efd
                                                                                                                                  0x032b4f03
                                                                                                                                  0x032b4f08
                                                                                                                                  0x032b4f0a
                                                                                                                                  0x032b4f0a
                                                                                                                                  0x032b4fa9
                                                                                                                                  0x032b4fa9
                                                                                                                                  0x032b4fae
                                                                                                                                  0x032b4faf
                                                                                                                                  0x032b4fb9
                                                                                                                                  0x032b4fbc
                                                                                                                                  0x032b4fbc
                                                                                                                                  0x032b4fce
                                                                                                                                  0x032b4fce

                                                                                                                                  APIs
                                                                                                                                  • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 032B4EB5
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B4EE4
                                                                                                                                  • wsprintfA.USER32 ref: 032B4EF7
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B4F1A
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B4F37
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4F47
                                                                                                                                  • OpenServiceA.ADVAPI32(00000000,00000000,000F01FF), ref: 032B4F54
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4F61
                                                                                                                                  • ControlService.ADVAPI32(00000000,00000001,?), ref: 032B4F72
                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 032B4F81
                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 032B4FBC
                                                                                                                                    • Part of subcall function 032B1F00: GlobalFree.KERNEL32 ref: 032B1F1B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Service$Free$AllocCloseHandleOpen$ControlManagerlstrcpywsprintf
                                                                                                                                  • String ID: error$success
                                                                                                                                  • API String ID: 366370824-58590040
                                                                                                                                  • Opcode ID: eeaddab1e4be23fdfc7d42bf25f4e7f8ffe7b8533a439eee013b8f1ab059cc33
                                                                                                                                  • Instruction ID: c99c682b9abdb4a18f0d4b549e4adca5049a2124024280ddc0536b25d262dc2a
                                                                                                                                  • Opcode Fuzzy Hash: eeaddab1e4be23fdfc7d42bf25f4e7f8ffe7b8533a439eee013b8f1ab059cc33
                                                                                                                                  • Instruction Fuzzy Hash: 41317F36611311AFC710FF65F9CDE76B7B8EB48741F1A8129EA158B24ACB70E950CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B0790 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 111stringmemorythreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 39%
                                                                                                                                  			E032B0790(void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, void* _a20, intOrPtr _a24) {
				void* _t11;
				CHAR* _t15;
				void* _t19;
				int _t26;
				void* _t29;
				void* _t30;
				void* _t35;
				long _t38;
				void* _t41;
				void* _t43;
				void _t45;
				void** _t46;
				CHAR* _t47;
				void* _t48;
				void* _t49;
				void* _t50;

				 *0x32efcc4 = _a4;
				_t11 = E032AE6D0();
				if(_t11 == 0 ||  *0x32efc60 != 0) {
					if( *0x32efcd4 != 0) {
						_t45 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t9 = _t45 + 4; // 0x4
						_t15 = lstrcpynA(_t9, "error",  *0x32efcd0);
						_t41 =  *0x32efcd4;
						 *_t45 =  *_t41;
						 *_t41 = _t45;
						return _t15;
					}
					return _t11;
				} else {
					_t38 = _a12;
					 *0x32efccc = _a8;
					 *0x32efcd4 = _a20;
					 *0x32efcd0 = _t38;
					 *0x32efcd8 = _a16;
					_t19 = GlobalAlloc(0x40, _t38);
					_t46 =  *0x32efcd4;
					_t43 = _t19;
					if(_t46 == 0) {
						L10:
						_t47 = 0x32dc484;
					} else {
						_t48 =  *_t46;
						if(_t48 == 0) {
							goto L10;
						} else {
							lstrcpyA(_t43, _t48 + 4);
							 *( *0x32efcd4) =  *_t48;
							GlobalFree(_t48);
							_t49 = 0;
							_t26 = lstrcmpiA(_t43, "/async");
							if(_t26 != 0) {
								L6:
								_t29 = E032B0E70(_t43) - 1;
								if(_t29 <= 0) {
									goto L10;
								} else {
									 *0x32ee1d8 = _a24;
									_push(0);
									_push(0);
									_push(_t29);
									_push(E032AF220);
									_push(0);
									_push(0);
									if(_t49 == 0) {
										_t30 = CreateThread();
										 *0x32efc60 = _t30;
										WaitForSingleObject(_t30, 0xffffffff);
										CloseHandle( *0x32efc60);
										_t47 = "done";
										 *0x32efc60 = 0;
									} else {
										_t47 = "ok";
										 *0x32efc60 = CreateThread(??, ??, ??, ??, ??, ??);
									}
								}
							} else {
								_t7 = _t26 + 1; // 0x1
								_t49 = _t7;
								_t35 = E032B0FC0(_t43);
								_t50 = _t50 + 4;
								if(_t35 != 0) {
									goto L10;
								} else {
									goto L6;
								}
							}
						}
					}
					E032B1000(_t47);
					return GlobalFree(_t43);
				}
			}



















                                                                                                                                  0x032b0797
                                                                                                                                  0x032b079c
                                                                                                                                  0x032b07a3
                                                                                                                                  0x032b08c0
                                                                                                                                  0x032b08d9
                                                                                                                                  0x032b08e0
                                                                                                                                  0x032b08e4
                                                                                                                                  0x032b08ea
                                                                                                                                  0x032b08f2
                                                                                                                                  0x032b08f4
                                                                                                                                  0x00000000
                                                                                                                                  0x032b08f4
                                                                                                                                  0x032b08f8
                                                                                                                                  0x032b07b6
                                                                                                                                  0x032b07b9
                                                                                                                                  0x032b07bd
                                                                                                                                  0x032b07c6
                                                                                                                                  0x032b07d0
                                                                                                                                  0x032b07d6
                                                                                                                                  0x032b07db
                                                                                                                                  0x032b07e1
                                                                                                                                  0x032b07e7
                                                                                                                                  0x032b07eb
                                                                                                                                  0x032b08a0
                                                                                                                                  0x032b08a0
                                                                                                                                  0x032b07f1
                                                                                                                                  0x032b07f1
                                                                                                                                  0x032b07f5
                                                                                                                                  0x00000000
                                                                                                                                  0x032b07fb
                                                                                                                                  0x032b0800
                                                                                                                                  0x032b080e
                                                                                                                                  0x032b0810
                                                                                                                                  0x032b081c
                                                                                                                                  0x032b081e
                                                                                                                                  0x032b0826
                                                                                                                                  0x032b0838
                                                                                                                                  0x032b0840
                                                                                                                                  0x032b0843
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0845
                                                                                                                                  0x032b0848
                                                                                                                                  0x032b084e
                                                                                                                                  0x032b0850
                                                                                                                                  0x032b0852
                                                                                                                                  0x032b0853
                                                                                                                                  0x032b0858
                                                                                                                                  0x032b085a
                                                                                                                                  0x032b085e
                                                                                                                                  0x032b0872
                                                                                                                                  0x032b087b
                                                                                                                                  0x032b0880
                                                                                                                                  0x032b088c
                                                                                                                                  0x032b0894
                                                                                                                                  0x032b0899
                                                                                                                                  0x032b0860
                                                                                                                                  0x032b0860
                                                                                                                                  0x032b086b
                                                                                                                                  0x032b086b
                                                                                                                                  0x032b085e
                                                                                                                                  0x032b0828
                                                                                                                                  0x032b0829
                                                                                                                                  0x032b0829
                                                                                                                                  0x032b082c
                                                                                                                                  0x032b0831
                                                                                                                                  0x032b0836
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0836
                                                                                                                                  0x032b0826
                                                                                                                                  0x032b07f5
                                                                                                                                  0x032b08a6
                                                                                                                                  0x032b08b8
                                                                                                                                  0x032b08b8

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032AE6D0: GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,032B1805), ref: 032AE6EF
                                                                                                                                    • Part of subcall function 032AE6D0: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,032B1805), ref: 032AE6F6
                                                                                                                                    • Part of subcall function 032AE6D0: LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 032AE70B
                                                                                                                                    • Part of subcall function 032AE6D0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 032AE73E
                                                                                                                                    • Part of subcall function 032AE6D0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,032B1805), ref: 032AE75D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B07DB
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B0800
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B0810
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,/async), ref: 032B081E
                                                                                                                                  • CreateThread.KERNEL32 ref: 032B0865
                                                                                                                                    • Part of subcall function 032B0FC0: lstrcpyA.KERNEL32(?,?,00000000,?,032B1571,?), ref: 032B0FDB
                                                                                                                                    • Part of subcall function 032B0FC0: GlobalFree.KERNEL32 ref: 032B0FEB
                                                                                                                                  • CreateThread.KERNEL32 ref: 032B0872
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 032B0880
                                                                                                                                  • CloseHandle.KERNEL32 ref: 032B088C
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B08AF
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B08CD
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B08E4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$AllocCloseCreateHandleProcessThreadTokenlstrcpy$AdjustCurrentLookupObjectOpenPrivilegePrivilegesSingleValueWaitlstrcmpilstrcpyn
                                                                                                                                  • String ID: /async$done$error
                                                                                                                                  • API String ID: 219963596-949531631
                                                                                                                                  • Opcode ID: 932b56192cb87534aef2280af00bc814cb8735cc80d3358c67e1422d31d2b095
                                                                                                                                  • Instruction ID: 18a9ceceb955c75ae4525a1e5b34a153aad02f42eb38cc3c496a760f748ad56b
                                                                                                                                  • Opcode Fuzzy Hash: 932b56192cb87534aef2280af00bc814cb8735cc80d3358c67e1422d31d2b095
                                                                                                                                  • Instruction Fuzzy Hash: 5F419D72911231EFD711EF64F94DAAA77B8BB49B41F16C529FE05DB248DB309840CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AE780 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 248windowmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                  			E032AE780(intOrPtr* _a4, void* _a8) {
				int _v40;
				CHAR* _v44;
				int _v56;
				intOrPtr _v60;
				void* _v64;
				unsigned int _t70;
				void* _t71;
				intOrPtr _t73;
				intOrPtr _t75;
				void* _t78;
				void* _t79;
				void* _t85;
				void* _t91;
				void* _t93;
				void* _t94;
				void** _t99;
				void* _t100;
				intOrPtr _t105;
				long _t107;
				intOrPtr _t109;
				intOrPtr* _t115;
				void _t116;
				intOrPtr* _t120;
				void _t125;
				void* _t126;
				signed int _t128;
				signed int _t129;
				signed int _t130;
				void* _t132;
				void* _t135;
				void* _t136;

				_t115 = _a4;
				_t126 = _a8;
				_t3 = _t126 + 0x18; // 0x75040478
				_t128 =  *_t3;
				if(_t128 != 0) {
					_t5 = _t126 + 0x14; // 0x83247502
					_t117 = ( *((intOrPtr*)(_t115 + 0x314)) +  *_t5) * 0xf4240 / _t128;
					_t70 = 0xd1b71759 * ( *((intOrPtr*)(_t115 + 0x314)) +  *_t5) * 0xf4240 / _t128 >> 0x20 >> 0xd;
				} else {
					_t70 = 0x64;
				}
				_a8 = _t70;
				if( *((intOrPtr*)(_t126 + 0xc)) != 1 &&  *0x32efc5c != _t70) {
					_v64 = 1;
					_t107 = SendMessageA( *0x32ee1e0, 0x1004, 0, 0);
					_v56 = 0;
					_v60 = _t107 - 1;
					_t109 =  *0x32efc78;
					_v44 = 0x32efcf0;
					_t117 =  !=  ? _t109 : "Searching, please wait...";
					_v40 = 0x200;
					wsprintfA(0x32efcf0, "%u%% %s", _a8,  !=  ? _t109 : "Searching, please wait...");
					_t135 = _t135 + 0x10;
					SendMessageA( *0x32ee1f4, 0x402, _a8, 0);
					SendMessageA( *0x32ee1e0, 0x1006, 0,  &_v64);
					 *0x32efc5c = _a8;
				}
				if( *((intOrPtr*)(_t126 + 8)) != 5) {
					_t71 = E032B88B0( *_t115);
					_t136 = _t135 + 4;
					if(_t71 != 0) {
						goto L36;
					} else {
						if( *((intOrPtr*)(_t126 + 0xc)) == 1) {
							L14:
							_t39 = _t126 + 8; // 0xfc62
							_t73 =  *_t39;
							_t120 = CharLowerA;
							if(_t73 == 0 || _t73 == 1) {
								_t129 = 0;
								if( *0x32ef454 > 0) {
									_t91 = _t115 + 4;
									asm("o16 nop [eax+eax]");
									do {
										_t93 = E032B89A0( *_t120( *((intOrPtr*)(0x32ef240 + _t129 * 4))), _t91);
										_t136 = _t136 + 8;
										if(_t93 == 0) {
											goto L20;
										} else {
											_t43 = _t126 + 0x10; // 0xf9830010
											_t44 = _t126 + 0xc; // 0xc25de58b
											_t94 = E032AD310(_t115,  *_t44,  *_t43, 0x32efcf0, 0x200);
											_t136 = _t136 + 0x14;
											if(_t94 == 0) {
												goto L37;
											} else {
												goto L20;
											}
										}
										goto L38;
										L20:
										_t120 = CharLowerA;
										_t91 = _t115 + 4;
										_t129 = 1 + _t129;
									} while (_t129 <  *0x32ef454);
								}
								goto L21;
							} else {
								L21:
								_t125 =  *_t126;
								_t130 = 0;
								_a8 = _t125;
								if( *((intOrPtr*)(_t126 + 4)) <= 0) {
									goto L36;
								} else {
									asm("o16 nop [eax+eax]");
									while( *0x32ee204 == 0) {
										_t48 = _t126 + 8; // 0xfc62
										_t75 =  *_t48;
										if(_t75 == 0 || _t75 == 1) {
											_t78 = E032B89A0( *_t120( *((intOrPtr*)(_t125 + _t130 * 4))), _t115 + 4);
											goto L33;
										} else {
											if(_t75 != 3) {
												if(_t75 != 2 || IsWindow( *(_t115 + 0x20c)) == 0) {
													goto L34;
												} else {
													GetClassNameA( *(_t115 + 0x20c), 0x32efcf0, 0x200);
													_t85 = E032B1050( *((intOrPtr*)(_a8 + _t130 * 4)), CharLowerA(0x32efcf0));
													_t136 = _t136 + 8;
													if(_t85 != 0) {
														goto L34;
													} else {
														goto L35;
													}
												}
											} else {
												lstrcpyA(0x32efcf0, _t115 + 0x108);
												_t78 = E032B1050( *((intOrPtr*)(_a8 + _t130 * 4)), CharLowerA(0x32efcf0));
												L33:
												_t136 = _t136 + 8;
												if(_t78 == 0) {
													L35:
													_t120 = CharLowerA;
													_t130 = 1 + _t130;
													_t125 = _a8;
													_t64 = _t126 + 4; // 0xe8cd33fc
													if(_t130 <  *_t64) {
														continue;
													} else {
														goto L36;
													}
												} else {
													L34:
													_t61 = _t126 + 0x10; // 0xf9830010
													_t62 = _t126 + 0xc; // 0xc25de58b
													_t79 = E032AD310(_t115,  *_t62,  *_t61, 0x32efcf0, 0x200);
													_t136 = _t136 + 0x14;
													if(_t79 == 0) {
														break;
													} else {
														goto L35;
													}
												}
											}
										}
										goto L38;
									}
									L37:
									return 0;
								}
							}
						} else {
							_t38 = _t126 + 0x1c; // 0x8408b1e
							if( *_t115 ==  *_t38) {
								goto L36;
							} else {
								goto L14;
							}
						}
					}
				} else {
					_t116 =  *_t126;
					if(E032AF7B0(_t117, _t116) == 0) {
						L36:
						return 1;
					} else {
						_a8 = GlobalAlloc(0x40, 8);
						_t132 = GlobalAlloc(0x40, 4);
						_t99 = _a8;
						_push(_t99);
						 *_t132 = _t116;
						_t99[1] = 1;
						 *_t99 = _t132;
						if( *((intOrPtr*)(_t126 + 0xc)) != 0) {
							_t33 = _t126 + 0x10; // 0xf9830010
							_push( *_t33);
							_push( *((intOrPtr*)(_t116 + 0xc)));
							_push( *((intOrPtr*)(_t116 + 8)));
							_t100 = E032AD5B0();
							GlobalFree(_t132);
							GlobalFree(_a8);
							return _t100;
						} else {
							_push( *((intOrPtr*)(_t116 + 4)));
							_t105 =  *0x32efcd0;
							_push(_t105);
							_push( *((intOrPtr*)(_t116 + 0xc)));
							_push(_t105);
							_push( *((intOrPtr*)(_t116 + 8)));
							return E032AD450();
						}
					}
				}
				L38:
			}


































                                                                                                                                  0x032ae787
                                                                                                                                  0x032ae78c
                                                                                                                                  0x032ae78f
                                                                                                                                  0x032ae78f
                                                                                                                                  0x032ae794
                                                                                                                                  0x032ae7aa
                                                                                                                                  0x032ae7af
                                                                                                                                  0x032ae7bb
                                                                                                                                  0x032ae796
                                                                                                                                  0x032ae796
                                                                                                                                  0x032ae796
                                                                                                                                  0x032ae7c2
                                                                                                                                  0x032ae7c5
                                                                                                                                  0x032ae7ec
                                                                                                                                  0x032ae7f3
                                                                                                                                  0x032ae7f6
                                                                                                                                  0x032ae7fd
                                                                                                                                  0x032ae805
                                                                                                                                  0x032ae80c
                                                                                                                                  0x032ae813
                                                                                                                                  0x032ae816
                                                                                                                                  0x032ae82b
                                                                                                                                  0x032ae831
                                                                                                                                  0x032ae844
                                                                                                                                  0x032ae857
                                                                                                                                  0x032ae85c
                                                                                                                                  0x032ae85c
                                                                                                                                  0x032ae865
                                                                                                                                  0x032ae8fa
                                                                                                                                  0x032ae8ff
                                                                                                                                  0x032ae904
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae90a
                                                                                                                                  0x032ae90e
                                                                                                                                  0x032ae91b
                                                                                                                                  0x032ae91b
                                                                                                                                  0x032ae91b
                                                                                                                                  0x032ae91e
                                                                                                                                  0x032ae926
                                                                                                                                  0x032ae92d
                                                                                                                                  0x032ae935
                                                                                                                                  0x032ae937
                                                                                                                                  0x032ae93a
                                                                                                                                  0x032ae940
                                                                                                                                  0x032ae94b
                                                                                                                                  0x032ae950
                                                                                                                                  0x032ae955
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae957
                                                                                                                                  0x032ae961
                                                                                                                                  0x032ae964
                                                                                                                                  0x032ae968
                                                                                                                                  0x032ae96d
                                                                                                                                  0x032ae972
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae972
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae978
                                                                                                                                  0x032ae978
                                                                                                                                  0x032ae97e
                                                                                                                                  0x032ae981
                                                                                                                                  0x032ae982
                                                                                                                                  0x032ae940
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae98a
                                                                                                                                  0x032ae98a
                                                                                                                                  0x032ae98a
                                                                                                                                  0x032ae98c
                                                                                                                                  0x032ae98e
                                                                                                                                  0x032ae994
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae99a
                                                                                                                                  0x032ae99a
                                                                                                                                  0x032ae9a0
                                                                                                                                  0x032ae9ad
                                                                                                                                  0x032ae9ad
                                                                                                                                  0x032ae9b2
                                                                                                                                  0x032aea44
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae9bd
                                                                                                                                  0x032ae9c0
                                                                                                                                  0x032ae9f1
                                                                                                                                  0x00000000
                                                                                                                                  0x032aea03
                                                                                                                                  0x032aea13
                                                                                                                                  0x032aea2c
                                                                                                                                  0x032aea31
                                                                                                                                  0x032aea36
                                                                                                                                  0x00000000
                                                                                                                                  0x032aea38
                                                                                                                                  0x00000000
                                                                                                                                  0x032aea38
                                                                                                                                  0x032aea36
                                                                                                                                  0x032ae9c2
                                                                                                                                  0x032ae9ce
                                                                                                                                  0x032ae9e7
                                                                                                                                  0x032aea49
                                                                                                                                  0x032aea49
                                                                                                                                  0x032aea4e
                                                                                                                                  0x032aea6d
                                                                                                                                  0x032aea6d
                                                                                                                                  0x032aea73
                                                                                                                                  0x032aea74
                                                                                                                                  0x032aea77
                                                                                                                                  0x032aea7a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032aea50
                                                                                                                                  0x032aea50
                                                                                                                                  0x032aea5a
                                                                                                                                  0x032aea5d
                                                                                                                                  0x032aea61
                                                                                                                                  0x032aea66
                                                                                                                                  0x032aea6b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032aea6b
                                                                                                                                  0x032aea4e
                                                                                                                                  0x032ae9c0
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae9b2
                                                                                                                                  0x032aea90
                                                                                                                                  0x032aea96
                                                                                                                                  0x032aea96
                                                                                                                                  0x032ae994
                                                                                                                                  0x032ae910
                                                                                                                                  0x032ae912
                                                                                                                                  0x032ae915
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ae915
                                                                                                                                  0x032ae90e
                                                                                                                                  0x032ae86b
                                                                                                                                  0x032ae86b
                                                                                                                                  0x032ae878
                                                                                                                                  0x032aea82
                                                                                                                                  0x032aea8b
                                                                                                                                  0x032ae87e
                                                                                                                                  0x032ae88e
                                                                                                                                  0x032ae893
                                                                                                                                  0x032ae895
                                                                                                                                  0x032ae898
                                                                                                                                  0x032ae899
                                                                                                                                  0x032ae89b
                                                                                                                                  0x032ae8a2
                                                                                                                                  0x032ae8a8
                                                                                                                                  0x032ae8cb
                                                                                                                                  0x032ae8cb
                                                                                                                                  0x032ae8ce
                                                                                                                                  0x032ae8d1
                                                                                                                                  0x032ae8d4
                                                                                                                                  0x032ae8e5
                                                                                                                                  0x032ae8eb
                                                                                                                                  0x032ae8f5
                                                                                                                                  0x032ae8aa
                                                                                                                                  0x032ae8aa
                                                                                                                                  0x032ae8ad
                                                                                                                                  0x032ae8b2
                                                                                                                                  0x032ae8b3
                                                                                                                                  0x032ae8b6
                                                                                                                                  0x032ae8b7
                                                                                                                                  0x032ae8c8
                                                                                                                                  0x032ae8c8
                                                                                                                                  0x032ae8a8
                                                                                                                                  0x032ae878
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • SendMessageA.USER32 ref: 032AE7F3
                                                                                                                                  • wsprintfA.USER32 ref: 032AE82B
                                                                                                                                  • SendMessageA.USER32 ref: 032AE844
                                                                                                                                  • SendMessageA.USER32 ref: 032AE857
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,032ADD1F), ref: 032AE888
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,032ADD1F), ref: 032AE891
                                                                                                                                    • Part of subcall function 032AD5B0: GlobalAlloc.KERNEL32(00000040,?,?,?,0000000C), ref: 032AD608
                                                                                                                                    • Part of subcall function 032AD5B0: GlobalAlloc.KERNEL32(00000040,?), ref: 032AD627
                                                                                                                                    • Part of subcall function 032AD5B0: lstrcpynA.KERNEL32(00000004,00000000), ref: 032AD638
                                                                                                                                    • Part of subcall function 032AD5B0: GlobalAlloc.KERNEL32(00000040,?), ref: 032AD651
                                                                                                                                    • Part of subcall function 032AD5B0: lstrcpynA.KERNEL32(00000004,?), ref: 032AD662
                                                                                                                                    • Part of subcall function 032AD5B0: wsprintfA.USER32 ref: 032AD680
                                                                                                                                    • Part of subcall function 032AD5B0: GlobalAlloc.KERNEL32(00000040,?), ref: 032AD69D
                                                                                                                                    • Part of subcall function 032AD5B0: lstrcpynA.KERNEL32(00000004,?), ref: 032AD6AE
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AE8E5
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AE8EB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloc$MessageSendlstrcpyn$Freewsprintf
                                                                                                                                  • String ID: %u%% %s$Searching, please wait...
                                                                                                                                  • API String ID: 1365440046-1706403311
                                                                                                                                  • Opcode ID: e4412a9d1bffd3d2f36db833839550c137c7071e342eb4b0b5dc514d0fa8817c
                                                                                                                                  • Instruction ID: fcac854189edf75f3ae183db1d67d5a80bedb9012b8a0cf5e76f692a273abba1
                                                                                                                                  • Opcode Fuzzy Hash: e4412a9d1bffd3d2f36db833839550c137c7071e342eb4b0b5dc514d0fa8817c
                                                                                                                                  • Instruction Fuzzy Hash: 1781F376A10616BFDB10EF69EC85B68B7A8FB04310F19C065FD18DB252D771E8A1CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B81C0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 139stringmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032B81C0(intOrPtr* _a4, CHAR* _a8) {
				char _v5;
				char _v6;
				char _v10;
				char _v12;
				void* _v16;
				void* __edi;
				void* _t26;
				char _t27;
				intOrPtr* _t43;
				void* _t55;
				int _t57;
				void* _t58;
				char _t60;
				char _t61;
				void* _t62;
				intOrPtr* _t64;
				void* _t67;
				void* _t69;
				void* _t70;
				void* _t71;
				int _t73;
				CHAR* _t74;
				void* _t76;
				void* _t77;

				_t26 = GlobalAlloc(0x40, 0x400);
				_t60 =  *"A:"; // 0x3a41
				_t71 = _t26;
				_t27 = 0x41;
				_v12 = _t60;
				_t61 =  *0x32dce1e; // 0x0
				_v10 = _t61;
				_v5 = 0x41;
				do {
					_v6 = _t27;
					_v12 = _t27;
					if(QueryDosDeviceA( &_v12, _t71, 0x400) == 0) {
						goto L20;
					} else {
						_t62 = 0;
						_t69 = _t71 - "\\Device\\LanmanRedirector\\;";
						while(1) {
							_t7 = _t62 + "\\Device\\LanmanRedirector\\;"; // 0x7665445c
							if( *_t7 !=  *((intOrPtr*)(_t69 + _t62 + "\\Device\\LanmanRedirector\\;"))) {
								break;
							}
							_t62 = _t62 + 1;
							if(_t62 < 0x1a) {
								continue;
							} else {
								if( *((char*)(_t71 + 0x1c)) == 0x3a) {
									_v16 = GlobalAlloc(0x40, 0x400);
									_t57 = lstrlenA(_t71);
									_t76 = 0x1c;
									if(_t57 > 0x1c) {
										while( *((char*)(_t76 + _t71)) != 0x5c) {
											_t76 = _t76 + 1;
											if(_t76 < _t57) {
												continue;
											}
											goto L10;
										}
									}
									L10:
									E032BEF40(_t71, _v16, 0, 0x400);
									_t77 = _t77 + 0xc;
									if(_t76 < _t57) {
										_t67 = _v16 - _t76;
										do {
											 *((char*)(_t67 + _t76)) =  *((intOrPtr*)(_t76 + _t71));
											_t76 = _t76 + 1;
										} while (_t76 < _t57);
									}
									lstrcpyA(_t71, "\\Device\\LanmanRedirector");
									_t58 = _v16;
									lstrcatA(_t71, _t58);
									GlobalFree(_t58);
								}
							}
							break;
						}
						_t73 = lstrlenA(_t71);
						_t70 = 0;
						if(_t73 <= 0) {
							L18:
							lstrcpyA(_t71, _a4 + _t73);
							_t74 = _a8;
							lstrcpyA(_t74,  &_v12);
							lstrcatA(_t74, _t71);
							GlobalFree(_t71);
							return 1;
						} else {
							_t43 = _a4;
							_t64 = _t43;
							_t55 = _t71 - _t43;
							while( *((intOrPtr*)(_t55 + _t64)) ==  *_t64) {
								_t70 = _t70 + 1;
								_t64 = _t64 + 1;
								if(_t70 < _t73) {
									continue;
								} else {
									goto L18;
								}
								goto L22;
							}
							goto L20;
						}
					}
					L22:
					L20:
					_t27 = _v5 + 1;
					_v5 = _t27;
				} while (_v6 < 0x5a);
				GlobalFree(_t71);
				return 0;
				goto L22;
			}



























                                                                                                                                  0x032b81d6
                                                                                                                                  0x032b81d8
                                                                                                                                  0x032b81df
                                                                                                                                  0x032b81e7
                                                                                                                                  0x032b81e9
                                                                                                                                  0x032b81ed
                                                                                                                                  0x032b81f3
                                                                                                                                  0x032b81f6
                                                                                                                                  0x032b8200
                                                                                                                                  0x032b8205
                                                                                                                                  0x032b8208
                                                                                                                                  0x032b8218
                                                                                                                                  0x00000000
                                                                                                                                  0x032b821e
                                                                                                                                  0x032b8220
                                                                                                                                  0x032b8222
                                                                                                                                  0x032b8230
                                                                                                                                  0x032b8230
                                                                                                                                  0x032b823d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b8243
                                                                                                                                  0x032b8247
                                                                                                                                  0x00000000
                                                                                                                                  0x032b8249
                                                                                                                                  0x032b824d
                                                                                                                                  0x032b8259
                                                                                                                                  0x032b825e
                                                                                                                                  0x032b8260
                                                                                                                                  0x032b8267
                                                                                                                                  0x032b8270
                                                                                                                                  0x032b8276
                                                                                                                                  0x032b8279
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b8279
                                                                                                                                  0x032b8270
                                                                                                                                  0x032b827b
                                                                                                                                  0x032b8285
                                                                                                                                  0x032b828a
                                                                                                                                  0x032b828f
                                                                                                                                  0x032b8294
                                                                                                                                  0x032b8296
                                                                                                                                  0x032b8299
                                                                                                                                  0x032b829c
                                                                                                                                  0x032b829d
                                                                                                                                  0x032b8296
                                                                                                                                  0x032b82a7
                                                                                                                                  0x032b82ad
                                                                                                                                  0x032b82b2
                                                                                                                                  0x032b82b9
                                                                                                                                  0x032b82bf
                                                                                                                                  0x032b824d
                                                                                                                                  0x00000000
                                                                                                                                  0x032b8247
                                                                                                                                  0x032b82c8
                                                                                                                                  0x032b82ca
                                                                                                                                  0x032b82ce
                                                                                                                                  0x032b82ed
                                                                                                                                  0x032b82fa
                                                                                                                                  0x032b82fc
                                                                                                                                  0x032b8304
                                                                                                                                  0x032b8308
                                                                                                                                  0x032b8315
                                                                                                                                  0x032b8322
                                                                                                                                  0x032b82d0
                                                                                                                                  0x032b82d0
                                                                                                                                  0x032b82d5
                                                                                                                                  0x032b82d7
                                                                                                                                  0x032b82e0
                                                                                                                                  0x032b82e7
                                                                                                                                  0x032b82e8
                                                                                                                                  0x032b82eb
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b82eb
                                                                                                                                  0x00000000
                                                                                                                                  0x032b8329
                                                                                                                                  0x032b82ce
                                                                                                                                  0x00000000
                                                                                                                                  0x032b832f
                                                                                                                                  0x032b8332
                                                                                                                                  0x032b8338
                                                                                                                                  0x032b8338
                                                                                                                                  0x032b8348
                                                                                                                                  0x032b8352
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000400,00000000,00000000,00000001,032B7D40,?,?), ref: 032B81D6
                                                                                                                                  • QueryDosDeviceA.KERNEL32(?,00000000,00000400), ref: 032B8210
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000400), ref: 032B8256
                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 032B825C
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,\Device\LanmanRedirector), ref: 032B82A7
                                                                                                                                  • lstrcatA.KERNEL32(00000000,?), ref: 032B82B2
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B82B9
                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 032B82C6
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B82FA
                                                                                                                                  • lstrcpyA.KERNEL32(?,?), ref: 032B8304
                                                                                                                                  • lstrcatA.KERNEL32(?,00000000), ref: 032B8308
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Globallstrcpy$Alloclstrcatlstrlen$DeviceFreeQuery
                                                                                                                                  • String ID: Z$\Device\LanmanRedirector
                                                                                                                                  • API String ID: 3233365932-616079981
                                                                                                                                  • Opcode ID: 69eda4f36bbec5820cd887254b3b0344c04dd78ebaa5569657d28c66484c593d
                                                                                                                                  • Instruction ID: 661b01b96751ce7d48574ec1ebb8cec6e039e1ca7b8e529cdd3a78b4562c8489
                                                                                                                                  • Opcode Fuzzy Hash: 69eda4f36bbec5820cd887254b3b0344c04dd78ebaa5569657d28c66484c593d
                                                                                                                                  • Instruction Fuzzy Hash: FD412075E152E46FDB11EBB4F888BEEBFBCAB45740F08C099D68997245C2705842C761
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D2CE7 Relevance: 22.8, APIs: 15, Instructions: 343COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                  			E032D2CE7(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				intOrPtr* _v48;
				char* _v52;
				intOrPtr* _v56;
				signed int _v60;
				intOrPtr _v64;
				signed int _v68;
				signed int* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				char _v92;
				void* __ebp;
				signed int _t118;
				char _t140;
				signed short _t143;
				signed int _t144;
				void* _t147;
				void* _t150;
				void* _t153;
				void* _t154;
				void* _t157;
				signed int _t159;
				intOrPtr* _t160;
				signed char _t177;
				signed int* _t180;
				char* _t183;
				signed char _t184;
				void* _t191;
				char _t193;
				void* _t195;
				signed int* _t197;
				intOrPtr _t198;
				void* _t199;
				intOrPtr _t203;
				short* _t207;
				intOrPtr _t208;
				signed int _t209;
				signed char _t216;
				char _t217;
				intOrPtr _t218;
				void* _t222;
				signed int _t223;
				signed char* _t225;
				int* _t227;
				signed char* _t239;
				short* _t240;
				intOrPtr* _t242;
				char* _t243;
				char* _t244;
				intOrPtr* _t248;
				signed int _t249;
				short* _t250;
				void* _t252;
				signed int _t253;
				signed int _t254;
				void* _t255;
				void* _t256;

				_t199 = __ecx;
				_t118 =  *0x32ed474; // 0x444d31ba
				_v8 = _t118 ^ _t254;
				_t242 = _a4;
				_t193 = 0;
				_v56 = _t242;
				_v32 = 0;
				_v36 = 0;
				_t120 =  *((intOrPtr*)(_t242 + 0xa8));
				_v40 = 0;
				_v44 = 0;
				_v92 = _t242;
				_v88 = 0;
				if( *((intOrPtr*)(_t242 + 0xa8)) == 0) {
					__eflags =  *((intOrPtr*)(_t242 + 0x8c));
					if( *((intOrPtr*)(_t242 + 0x8c)) != 0) {
						asm("lock dec dword [eax]");
					}
					 *((intOrPtr*)(_t242 + 0x8c)) = _t193;
					__eflags = 0;
					 *((intOrPtr*)(_t242 + 0x90)) = _t193;
					 *_t242 = 0x32e2018;
					 *((intOrPtr*)(_t242 + 0x94)) = 0x32e2298;
					 *((intOrPtr*)(_t242 + 0x98)) = 0x32e2418;
					 *((intOrPtr*)(_t242 + 4)) = 1;
					L48:
					return E032BD98D(_v8 ^ _t254);
				}
				_push(__edi);
				_t227 = _t242 + 8;
				_v48 = 0;
				if( *_t227 != 0) {
					L3:
					_v48 = E032CCA94(_t199, 1, 4);
					E032C9EFA(_t193);
					_v32 = E032CCA94(_t199, 0x180, 2);
					E032C9EFA(_t193);
					_v36 = E032CCA94(_t199, 0x180, 1);
					E032C9EFA(_t193);
					_v40 = E032CCA94(_t199, 0x180, 1);
					E032C9EFA(_t193);
					_v44 = E032CCA94(_t199, 0x101, 1);
					E032C9EFA(_t193);
					_t256 = _t255 + 0x3c;
					if(_v48 == _t193 || _v32 == _t193) {
						L43:
						E032C9EFA(_v48);
						E032C9EFA(_v32);
						E032C9EFA(_v36);
						E032C9EFA(_v40);
						_t193 = 1;
						__eflags = 1;
						goto L44;
					} else {
						_t203 = _v44;
						if(_t203 == 0 || _v36 == _t193 || _v40 == _t193) {
							goto L43;
						} else {
							_t140 = _t193;
							do {
								 *((char*)(_t140 + _t203)) = _t140;
								_t140 = _t140 + 1;
							} while (_t140 < 0x100);
							if(GetCPInfo( *_t227,  &_v28) == 0) {
								goto L43;
							}
							_t143 = _v28;
							if(_t143 > 5) {
								goto L43;
							}
							_t144 = _t143 & 0x0000ffff;
							_v60 = _t144;
							if(_t144 <= 1) {
								L22:
								_v52 = _v44 + 1;
								_t147 = E032CEE61(_t193, _t227, _t242, _t274, _t193,  *((intOrPtr*)(_t242 + 0xa8)), 0x100, _v44 + 1, 0xff, _v36 + 0x81, 0xff,  *_t227, _t193);
								_t256 = _t256 + 0x24;
								_t275 = _t147;
								if(_t147 == 0) {
									goto L43;
								}
								_t150 = E032CEE61(_t193, _t227, _t242, _t275, _t193,  *((intOrPtr*)(_t242 + 0xa8)), 0x200, _v52, 0xff, _v40 + 0x81, 0xff,  *_t227, _t193);
								_t256 = _t256 + 0x24;
								_t276 = _t150;
								if(_t150 == 0) {
									goto L43;
								}
								_v76 = _v32 + 0x100;
								_t153 = E032D4217(_t193, 0xff, _t227, _t242, _t276, _t193, 1, _v44, 0x100, _v32 + 0x100,  *_t227, _t193);
								_t256 = _t256 + 0x1c;
								if(_t153 == 0) {
									goto L43;
								}
								_t154 = _v32;
								_t207 = _t154 + 0xfe;
								 *_t207 = 0;
								_t222 = _v40;
								_v80 = _t207;
								_t208 = _v36;
								_t243 = _t208 + 0x80;
								 *((char*)(_t208 + 0x7f)) = _t193;
								 *((char*)(_t222 + 0x7f)) = _t193;
								 *_t243 = _t193;
								_v84 = _t243;
								_t244 = _t222 + 0x80;
								_v52 = _t244;
								 *_t244 = _t193;
								if(_v60 <= 1) {
									L39:
									_t209 = 0x3f;
									_push(0x1f);
									_t157 = memcpy(_v32, _v32 + 0x200, _t209 << 2);
									_push(0x1f);
									asm("movsw");
									memcpy(_t157, _t157 + 0x100, 0 << 2);
									asm("movsw");
									asm("movsb");
									_t159 = memcpy(_t222, _t222 + 0x100, 0 << 2);
									asm("movsw");
									asm("movsb");
									_t248 = _v56;
									if( *((intOrPtr*)(_t248 + 0x8c)) != 0) {
										asm("lock xadd [ecx], eax");
										if((_t159 | 0xffffffff) == 0) {
											E032C9EFA( *((intOrPtr*)(_t248 + 0x90)) - 0xfe);
											E032C9EFA( *((intOrPtr*)(_t248 + 0x94)) - 0x80);
											E032C9EFA( *((intOrPtr*)(_t248 + 0x98)) - 0x80);
											E032C9EFA( *((intOrPtr*)(_t248 + 0x8c)));
										}
									}
									_t160 = _v48;
									 *_t160 = 1;
									 *((intOrPtr*)(_t248 + 0x8c)) = _t160;
									 *_t248 = _v76;
									 *((intOrPtr*)(_t248 + 0x90)) = _v80;
									 *((intOrPtr*)(_t248 + 0x94)) = _v84;
									 *((intOrPtr*)(_t248 + 0x98)) = _v52;
									 *(_t248 + 4) = _v60;
									L44:
									E032C9EFA(_v44);
									goto L48;
								}
								if( *_t227 != 0xfde9) {
									_t239 =  &_v22;
									__eflags = _v22 - _t193;
									if(_v22 == _t193) {
										goto L39;
									}
									_t195 = _v32;
									while(1) {
										_t177 = _t239[1];
										__eflags = _t177;
										if(_t177 == 0) {
											break;
										}
										_t249 =  *_t239 & 0x000000ff;
										_v68 = _t249;
										__eflags = _t249 - (_t177 & 0x000000ff);
										if(_t249 > (_t177 & 0x000000ff)) {
											L37:
											_t239 =  &(_t239[2]);
											__eflags =  *_t239;
											if( *_t239 != 0) {
												continue;
											}
											break;
										}
										_v64 = _t208;
										_t180 = _t222 + 0x80 + _t249;
										_t216 = _t208 - _t222;
										__eflags = _t216;
										_t223 = _v68;
										_t250 = _t195 - 0xffffff00 + _t249 * 2;
										_v72 = _t180;
										_t197 = _t180;
										do {
											 *_t250 = 0x8000;
											_t250 = _t250 + 2;
											 *(_t197 + _t216) = _t223;
											 *_t197 = _t223;
											_t223 = _t223 + 1;
											_t197 =  &(_t197[0]);
											__eflags = _t223 - (_t239[1] & 0x000000ff);
										} while (_t223 <= (_t239[1] & 0x000000ff));
										_t222 = _v40;
										_t208 = _v36;
										_t195 = _v32;
										goto L37;
									}
									L38:
									_t193 = 0;
									goto L39;
								}
								_t198 = _v52;
								_t240 = _t154 + 0x284;
								_t217 = 0xc2;
								_t252 = _t208 - _t222;
								do {
									_t183 = _t198 + _t217;
									 *_t240 = 0x8000;
									 *((char*)(_t252 + _t183)) = _t217;
									_t240 = _t240 + 2;
									 *_t183 = _t217;
									_t217 = _t217 + 1;
								} while (_t217 < 0xf5);
								_t222 = _v40;
								goto L38;
							}
							_t274 =  *_t227 - 0xfde9;
							if( *_t227 != 0xfde9) {
								_t225 =  &_v22;
								__eflags = _v22 - _t193;
								if(__eflags == 0) {
									goto L22;
								}
								_t218 = _v44;
								while(1) {
									_t184 = _t225[1];
									__eflags = _t184;
									if(__eflags == 0) {
										break;
									}
									_t253 =  *_t225 & 0x000000ff;
									__eflags = _t253 - (_t184 & 0x000000ff);
									if(_t253 > (_t184 & 0x000000ff)) {
										L20:
										_t225 =  &(_t225[2]);
										__eflags =  *_t225 - _t193;
										if(__eflags != 0) {
											continue;
										}
										break;
									} else {
										goto L19;
									}
									do {
										L19:
										 *((char*)(_t253 + _t218)) = 0x20;
										_t253 = _t253 + 1;
										__eflags = _t253 - (_t225[1] & 0x000000ff);
									} while (_t253 <= (_t225[1] & 0x000000ff));
									goto L20;
								}
								_t242 = _v56;
								goto L22;
							}
							E032BEF40(_t227, _v44 - 0xffffff80, 0x20, 0x80);
							_t256 = _t256 + 0xc;
							goto L22;
						}
					}
				}
				_t191 = E032D86AD(0, __edx, _t227, _t242,  &_v92, 0, _t120, 0x1004, _t227);
				_t256 = _t255 + 0x14;
				if(_t191 != 0) {
					goto L43;
				}
				goto L3;
			}




































































                                                                                                                                  0x032d2ce7
                                                                                                                                  0x032d2cef
                                                                                                                                  0x032d2cf6
                                                                                                                                  0x032d2cfb
                                                                                                                                  0x032d2cfe
                                                                                                                                  0x032d2d00
                                                                                                                                  0x032d2d03
                                                                                                                                  0x032d2d06
                                                                                                                                  0x032d2d09
                                                                                                                                  0x032d2d0f
                                                                                                                                  0x032d2d12
                                                                                                                                  0x032d2d15
                                                                                                                                  0x032d2d18
                                                                                                                                  0x032d2d1d
                                                                                                                                  0x032d30de
                                                                                                                                  0x032d30e0
                                                                                                                                  0x032d30e2
                                                                                                                                  0x032d30e2
                                                                                                                                  0x032d30e5
                                                                                                                                  0x032d30eb
                                                                                                                                  0x032d30ed
                                                                                                                                  0x032d30f3
                                                                                                                                  0x032d30f9
                                                                                                                                  0x032d3103
                                                                                                                                  0x032d310d
                                                                                                                                  0x032d3114
                                                                                                                                  0x032d3123
                                                                                                                                  0x032d3123
                                                                                                                                  0x032d2d23
                                                                                                                                  0x032d2d24
                                                                                                                                  0x032d2d27
                                                                                                                                  0x032d2d2c
                                                                                                                                  0x032d2d4a
                                                                                                                                  0x032d2d54
                                                                                                                                  0x032d2d57
                                                                                                                                  0x032d2d69
                                                                                                                                  0x032d2d6c
                                                                                                                                  0x032d2d7e
                                                                                                                                  0x032d2d81
                                                                                                                                  0x032d2d93
                                                                                                                                  0x032d2d96
                                                                                                                                  0x032d2da8
                                                                                                                                  0x032d2dab
                                                                                                                                  0x032d2db0
                                                                                                                                  0x032d2db6
                                                                                                                                  0x032d30a4
                                                                                                                                  0x032d30a7
                                                                                                                                  0x032d30af
                                                                                                                                  0x032d30b7
                                                                                                                                  0x032d30bf
                                                                                                                                  0x032d30c9
                                                                                                                                  0x032d30c9
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2dc5
                                                                                                                                  0x032d2dc5
                                                                                                                                  0x032d2dca
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2de2
                                                                                                                                  0x032d2de2
                                                                                                                                  0x032d2de4
                                                                                                                                  0x032d2de4
                                                                                                                                  0x032d2de7
                                                                                                                                  0x032d2de8
                                                                                                                                  0x032d2dfd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2e03
                                                                                                                                  0x032d2e09
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2e0f
                                                                                                                                  0x032d2e12
                                                                                                                                  0x032d2e18
                                                                                                                                  0x032d2e6d
                                                                                                                                  0x032d2e90
                                                                                                                                  0x032d2e94
                                                                                                                                  0x032d2e99
                                                                                                                                  0x032d2e9c
                                                                                                                                  0x032d2e9e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2ec6
                                                                                                                                  0x032d2ecb
                                                                                                                                  0x032d2ece
                                                                                                                                  0x032d2ed0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2eea
                                                                                                                                  0x032d2ef0
                                                                                                                                  0x032d2ef5
                                                                                                                                  0x032d2efa
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2f00
                                                                                                                                  0x032d2f09
                                                                                                                                  0x032d2f0f
                                                                                                                                  0x032d2f12
                                                                                                                                  0x032d2f15
                                                                                                                                  0x032d2f18
                                                                                                                                  0x032d2f1b
                                                                                                                                  0x032d2f21
                                                                                                                                  0x032d2f24
                                                                                                                                  0x032d2f27
                                                                                                                                  0x032d2f29
                                                                                                                                  0x032d2f2c
                                                                                                                                  0x032d2f32
                                                                                                                                  0x032d2f35
                                                                                                                                  0x032d2f37
                                                                                                                                  0x032d2fe2
                                                                                                                                  0x032d2fe9
                                                                                                                                  0x032d2fea
                                                                                                                                  0x032d2ff5
                                                                                                                                  0x032d2ff8
                                                                                                                                  0x032d2ffa
                                                                                                                                  0x032d3004
                                                                                                                                  0x032d3007
                                                                                                                                  0x032d3009
                                                                                                                                  0x032d3012
                                                                                                                                  0x032d3014
                                                                                                                                  0x032d3016
                                                                                                                                  0x032d3017
                                                                                                                                  0x032d3022
                                                                                                                                  0x032d3027
                                                                                                                                  0x032d302b
                                                                                                                                  0x032d3039
                                                                                                                                  0x032d304c
                                                                                                                                  0x032d305a
                                                                                                                                  0x032d3065
                                                                                                                                  0x032d306a
                                                                                                                                  0x032d302b
                                                                                                                                  0x032d306d
                                                                                                                                  0x032d3070
                                                                                                                                  0x032d3076
                                                                                                                                  0x032d307f
                                                                                                                                  0x032d3084
                                                                                                                                  0x032d308d
                                                                                                                                  0x032d3096
                                                                                                                                  0x032d309f
                                                                                                                                  0x032d30ca
                                                                                                                                  0x032d30cd
                                                                                                                                  0x00000000
                                                                                                                                  0x032d30d5
                                                                                                                                  0x032d2f43
                                                                                                                                  0x032d2f78
                                                                                                                                  0x032d2f7b
                                                                                                                                  0x032d2f7e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2f80
                                                                                                                                  0x032d2f83
                                                                                                                                  0x032d2f83
                                                                                                                                  0x032d2f86
                                                                                                                                  0x032d2f88
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2f8a
                                                                                                                                  0x032d2f90
                                                                                                                                  0x032d2f93
                                                                                                                                  0x032d2f95
                                                                                                                                  0x032d2fd8
                                                                                                                                  0x032d2fd8
                                                                                                                                  0x032d2fdb
                                                                                                                                  0x032d2fde
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2fde
                                                                                                                                  0x032d2f9d
                                                                                                                                  0x032d2fa6
                                                                                                                                  0x032d2fa8
                                                                                                                                  0x032d2fa8
                                                                                                                                  0x032d2faa
                                                                                                                                  0x032d2fad
                                                                                                                                  0x032d2fb0
                                                                                                                                  0x032d2fb3
                                                                                                                                  0x032d2fb5
                                                                                                                                  0x032d2fba
                                                                                                                                  0x032d2fbd
                                                                                                                                  0x032d2fc0
                                                                                                                                  0x032d2fc3
                                                                                                                                  0x032d2fc5
                                                                                                                                  0x032d2fca
                                                                                                                                  0x032d2fcb
                                                                                                                                  0x032d2fcb
                                                                                                                                  0x032d2fcf
                                                                                                                                  0x032d2fd2
                                                                                                                                  0x032d2fd5
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2fd5
                                                                                                                                  0x032d2fe0
                                                                                                                                  0x032d2fe0
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2fe0
                                                                                                                                  0x032d2f45
                                                                                                                                  0x032d2f48
                                                                                                                                  0x032d2f50
                                                                                                                                  0x032d2f55
                                                                                                                                  0x032d2f5c
                                                                                                                                  0x032d2f5c
                                                                                                                                  0x032d2f5f
                                                                                                                                  0x032d2f62
                                                                                                                                  0x032d2f65
                                                                                                                                  0x032d2f68
                                                                                                                                  0x032d2f6a
                                                                                                                                  0x032d2f6b
                                                                                                                                  0x032d2f73
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2f73
                                                                                                                                  0x032d2e1a
                                                                                                                                  0x032d2e20
                                                                                                                                  0x032d2e3a
                                                                                                                                  0x032d2e3d
                                                                                                                                  0x032d2e40
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2e42
                                                                                                                                  0x032d2e45
                                                                                                                                  0x032d2e45
                                                                                                                                  0x032d2e48
                                                                                                                                  0x032d2e4a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2e4c
                                                                                                                                  0x032d2e52
                                                                                                                                  0x032d2e54
                                                                                                                                  0x032d2e63
                                                                                                                                  0x032d2e63
                                                                                                                                  0x032d2e66
                                                                                                                                  0x032d2e68
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2e56
                                                                                                                                  0x032d2e56
                                                                                                                                  0x032d2e56
                                                                                                                                  0x032d2e5a
                                                                                                                                  0x032d2e5f
                                                                                                                                  0x032d2e5f
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2e56
                                                                                                                                  0x032d2e6a
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2e6a
                                                                                                                                  0x032d2e30
                                                                                                                                  0x032d2e35
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2e35
                                                                                                                                  0x032d2dca
                                                                                                                                  0x032d2db6
                                                                                                                                  0x032d2d3a
                                                                                                                                  0x032d2d3f
                                                                                                                                  0x032d2d44
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$Info
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2509303402-0
                                                                                                                                  • Opcode ID: 2635fb2842856d9b47c6fc2a8cad24042a44ea5beb4616d65c69a86daf58a6cb
                                                                                                                                  • Instruction ID: e3600900a264c5c06ca86f0ac559ccdc916914a861b63bcc9002e7159a5d67d6
                                                                                                                                  • Opcode Fuzzy Hash: 2635fb2842856d9b47c6fc2a8cad24042a44ea5beb4616d65c69a86daf58a6cb
                                                                                                                                  • Instruction Fuzzy Hash: A7D17D75920356DFDB11DFA8C880BEEFBB5FF08300F184569E599AB241D771A885CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B4A90 Relevance: 22.7, APIs: 14, Strings: 1, Instructions: 190memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 67%
                                                                                                                                  			E032B4A90(CHAR* _a8, char _a12, void* _a16) {
				char* _v8;
				char* _v12;
				CHAR** _v16;
				char _v20;
				intOrPtr _v24;
				char _v40;
				intOrPtr _v44;
				char _v60;
				void* __ebx;
				CHAR* _t42;
				CHAR* _t43;
				CHAR* _t54;
				void* _t55;
				CHAR* _t65;
				void* _t71;
				void* _t74;
				void* _t82;
				int _t83;
				CHAR* _t84;
				CHAR* _t88;
				void* _t98;
				void* _t99;
				void** _t102;
				void* _t104;
				void* _t105;
				void** _t107;
				void _t108;
				void* _t109;
				void _t111;
				void* _t112;
				void* _t114;
				void* _t115;

				_t83 = _a8;
				_t82 = GlobalAlloc;
				 *0x32efef8 = _a16;
				 *0x32efefc = _a12;
				 *0x32efef4 = _t83;
				_t42 = GlobalAlloc(0x40, _t83 + 1);
				_t107 =  *0x32efef8;
				_t84 = _t42;
				_a16 = _t84;
				if(_t107 == 0) {
					L17:
					if(_t84 != 0) {
						GlobalFree(_t84);
						_a16 = 0;
					}
					_t43 = E032B1F00();
					if( *0x32efef8 != 0) {
						_t108 = GlobalAlloc(0x40,  *0x32efef4 + 8);
						_t38 = _t108 + 4; // 0x4
						_t43 = lstrcpynA(_t38, "error",  *0x32efef4);
						_t98 =  *0x32efef8;
						 *_t108 =  *_t98;
						 *_t98 = _t108;
					}
					return _t43;
				} else {
					_t109 =  *_t107;
					if(_t109 == 0) {
						goto L17;
					} else {
						lstrcpyA(_t84, _t109 + 4);
						 *( *0x32efef8) =  *_t109;
						GlobalFree(_t109);
						_t54 = GlobalAlloc(0x40,  *0x32efef4 + 1);
						_t102 =  *0x32efef8;
						_t88 = _t54;
						_a8 = _t88;
						if(_t102 == 0) {
							L12:
							if(_t88 != 0) {
								GlobalFree(_t88);
								_a8 = 0;
							}
							_t55 = _a16;
							if(_t55 != 0) {
								GlobalFree(_t55);
								_a16 = 0;
							}
							goto L16;
						} else {
							_t104 =  *_t102;
							if(_t104 == 0) {
								goto L12;
							} else {
								lstrcpyA(_t88, _t104 + 4);
								 *( *0x32efef8) =  *_t104;
								GlobalFree(_t104);
								_a12 = 0;
								_t65 = E032C5A1E(_a8, " ",  &_a12);
								_t114 = _t112 + 0xc;
								if(_t65 != 0) {
									lstrcpyA(_a8, _t65);
								}
								_v24 = 0;
								_v20 =  &_a16;
								asm("xorps xmm0, xmm0");
								_v44 = 0;
								_v16 =  &_a8;
								_v12 =  &_v40;
								_v8 =  &_v60;
								asm("movups [ebp-0x24], xmm0");
								asm("movups [ebp-0x38], xmm0");
								_t71 = E032B6B90(_t82, _a16,  &_v40);
								_t112 = _t114 + 8;
								if(_t71 != 0) {
									L11:
									E032B1EB0( &_v20);
									L16:
									E032B1F00();
									return E032B1FC0("error");
								} else {
									_t74 = E032B6B90(_t82, _a8,  &_v60);
									_t112 = _t112 + 8;
									if(_t74 != 0) {
										goto L11;
									} else {
										asm("movups xmm0, [ebp-0x24]");
										_t115 = _t112 - 0x14;
										asm("movups [ecx], xmm0");
										 *((intOrPtr*)(_t115 + 0x10)) = _v24;
										asm("movups xmm0, [ebp-0x38]");
										asm("movups [ecx], xmm0");
										 *((intOrPtr*)(_t115 - 0x14 + 0x10)) = _v44;
										_t105 = E032B6B00();
										if( *0x32efef8 != 0) {
											_t111 = GlobalAlloc(0x40,  *0x32efef4 + 8);
											_t31 = _t111 + 4; // 0x4
											wsprintfA(_t31, 0x32dc480, _t105);
											_t99 =  *0x32efef8;
											 *_t111 =  *_t99;
											 *_t99 = _t111;
										}
										return E032B1EB0( &_v20);
									}
								}
							}
						}
					}
				}
			}



































                                                                                                                                  0x032b4a96
                                                                                                                                  0x032b4a9d
                                                                                                                                  0x032b4aa4
                                                                                                                                  0x032b4aad
                                                                                                                                  0x032b4ab8
                                                                                                                                  0x032b4abe
                                                                                                                                  0x032b4ac0
                                                                                                                                  0x032b4ac6
                                                                                                                                  0x032b4ac8
                                                                                                                                  0x032b4acd
                                                                                                                                  0x032b4c74
                                                                                                                                  0x032b4c76
                                                                                                                                  0x032b4c79
                                                                                                                                  0x032b4c7f
                                                                                                                                  0x032b4c7f
                                                                                                                                  0x032b4c86
                                                                                                                                  0x032b4c92
                                                                                                                                  0x032b4ca7
                                                                                                                                  0x032b4cae
                                                                                                                                  0x032b4cb2
                                                                                                                                  0x032b4cb8
                                                                                                                                  0x032b4cc0
                                                                                                                                  0x032b4cc2
                                                                                                                                  0x032b4cc2
                                                                                                                                  0x032b4cca
                                                                                                                                  0x032b4ad3
                                                                                                                                  0x032b4ad3
                                                                                                                                  0x032b4ad7
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4add
                                                                                                                                  0x032b4ae2
                                                                                                                                  0x032b4af6
                                                                                                                                  0x032b4af8
                                                                                                                                  0x032b4b03
                                                                                                                                  0x032b4b05
                                                                                                                                  0x032b4b0b
                                                                                                                                  0x032b4b0d
                                                                                                                                  0x032b4b12
                                                                                                                                  0x032b4c3c
                                                                                                                                  0x032b4c3e
                                                                                                                                  0x032b4c41
                                                                                                                                  0x032b4c43
                                                                                                                                  0x032b4c43
                                                                                                                                  0x032b4c4a
                                                                                                                                  0x032b4c4f
                                                                                                                                  0x032b4c52
                                                                                                                                  0x032b4c54
                                                                                                                                  0x032b4c54
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4b18
                                                                                                                                  0x032b4b18
                                                                                                                                  0x032b4b1c
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4b22
                                                                                                                                  0x032b4b27
                                                                                                                                  0x032b4b35
                                                                                                                                  0x032b4b37
                                                                                                                                  0x032b4b3c
                                                                                                                                  0x032b4b4c
                                                                                                                                  0x032b4b51
                                                                                                                                  0x032b4b56
                                                                                                                                  0x032b4b5c
                                                                                                                                  0x032b4b5c
                                                                                                                                  0x032b4b65
                                                                                                                                  0x032b4b6c
                                                                                                                                  0x032b4b6f
                                                                                                                                  0x032b4b75
                                                                                                                                  0x032b4b7c
                                                                                                                                  0x032b4b82
                                                                                                                                  0x032b4b88
                                                                                                                                  0x032b4b92
                                                                                                                                  0x032b4b96
                                                                                                                                  0x032b4b9a
                                                                                                                                  0x032b4b9f
                                                                                                                                  0x032b4ba4
                                                                                                                                  0x032b4c32
                                                                                                                                  0x032b4c35
                                                                                                                                  0x032b4c5b
                                                                                                                                  0x032b4c5b
                                                                                                                                  0x032b4c73
                                                                                                                                  0x032b4baa
                                                                                                                                  0x032b4bb1
                                                                                                                                  0x032b4bb6
                                                                                                                                  0x032b4bbb
                                                                                                                                  0x00000000
                                                                                                                                  0x032b4bbd
                                                                                                                                  0x032b4bbd
                                                                                                                                  0x032b4bc4
                                                                                                                                  0x032b4bcc
                                                                                                                                  0x032b4bcf
                                                                                                                                  0x032b4bd4
                                                                                                                                  0x032b4bdb
                                                                                                                                  0x032b4bde
                                                                                                                                  0x032b4be9
                                                                                                                                  0x032b4bf2
                                                                                                                                  0x032b4c02
                                                                                                                                  0x032b4c0a
                                                                                                                                  0x032b4c0e
                                                                                                                                  0x032b4c14
                                                                                                                                  0x032b4c1f
                                                                                                                                  0x032b4c21
                                                                                                                                  0x032b4c21
                                                                                                                                  0x032b4c31
                                                                                                                                  0x032b4c31
                                                                                                                                  0x032b4bbb
                                                                                                                                  0x032b4ba4
                                                                                                                                  0x032b4b1c
                                                                                                                                  0x032b4b12
                                                                                                                                  0x032b4ad7

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B4ABE
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B4AE2
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4AF8
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B4B03
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B4B27
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4B37
                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000), ref: 032B4B5C
                                                                                                                                    • Part of subcall function 032B1EB0: GlobalFree.KERNEL32 ref: 032B1EBC
                                                                                                                                    • Part of subcall function 032B1EB0: GlobalFree.KERNEL32 ref: 032B1ED4
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B4C00
                                                                                                                                  • wsprintfA.USER32 ref: 032B4C0E
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4C41
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4C52
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B4C79
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B4C9F
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B4CB2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc$lstrcpy$lstrcpynwsprintf
                                                                                                                                  • String ID: error
                                                                                                                                  • API String ID: 2997179825-1574812785
                                                                                                                                  • Opcode ID: 4b9477f02f55b750675d917cdaf654debe2ff2852c93e79fe3af7113510dfa5f
                                                                                                                                  • Instruction ID: de121a10af43962314759858f0ff630045a2ce3def099af9074e4580212f9241
                                                                                                                                  • Opcode Fuzzy Hash: 4b9477f02f55b750675d917cdaf654debe2ff2852c93e79fe3af7113510dfa5f
                                                                                                                                  • Instruction Fuzzy Hash: F961E676910305AFCB14EF65E985AEEB7B8FF48340F198119EC15AB341E771EA90CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BA860 Relevance: 22.7, APIs: 15, Instructions: 171memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 45%
                                                                                                                                  			E032BA860(intOrPtr* __ecx, char _a4, char _a8, intOrPtr _a12) {
				intOrPtr _v0;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				intOrPtr _v80;
				intOrPtr _v100;
				char _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				signed int _v152;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				char _t104;
				signed int _t112;
				signed int _t114;
				char _t122;
				intOrPtr* _t135;
				intOrPtr* _t137;
				intOrPtr* _t141;
				char _t143;
				intOrPtr _t144;
				intOrPtr _t145;
				intOrPtr* _t153;
				intOrPtr* _t155;
				intOrPtr* _t159;
				intOrPtr* _t162;
				intOrPtr* _t167;
				intOrPtr* _t168;
				intOrPtr* _t170;
				intOrPtr* _t177;
				intOrPtr* _t181;
				intOrPtr* _t184;
				void* _t187;
				intOrPtr* _t188;
				char _t191;
				signed int _t192;
				intOrPtr* _t194;
				signed int _t197;
				signed int _t201;
				signed int _t202;

				_t167 = __ecx;
				_t197 = _t201;
				_push(0xffffffff);
				_push(E032DBC80);
				_push( *[fs:0x0]);
				_t202 = _t201 - 0x3c;
				_push(_t191);
				_push(_t187);
				_t90 =  *0x32ed474; // 0x444d31ba
				_push(_t90 ^ _t197);
				 *[fs:0x0] =  &_v16;
				_v20 = _t202;
				_t162 = __ecx;
				_v32 = 0;
				_v36 = 0;
				_v24 = 0;
				_v28 = 0;
				_v8 = 0;
				if( *__ecx == 0) {
					_v40 = 1;
					E032C00D4( &_v40, 0x32e8f54);
					goto L24;
				} else {
					_t143 = _a4;
					if(_t143 == 0) {
						L24:
						_v44 = 7;
						E032C00D4( &_v44, 0x32e8f54);
						goto L25;
					} else {
						_t187 = __imp__#2;
						_t144 =  *_t187(_t143);
						_t191 = _t144;
						_v32 = _t191;
						__imp__#7(_t191);
						if(_t144 == 0) {
							L25:
							_v48 = 0xb;
							E032C00D4( &_v48, 0x32e8f54);
							goto L26;
						} else {
							_t145 =  *_t187(_a12);
							_t187 = _t145;
							_v36 = _t187;
							__imp__#7(_t187);
							if(_t145 == 0) {
								L26:
								_v52 = 0xb;
								E032C00D4( &_v52, 0x32e8f54);
								goto L27;
							} else {
								_t167 =  *((intOrPtr*)(__ecx + 4));
								if(_t167 == 0) {
									_t167 = __ecx;
									_push( &_a4);
									_t104 = E032BA420(__ecx, __ecx, _t187, _t191, _t191, _t187);
									if(_t104 != 0) {
										goto L29;
									} else {
										if(_a4 != 1) {
											goto L12;
										} else {
											_t153 =  *__ecx;
											_push( &_v24);
											_push(_t153);
											_t167 =  *_t153;
											if( *((intOrPtr*)(_t167 + 0x50))() < 0) {
												goto L30;
											} else {
												_t155 = _v24;
												_push(_t191);
												_push(_t155);
												_t167 =  *_t155;
												if( *((intOrPtr*)(_t167 + 0x24))() < 0) {
													goto L31;
												} else {
													goto L12;
												}
											}
										}
									}
								} else {
									_push( &_v28);
									_push(_t167);
									if( *((intOrPtr*)( *_t167 + 0x48))() < 0) {
										L27:
										_v56 = 0x1c;
										E032C00D4( &_v56, 0x32e8f54);
										goto L28;
									} else {
										_t159 = _v28;
										_push(_t187);
										_push(_t159);
										_t167 =  *_t159;
										if( *((intOrPtr*)(_t167 + 0x24))() < 0) {
											L28:
											_v60 = 0x1e;
											_t104 = E032C00D4( &_v60, 0x32e8f54);
											L29:
											_v64 = _t104;
											E032C00D4( &_v64, 0x32e8f54);
											L30:
											_v68 = 8;
											E032C00D4( &_v68, 0x32e8f54);
											L31:
											_v72 = 0xf;
											E032C00D4( &_v72, 0x32e8f54);
											asm("int3");
											asm("int3");
											asm("int3");
											_t112 =  *0x32ed474; // 0x444d31ba
											_t114 =  &_v108;
											 *[fs:0x0] = _t114;
											_v112 = _t202 - 0x30;
											_t188 = _t167;
											_v116 = 0;
											_v120 = 0;
											_v100 = 0;
											__imp__#2(_v80, _t112 ^ _t202, _t187, _t191, _t162,  *[fs:0x0], E032DBCA0, 0xffffffff, _t197);
											_t192 = _t114;
											_v152 = _t192;
											__imp__#7(_t192);
											if(_t114 == 0) {
												_v36 = 0xb;
												E032C00D4( &_v36, 0x32e8f54);
												L51:
												_v40 = 1;
												E032C00D4( &_v40, 0x32e8f54);
												L52:
												_v44 = 0x1c;
												E032C00D4( &_v44, 0x32e8f54);
												L53:
												_v48 = 0x1e;
												_t122 = E032C00D4( &_v48, 0x32e8f54);
												L54:
												_v52 = _t122;
												E032C00D4( &_v52, 0x32e8f54);
												L55:
												_v56 = 0x10;
												E032C00D4( &_v56, 0x32e8f54);
												L56:
												_v60 = 0xf;
												E032C00D4( &_v60, 0x32e8f54);
												asm("int3");
												return GetFileVersionInfoSizeA();
											}
											if( *_t188 == 0) {
												goto L51;
											}
											_t168 =  *((intOrPtr*)(_t188 + 4));
											if(_t168 == 0) {
												_t122 = E032BA630(0, _t188, _t188, _t192, _v0, _a4, _t192,  &_a8);
												if(_t122 != 0) {
													goto L54;
												}
												if(_a8 == 1) {
													_t135 =  *_t188;
													_push( &_v28);
													_push(_t135);
													if( *((intOrPtr*)( *_t135 + 0x48))() < 0) {
														goto L55;
													}
													_t137 = _v28;
													_push(_a4);
													_push(_v0);
													_push(_t137);
													if( *((intOrPtr*)( *_t137 + 0x24))() < 0) {
														goto L56;
													}
												}
											} else {
												_push( &_v32);
												_push(_t168);
												if( *((intOrPtr*)( *_t168 + 0x48))() < 0) {
													goto L52;
												}
												_t141 = _v32;
												_push(_t192);
												_push(_t141);
												if( *((intOrPtr*)( *_t141 + 0x24))() < 0) {
													goto L53;
												}
											}
											_v12 = 0xffffffff;
											if(_t192 != 0) {
												__imp__#6(_t192);
											}
											_t170 = _v28;
											if(_t170 != 0) {
												 *((intOrPtr*)( *_t170 + 8))(_t170);
											}
											_t181 = _v32;
											if(_t181 != 0) {
												 *((intOrPtr*)( *_t181 + 8))(_t181);
											}
											 *[fs:0x0] = _v20;
											return 0;
										} else {
											L12:
											_v8 = 0xffffffff;
											if(_t191 == 0) {
												_t194 = __imp__#6;
											} else {
												_t194 = __imp__#6;
												 *_t194(_t191);
											}
											if(_t187 != 0) {
												 *_t194(_t187);
											}
											_t177 = _v24;
											if(_t177 != 0) {
												 *((intOrPtr*)( *_t177 + 8))(_t177);
											}
											_t184 = _v28;
											if(_t184 != 0) {
												 *((intOrPtr*)( *_t184 + 8))(_t184);
											}
											 *[fs:0x0] = _v16;
											return 0;
										}
									}
								}
							}
						}
					}
				}
			}





























































                                                                                                                                  0x032ba860
                                                                                                                                  0x032ba861
                                                                                                                                  0x032ba863
                                                                                                                                  0x032ba865
                                                                                                                                  0x032ba870
                                                                                                                                  0x032ba871
                                                                                                                                  0x032ba875
                                                                                                                                  0x032ba876
                                                                                                                                  0x032ba877
                                                                                                                                  0x032ba87e
                                                                                                                                  0x032ba882
                                                                                                                                  0x032ba888
                                                                                                                                  0x032ba88b
                                                                                                                                  0x032ba890
                                                                                                                                  0x032ba897
                                                                                                                                  0x032ba89e
                                                                                                                                  0x032ba8a5
                                                                                                                                  0x032ba8ac
                                                                                                                                  0x032ba8b3
                                                                                                                                  0x032ba9dc
                                                                                                                                  0x032ba9e4
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba8b9
                                                                                                                                  0x032ba8b9
                                                                                                                                  0x032ba8be
                                                                                                                                  0x032ba9e9
                                                                                                                                  0x032ba9f1
                                                                                                                                  0x032ba9f9
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba8c4
                                                                                                                                  0x032ba8c4
                                                                                                                                  0x032ba8cb
                                                                                                                                  0x032ba8cd
                                                                                                                                  0x032ba8d0
                                                                                                                                  0x032ba8d3
                                                                                                                                  0x032ba8db
                                                                                                                                  0x032ba9fe
                                                                                                                                  0x032baa06
                                                                                                                                  0x032baa0e
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba8e1
                                                                                                                                  0x032ba8e4
                                                                                                                                  0x032ba8e6
                                                                                                                                  0x032ba8e9
                                                                                                                                  0x032ba8ec
                                                                                                                                  0x032ba8f4
                                                                                                                                  0x032baa13
                                                                                                                                  0x032baa1b
                                                                                                                                  0x032baa23
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba8fa
                                                                                                                                  0x032ba8fa
                                                                                                                                  0x032ba8ff
                                                                                                                                  0x032ba92a
                                                                                                                                  0x032ba92c
                                                                                                                                  0x032ba92f
                                                                                                                                  0x032ba936
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba93c
                                                                                                                                  0x032ba940
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba942
                                                                                                                                  0x032ba942
                                                                                                                                  0x032ba947
                                                                                                                                  0x032ba948
                                                                                                                                  0x032ba949
                                                                                                                                  0x032ba950
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba956
                                                                                                                                  0x032ba956
                                                                                                                                  0x032ba959
                                                                                                                                  0x032ba95a
                                                                                                                                  0x032ba95b
                                                                                                                                  0x032ba962
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba962
                                                                                                                                  0x032ba950
                                                                                                                                  0x032ba940
                                                                                                                                  0x032ba901
                                                                                                                                  0x032ba906
                                                                                                                                  0x032ba907
                                                                                                                                  0x032ba90d
                                                                                                                                  0x032baa28
                                                                                                                                  0x032baa30
                                                                                                                                  0x032baa38
                                                                                                                                  0x00000000
                                                                                                                                  0x032ba913
                                                                                                                                  0x032ba913
                                                                                                                                  0x032ba916
                                                                                                                                  0x032ba917
                                                                                                                                  0x032ba918
                                                                                                                                  0x032ba91f
                                                                                                                                  0x032baa3d
                                                                                                                                  0x032baa45
                                                                                                                                  0x032baa4d
                                                                                                                                  0x032baa52
                                                                                                                                  0x032baa52
                                                                                                                                  0x032baa5e
                                                                                                                                  0x032baa63
                                                                                                                                  0x032baa6b
                                                                                                                                  0x032baa73
                                                                                                                                  0x032baa78
                                                                                                                                  0x032baa80
                                                                                                                                  0x032baa88
                                                                                                                                  0x032baa8d
                                                                                                                                  0x032baa8e
                                                                                                                                  0x032baa8f
                                                                                                                                  0x032baaa7
                                                                                                                                  0x032baaaf
                                                                                                                                  0x032baab2
                                                                                                                                  0x032baab8
                                                                                                                                  0x032baabb
                                                                                                                                  0x032baac2
                                                                                                                                  0x032baac5
                                                                                                                                  0x032baac8
                                                                                                                                  0x032baacb
                                                                                                                                  0x032baad1
                                                                                                                                  0x032baad4
                                                                                                                                  0x032baad7
                                                                                                                                  0x032baadf
                                                                                                                                  0x032babc3
                                                                                                                                  0x032babcb
                                                                                                                                  0x032babd0
                                                                                                                                  0x032babd8
                                                                                                                                  0x032babe0
                                                                                                                                  0x032babe5
                                                                                                                                  0x032babed
                                                                                                                                  0x032babf5
                                                                                                                                  0x032babfa
                                                                                                                                  0x032bac02
                                                                                                                                  0x032bac0a
                                                                                                                                  0x032bac0f
                                                                                                                                  0x032bac0f
                                                                                                                                  0x032bac1b
                                                                                                                                  0x032bac20
                                                                                                                                  0x032bac28
                                                                                                                                  0x032bac30
                                                                                                                                  0x032bac35
                                                                                                                                  0x032bac3d
                                                                                                                                  0x032bac45
                                                                                                                                  0x032bac4a
                                                                                                                                  0x032bac4b
                                                                                                                                  0x032bac4b
                                                                                                                                  0x032baae7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032baaed
                                                                                                                                  0x032baaf2
                                                                                                                                  0x032bab27
                                                                                                                                  0x032bab2e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bab38
                                                                                                                                  0x032bab3a
                                                                                                                                  0x032bab3f
                                                                                                                                  0x032bab40
                                                                                                                                  0x032bab48
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bab4e
                                                                                                                                  0x032bab51
                                                                                                                                  0x032bab54
                                                                                                                                  0x032bab59
                                                                                                                                  0x032bab5f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bab65
                                                                                                                                  0x032baaf4
                                                                                                                                  0x032baaf9
                                                                                                                                  0x032baafa
                                                                                                                                  0x032bab00
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bab06
                                                                                                                                  0x032bab09
                                                                                                                                  0x032bab0a
                                                                                                                                  0x032bab12
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bab18
                                                                                                                                  0x032bab79
                                                                                                                                  0x032bab82
                                                                                                                                  0x032bab85
                                                                                                                                  0x032bab85
                                                                                                                                  0x032bab8b
                                                                                                                                  0x032bab90
                                                                                                                                  0x032bab95
                                                                                                                                  0x032bab95
                                                                                                                                  0x032bab98
                                                                                                                                  0x032bab9d
                                                                                                                                  0x032baba2
                                                                                                                                  0x032baba2
                                                                                                                                  0x032babaa
                                                                                                                                  0x032babb8
                                                                                                                                  0x032ba925
                                                                                                                                  0x032ba968
                                                                                                                                  0x032ba981
                                                                                                                                  0x032ba98a
                                                                                                                                  0x032ba997
                                                                                                                                  0x032ba98c
                                                                                                                                  0x032ba98d
                                                                                                                                  0x032ba993
                                                                                                                                  0x032ba993
                                                                                                                                  0x032ba99f
                                                                                                                                  0x032ba9a2
                                                                                                                                  0x032ba9a2
                                                                                                                                  0x032ba9a4
                                                                                                                                  0x032ba9a9
                                                                                                                                  0x032ba9ae
                                                                                                                                  0x032ba9ae
                                                                                                                                  0x032ba9b1
                                                                                                                                  0x032ba9b6
                                                                                                                                  0x032ba9bb
                                                                                                                                  0x032ba9bb
                                                                                                                                  0x032ba9c3
                                                                                                                                  0x032ba9d1
                                                                                                                                  0x032ba9d1
                                                                                                                                  0x032ba91f
                                                                                                                                  0x032ba90d
                                                                                                                                  0x032ba8ff
                                                                                                                                  0x032ba8f4
                                                                                                                                  0x032ba8db
                                                                                                                                  0x032ba8be

                                                                                                                                  APIs
                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 032BA8CB
                                                                                                                                  • SysStringLen.OLEAUT32(00000000), ref: 032BA8D3
                                                                                                                                  • SysAllocString.OLEAUT32(032B2E33), ref: 032BA8E4
                                                                                                                                  • SysStringLen.OLEAUT32(00000000), ref: 032BA8EC
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 032BA993
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 032BA9A2
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA9E4
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA9F9
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BAA0E
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BAA23
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BAA38
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BAA4D
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BAA5E
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BAA73
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BAA88
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw$String$AllocFree
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2081006091-0
                                                                                                                                  • Opcode ID: c6ec89c7c1e32e583cefe1d711c7dafce187537586a72e86afc8354df2963d1f
                                                                                                                                  • Instruction ID: 8e3d1dbbe95c042d275d9c49421a49adb4c45e4c7b9a7e6d0dab779bdc56d833
                                                                                                                                  • Opcode Fuzzy Hash: c6ec89c7c1e32e583cefe1d711c7dafce187537586a72e86afc8354df2963d1f
                                                                                                                                  • Instruction Fuzzy Hash: 8D514BB4A20309EFDB20DFA4C988BEEBBB8AF44744F554519E514A7240D775D988CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B0900 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 343windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                  			E032B0900(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				long _v8;
				char _v16;
				signed int _v20;
				long _v24;
				char _v28;
				long _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				long _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				char _v856;
				int _v860;
				signed int _v864;
				char _v868;
				int _v872;
				int _v876;
				long _v880;
				struct tagPOINT _v888;
				char* _v892;
				long _v896;
				void* __ebp;
				signed int _t95;
				signed int _t96;
				intOrPtr _t105;
				int _t111;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				int _t124;
				void* _t141;
				int _t151;
				intOrPtr _t163;
				char* _t182;
				intOrPtr _t183;
				int _t190;
				long _t196;
				intOrPtr _t198;
				long _t199;
				int _t200;
				intOrPtr _t202;
				signed int _t203;
				void* _t204;
				void* _t205;
				void* _t206;

				_push(0xffffffff);
				_push(E032DBB42);
				_push( *[fs:0x0]);
				_t205 = _t204 - 0x370;
				_t95 =  *0x32ed474; // 0x444d31ba
				_t96 = _t95 ^ _t203;
				_v20 = _t96;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t96);
				 *[fs:0x0] =  &_v16;
				_t163 = _a4;
				_v48 = _t163;
				_v44 = _a8;
				_v32 = GetCurrentProcessId();
				_t9 = _t163 != 1;
				_v864 = 0 | _t9;
				_v868 =  &_v60;
				if(_t9 != 0) {
					 *0x32ee218 = LoadImageA(0, 0x7f8a, 2, 0, 0, 0x8040);
					GetCursorPos( &_v888);
					SetCursorPos(_v888.x - 1, _v888.y);
				}
				_t198 =  *0x32efc68;
				_t190 = 0;
				_v24 = 0;
				_v880 = 0;
				_v872 = 0;
				_v876 = 0;
				_v860 = 0;
				_t213 = _t198;
				if(_t198 != 0) {
					_t165 = _t198;
					E032B6D80(_t198);
					_push(0x18);
					E032BD9CE(_t198);
					_t205 = _t205 + 8;
					 *0x32efc68 = 0;
				}
				_push(0x18);
				_t182 = E032BD99E(_t213);
				_t206 = _t205 + 4;
				_v892 = _t182;
				_v8 = 0;
				if(_t182 == 0) {
					_t105 = 0;
					__eflags = 0;
				} else {
					_t181 =  !=  ?  *0x32efcb4 : "Stopping the service: %s";
					_t165 = _t182;
					_t105 = E032B6D30(_t182,  *0x32efcc4,  *0x32efccc,  !=  ?  *0x32efcb4 : "Stopping the service: %s");
				}
				_v8 = 0xffffffff;
				 *0x32efc68 = _t105;
				if( *0x32ef440 != 0) {
					L9:
					_v24 = E032B87E0(_t198, _t217);
					goto L10;
				} else {
					_t217 =  *0x32ef454;
					if( *0x32ef454 == 0) {
						L10:
						if( *0x32ef444 != 0 ||  *0x32ef454 != 0) {
							if(E032B8870(_t165) != 0) {
								 *0x32efcbc = 0;
								E032AD960(_t163, _t190, _t198, "GetSystemModulesCount64", 0x32dc4cc);
								_t199 =  *0x32efcbc;
								_t206 = _t206 + 8;
							} else {
								_t199 = 0;
							}
							_v880 = E032B8800(_t165) + _t199;
						}
						if( *0x32ef448 == 0) {
							_t200 = 0;
							__eflags = 0;
						} else {
							_t200 = E032B8040(_t165);
							_v872 = _t200;
						}
						if( *0x32ef44c != 0) {
							if(_t200 == 0) {
								_t151 = E032B8040(_t165);
								_t190 = _t151;
								_v876 = _t151;
							} else {
								_t190 = _t200;
								_v876 = _t190;
							}
						}
						if( *0x32ee22c == 0) {
							_t111 = 0;
							__eflags = 0;
						} else {
							if(_t200 == 0) {
								__eflags = _t190;
								if(__eflags == 0) {
									_t111 = E032B8040(_t165);
									_v860 = _t111;
								} else {
									_t111 = _t190;
									_v860 = _t111;
								}
							} else {
								_t111 = _t200;
								_v860 = _t111;
							}
						}
						_t183 = 0;
						_v40 = 0;
						_v36 =  *0x32ef450 + _t111 + _t190 + _t200 + _v880 + _v24;
						memset(0x32ef858, memset(0x32ef458, 0, 0x100 << 2), 0x100 << 2);
						_t115 =  *0x32ef450;
						if(_t115 == 0 ||  *0x32ee204 != 0) {
							L39:
							if( *0x32ee22c == 0 ||  *0x32ee204 != 0) {
								L44:
								_t116 =  *0x32ef44c;
								if(_t116 == 0 ||  *0x32ee204 != 0) {
									L49:
									_t117 =  *0x32ef448;
									if(_t117 == 0 ||  *0x32ee204 != 0) {
										L54:
										if( *0x32ef454 != 0 ||  *0x32ef444 != 0) {
											if( *0x32ee204 != 0) {
												L63:
												if( *0x32ef454 != 0) {
													goto L65;
												}
												goto L64;
											}
											_v56 =  *0x32ef444;
											_v60 = 0x32ee440;
											_v52 = 1;
											_v40 = _t183 + _t200;
											if(E032B7BE0(_t163, 0x32ef958, _t200, E032AE780,  &_v868, 1) != 0 || _t163 != 1) {
												if(E032B8870(0) == 0) {
													L62:
													_t183 = _v40;
													goto L63;
												}
												_v896 = 0;
												_v892 =  &_v868;
												wsprintfA( &_v28, "%d %d", 0 | _v864 != 0x00000000, 1);
												 *0x32efcb8 =  &_v896;
												_t141 = E032AD960(_t163, 0x32ef958, _t200, "EnumSystemProcesses64",  &_v28);
												 *0x32efcb8 = 0;
												if(_t141 != 0 || _t163 != 1) {
													goto L62;
												} else {
													goto L68;
												}
											} else {
												goto L73;
											}
										} else {
											L64:
											if( *0x32ef440 == 0) {
												L69:
												__eflags = _t163 - 1;
												if(_t163 == 1) {
													L71:
													goto L72;
												}
												L70:
												SendMessageA( *0x32ee1f4, 0x402, 0x64, 0);
												 *0x32ee218 = 0;
												GetCursorPos( &_v888);
												_t124 = _v888.x - 1;
												__eflags = _t124;
												SetCursorPos(_t124, _v888.y);
												goto L71;
											}
											L65:
											_t256 =  *0x32ee204;
											if( *0x32ee204 != 0) {
												goto L69;
											}
											_v56 =  *0x32ef440;
											_v60 = 0x32ee240;
											_v52 = 0;
											_v40 = _t183 + _v880;
											if(E032B7A80(_t163, 0, 0x32ef958, _t200, _t256, E032AE780,  &_v868) != 0) {
												goto L69;
											}
											if(_t163 != 1) {
												goto L70;
											}
											goto L68;
										}
									} else {
										_v56 = _t117;
										_v60 = 0x32ee640;
										_v52 = 2;
										_v40 = _t183 + _v876;
										if(E032B7680(E032AE780,  &_v868) != 0 || _t163 != 1) {
											_t183 = _v40;
											goto L54;
										} else {
											goto L68;
										}
									}
								} else {
									_v56 = _t116;
									_v60 = 0x32ee840;
									_v52 = 3;
									_v40 = _t183 + _v860;
									if(E032B7680(E032AE780,  &_v868) != 0 || _t163 != 1) {
										_t183 = _v40;
										goto L49;
									} else {
										goto L68;
									}
								}
							} else {
								_v60 = 0;
								_v56 = 1;
								_v52 = 4;
								_v40 = _t183 + _t115;
								if(E032B7680(E032AE780,  &_v868) != 0 || _t163 != 1) {
									_t183 = _v40;
									goto L44;
								} else {
									goto L68;
								}
							}
						} else {
							_t202 = 0;
							_v56 = 1;
							_v52 = 5;
							_v64 = _t115;
							if(_t115 == 0) {
								L38:
								_t200 = _v872;
								goto L39;
							}
							_t196 = 0x32eea40;
							while(1) {
								_v60 = _t196;
								_t202 = _t202 + 1;
								_v68 = _t202;
								if(E032AE780( &_v856,  &_v60) == 0 && _t163 == 1) {
									break;
								}
								_t196 = _t196 + 0x10;
								if(_t202 < _v64) {
									continue;
								}
								_t183 = _v40;
								_t115 =  *0x32ef450;
								goto L38;
							}
							L68:
							L72:
							 *0x32ee23c = 1;
							L73:
							 *[fs:0x0] = _v16;
							return E032BD98D(_v20 ^ _t203);
						}
					}
					goto L9;
				}
			}




















































                                                                                                                                  0x032b0903
                                                                                                                                  0x032b0905
                                                                                                                                  0x032b0910
                                                                                                                                  0x032b0911
                                                                                                                                  0x032b0917
                                                                                                                                  0x032b091c
                                                                                                                                  0x032b091e
                                                                                                                                  0x032b0921
                                                                                                                                  0x032b0922
                                                                                                                                  0x032b0923
                                                                                                                                  0x032b0924
                                                                                                                                  0x032b0928
                                                                                                                                  0x032b0931
                                                                                                                                  0x032b0934
                                                                                                                                  0x032b0937
                                                                                                                                  0x032b0940
                                                                                                                                  0x032b0948
                                                                                                                                  0x032b094b
                                                                                                                                  0x032b0954
                                                                                                                                  0x032b095a
                                                                                                                                  0x032b0974
                                                                                                                                  0x032b0980
                                                                                                                                  0x032b0994
                                                                                                                                  0x032b0994
                                                                                                                                  0x032b099a
                                                                                                                                  0x032b09a0
                                                                                                                                  0x032b09a4
                                                                                                                                  0x032b09ab
                                                                                                                                  0x032b09b5
                                                                                                                                  0x032b09bf
                                                                                                                                  0x032b09c5
                                                                                                                                  0x032b09cb
                                                                                                                                  0x032b09cd
                                                                                                                                  0x032b09cf
                                                                                                                                  0x032b09d1
                                                                                                                                  0x032b09d6
                                                                                                                                  0x032b09d9
                                                                                                                                  0x032b09de
                                                                                                                                  0x032b09e1
                                                                                                                                  0x032b09e1
                                                                                                                                  0x032b09e7
                                                                                                                                  0x032b09ee
                                                                                                                                  0x032b09f0
                                                                                                                                  0x032b09f3
                                                                                                                                  0x032b09f9
                                                                                                                                  0x032b0a02
                                                                                                                                  0x032b0a29
                                                                                                                                  0x032b0a29
                                                                                                                                  0x032b0a04
                                                                                                                                  0x032b0a10
                                                                                                                                  0x032b0a1a
                                                                                                                                  0x032b0a22
                                                                                                                                  0x032b0a22
                                                                                                                                  0x032b0a32
                                                                                                                                  0x032b0a39
                                                                                                                                  0x032b0a3e
                                                                                                                                  0x032b0a49
                                                                                                                                  0x032b0a4e
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0a40
                                                                                                                                  0x032b0a40
                                                                                                                                  0x032b0a47
                                                                                                                                  0x032b0a51
                                                                                                                                  0x032b0a58
                                                                                                                                  0x032b0a6a
                                                                                                                                  0x032b0a7a
                                                                                                                                  0x032b0a84
                                                                                                                                  0x032b0a89
                                                                                                                                  0x032b0a8f
                                                                                                                                  0x032b0a6c
                                                                                                                                  0x032b0a6c
                                                                                                                                  0x032b0a6c
                                                                                                                                  0x032b0a99
                                                                                                                                  0x032b0a99
                                                                                                                                  0x032b0aa6
                                                                                                                                  0x032b0ab7
                                                                                                                                  0x032b0ab7
                                                                                                                                  0x032b0aa8
                                                                                                                                  0x032b0aad
                                                                                                                                  0x032b0aaf
                                                                                                                                  0x032b0aaf
                                                                                                                                  0x032b0ac0
                                                                                                                                  0x032b0ac4
                                                                                                                                  0x032b0ad0
                                                                                                                                  0x032b0ad5
                                                                                                                                  0x032b0ad7
                                                                                                                                  0x032b0ac6
                                                                                                                                  0x032b0ac6
                                                                                                                                  0x032b0ac8
                                                                                                                                  0x032b0ac8
                                                                                                                                  0x032b0ac4
                                                                                                                                  0x032b0ae4
                                                                                                                                  0x032b0b0f
                                                                                                                                  0x032b0b0f
                                                                                                                                  0x032b0ae6
                                                                                                                                  0x032b0ae8
                                                                                                                                  0x032b0af4
                                                                                                                                  0x032b0af6
                                                                                                                                  0x032b0b02
                                                                                                                                  0x032b0b07
                                                                                                                                  0x032b0af8
                                                                                                                                  0x032b0af8
                                                                                                                                  0x032b0afa
                                                                                                                                  0x032b0afa
                                                                                                                                  0x032b0aea
                                                                                                                                  0x032b0aea
                                                                                                                                  0x032b0aec
                                                                                                                                  0x032b0aec
                                                                                                                                  0x032b0ae8
                                                                                                                                  0x032b0b17
                                                                                                                                  0x032b0b1b
                                                                                                                                  0x032b0b32
                                                                                                                                  0x032b0b46
                                                                                                                                  0x032b0b48
                                                                                                                                  0x032b0b4f
                                                                                                                                  0x032b0baf
                                                                                                                                  0x032b0bb6
                                                                                                                                  0x032b0bfc
                                                                                                                                  0x032b0bfc
                                                                                                                                  0x032b0c03
                                                                                                                                  0x032b0c49
                                                                                                                                  0x032b0c49
                                                                                                                                  0x032b0c50
                                                                                                                                  0x032b0c96
                                                                                                                                  0x032b0c9d
                                                                                                                                  0x032b0cb3
                                                                                                                                  0x032b0d62
                                                                                                                                  0x032b0d69
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0d69
                                                                                                                                  0x032b0cc0
                                                                                                                                  0x032b0cd1
                                                                                                                                  0x032b0cd8
                                                                                                                                  0x032b0cdf
                                                                                                                                  0x032b0ce9
                                                                                                                                  0x032b0cfb
                                                                                                                                  0x032b0d5f
                                                                                                                                  0x032b0d5f
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0d5f
                                                                                                                                  0x032b0d03
                                                                                                                                  0x032b0d0d
                                                                                                                                  0x032b0d2a
                                                                                                                                  0x032b0d36
                                                                                                                                  0x032b0d44
                                                                                                                                  0x032b0d4c
                                                                                                                                  0x032b0d58
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0d6b
                                                                                                                                  0x032b0d6b
                                                                                                                                  0x032b0d72
                                                                                                                                  0x032b0dba
                                                                                                                                  0x032b0dba
                                                                                                                                  0x032b0dbd
                                                                                                                                  0x032b0dff
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0dff
                                                                                                                                  0x032b0dbf
                                                                                                                                  0x032b0dce
                                                                                                                                  0x032b0dda
                                                                                                                                  0x032b0de5
                                                                                                                                  0x032b0df7
                                                                                                                                  0x032b0df7
                                                                                                                                  0x032b0df9
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0df9
                                                                                                                                  0x032b0d74
                                                                                                                                  0x032b0d74
                                                                                                                                  0x032b0d7b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0d88
                                                                                                                                  0x032b0d97
                                                                                                                                  0x032b0d9e
                                                                                                                                  0x032b0da5
                                                                                                                                  0x032b0daf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0db4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0db4
                                                                                                                                  0x032b0c5b
                                                                                                                                  0x032b0c61
                                                                                                                                  0x032b0c70
                                                                                                                                  0x032b0c77
                                                                                                                                  0x032b0c7e
                                                                                                                                  0x032b0c88
                                                                                                                                  0x032b0c93
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0c88
                                                                                                                                  0x032b0c0e
                                                                                                                                  0x032b0c14
                                                                                                                                  0x032b0c23
                                                                                                                                  0x032b0c2a
                                                                                                                                  0x032b0c31
                                                                                                                                  0x032b0c3b
                                                                                                                                  0x032b0c46
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0c3b
                                                                                                                                  0x032b0bc1
                                                                                                                                  0x032b0bc3
                                                                                                                                  0x032b0bd0
                                                                                                                                  0x032b0bdd
                                                                                                                                  0x032b0be4
                                                                                                                                  0x032b0bee
                                                                                                                                  0x032b0bf9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0bee
                                                                                                                                  0x032b0b59
                                                                                                                                  0x032b0b59
                                                                                                                                  0x032b0b5b
                                                                                                                                  0x032b0b62
                                                                                                                                  0x032b0b69
                                                                                                                                  0x032b0b6e
                                                                                                                                  0x032b0ba9
                                                                                                                                  0x032b0ba9
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0ba9
                                                                                                                                  0x032b0b70
                                                                                                                                  0x032b0b75
                                                                                                                                  0x032b0b78
                                                                                                                                  0x032b0b82
                                                                                                                                  0x032b0b84
                                                                                                                                  0x032b0b8e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0b99
                                                                                                                                  0x032b0b9f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0ba1
                                                                                                                                  0x032b0ba4
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0ba4
                                                                                                                                  0x032b0db6
                                                                                                                                  0x032b0e04
                                                                                                                                  0x032b0e04
                                                                                                                                  0x032b0e0e
                                                                                                                                  0x032b0e11
                                                                                                                                  0x032b0e29
                                                                                                                                  0x032b0e29
                                                                                                                                  0x032b0b4f
                                                                                                                                  0x00000000
                                                                                                                                  0x032b0a47

                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcessId.KERNEL32(444D31BA), ref: 032B093A
                                                                                                                                  • LoadImageA.USER32 ref: 032B096E
                                                                                                                                  • GetCursorPos.USER32(?), ref: 032B0980
                                                                                                                                  • SetCursorPos.USER32(?,?), ref: 032B0994
                                                                                                                                    • Part of subcall function 032AD960: GetModuleFileNameA.KERNEL32(?,00000104), ref: 032AD9AE
                                                                                                                                    • Part of subcall function 032AD960: PathRemoveFileSpecA.SHLWAPI(?), ref: 032AD9BB
                                                                                                                                    • Part of subcall function 032AD960: PathAppendA.SHLWAPI(?,LockedList64.dll), ref: 032AD9CD
                                                                                                                                    • Part of subcall function 032AD960: PathFileExistsA.SHLWAPI(?), ref: 032AD9DA
                                                                                                                                    • Part of subcall function 032AD960: CreateWindowExA.USER32 ref: 032ADA0E
                                                                                                                                    • Part of subcall function 032AD960: IsWindow.USER32(00000000), ref: 032ADA17
                                                                                                                                    • Part of subcall function 032AD960: SetWindowLongA.USER32 ref: 032ADA29
                                                                                                                                    • Part of subcall function 032AD960: lstrlenA.KERNEL32(?), ref: 032ADA3C
                                                                                                                                    • Part of subcall function 032AD960: lstrlenA.KERNEL32(?), ref: 032ADA46
                                                                                                                                    • Part of subcall function 032AD960: lstrlenA.KERNEL32(LockedList64.dll), ref: 032ADA4F
                                                                                                                                    • Part of subcall function 032AD960: LocalAlloc.KERNEL32(00000040,-00000020), ref: 032ADA59
                                                                                                                                    • Part of subcall function 032AD960: wsprintfA.USER32 ref: 032ADA7F
                                                                                                                                    • Part of subcall function 032AD960: PathRemoveFileSpecA.SHLWAPI(?), ref: 032ADA8F
                                                                                                                                    • Part of subcall function 032B8040: EnumWindows.USER32(032B76F0,032B0B07), ref: 032B8054
                                                                                                                                    • Part of subcall function 032B8870: GetCurrentProcess.KERNEL32(00000000), ref: 032B8888
                                                                                                                                  • wsprintfA.USER32 ref: 032B0D2A
                                                                                                                                    • Part of subcall function 032AD960: ShellExecuteExA.SHELL32(?), ref: 032ADB0F
                                                                                                                                    • Part of subcall function 032AD960: MsgWaitForMultipleObjects.USER32 ref: 032ADB42
                                                                                                                                    • Part of subcall function 032AD960: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 032ADB64
                                                                                                                                    • Part of subcall function 032AD960: TranslateMessage.USER32(?), ref: 032ADB71
                                                                                                                                    • Part of subcall function 032AD960: DispatchMessageA.USER32 ref: 032ADB7E
                                                                                                                                    • Part of subcall function 032AD960: WaitForMultipleObjects.KERNEL32(00000001,00000000,00000000,00000000), ref: 032ADB91
                                                                                                                                    • Part of subcall function 032AD960: MsgWaitForMultipleObjects.USER32 ref: 032ADBB0
                                                                                                                                    • Part of subcall function 032AD960: CloseHandle.KERNEL32(00000000), ref: 032ADBBC
                                                                                                                                    • Part of subcall function 032AD960: IsWindow.USER32(00000000), ref: 032ADBC9
                                                                                                                                    • Part of subcall function 032AD960: SetWindowLongA.USER32 ref: 032ADBDD
                                                                                                                                    • Part of subcall function 032AD960: DestroyWindow.USER32(00000000), ref: 032ADBE4
                                                                                                                                    • Part of subcall function 032AD960: LocalFree.KERNEL32(00000000), ref: 032ADBEB
                                                                                                                                  • SendMessageA.USER32 ref: 032B0DCE
                                                                                                                                  • GetCursorPos.USER32(?), ref: 032B0DE5
                                                                                                                                  • SetCursorPos.USER32(?,?), ref: 032B0DF9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CursorFileMessagePath$MultipleObjectsWaitlstrlen$CurrentLocalLongProcessRemoveSpecwsprintf$AllocAppendCloseCreateDestroyDispatchEnumExecuteExistsFreeHandleImageLoadModuleNamePeekSendShellTranslateWindows
                                                                                                                                  • String ID: %d %d$EnumSystemProcesses64$GetSystemModulesCount64$Stopping the service: %s
                                                                                                                                  • API String ID: 1119914135-2012935204
                                                                                                                                  • Opcode ID: 57fa87085c551c16001027de494c2a533d29a33ad1ae881fe21c23e7b857998b
                                                                                                                                  • Instruction ID: d673df8ceef650e53afbf35d07cd839af68fa9e352e5a82d5c859ad74fa2da80
                                                                                                                                  • Opcode Fuzzy Hash: 57fa87085c551c16001027de494c2a533d29a33ad1ae881fe21c23e7b857998b
                                                                                                                                  • Instruction Fuzzy Hash: EEE19D71D2031AAFDB22DF64E9897EEB7B8FB04384F19C469D904AA284D7755AC4CF40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100025FE Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E100025FE(void* __edx, intOrPtr* _a4) {
				intOrPtr _v4;
				intOrPtr* _t18;
				intOrPtr _t21;
				void* _t23;
				short* _t24;
				void* _t25;
				void* _t30;
				void* _t32;
				void* _t34;
				int _t36;
				void* _t39;
				void* _t42;
				intOrPtr _t52;
				short** _t55;
				void* _t60;
				int _t61;
				int _t62;
				void* _t63;
				short** _t64;
				void* _t65;
				void* _t66;

				_t60 = __edx;
				_t18 = _a4;
				_t52 =  *((intOrPtr*)(_t18 + 0x814));
				_v4 = _t52;
				_t55 = (_t52 + 0x41 << 5) + _t18;
				do {
					if( *((intOrPtr*)(_t55 - 4)) != 0xffffffff) {
						_t64 = _t55;
					} else {
						_t64 =  *_t55;
					}
					_t65 = E10001541();
					_t61 = 0;
					_t21 =  *((intOrPtr*)(_t55 - 8));
					if(_t21 == 0) {
						lstrcpyA(_t65, 0x10004034);
					} else {
						_t30 = _t21 - 1;
						if(_t30 == 0) {
							_push( *_t64);
							goto L12;
						} else {
							_t32 = _t30 - 1;
							if(_t32 == 0) {
								E1000176C(_t60,  *_t64, _t64[1], _t65);
								goto L13;
							} else {
								_t34 = _t32 - 1;
								if(_t34 == 0) {
									_t62 = lstrlenA( *_t64);
									_t36 =  *0x10004058;
									if(_t62 >= _t36) {
										_t62 = _t36 - 1;
									}
									_t7 = _t62 + 1; // 0x1
									lstrcpynA(_t65,  *_t64, _t7);
									 *(_t62 + _t65) =  *(_t62 + _t65) & 0x00000000;
									goto L15;
								} else {
									_t39 = _t34 - 1;
									if(_t39 == 0) {
										WideCharToMultiByte(0, 0,  *_t64,  *0x10004058, _t65,  *0x10004058, 0, 0);
									} else {
										_t42 = _t39 - 1;
										if(_t42 == 0) {
											_t63 = GlobalAlloc(0x40,  *0x10004058 +  *0x10004058);
											_push( *0x10004058 +  *0x10004058);
											_push(_t63);
											_push( *_t64);
											" {]w@u]w"();
											WideCharToMultiByte(0, 0, _t63,  *0x10004058, _t65,  *0x10004058, 0, 0);
											GlobalFree(_t63);
											L15:
											_t61 = 0;
										} else {
											if(_t42 == 1) {
												_push( *_t55);
												L12:
												wsprintfA(_t65, 0x10004008);
												L13:
												_t66 = _t66 + 0xc;
											}
										}
									}
								}
							}
						}
					}
					_t23 = _t55[5];
					if(_t23 != _t61 && ( *_a4 != 2 ||  *((intOrPtr*)(_t55 - 4)) > _t61)) {
						GlobalFree(_t23);
					}
					_t24 = _t55[4];
					if(_t24 != _t61) {
						if(_t24 != 0xffffffff) {
							if(_t24 > _t61) {
								E1000160E(_t24 - 1, _t65);
								goto L32;
							}
						} else {
							E1000159E(_t65);
							L32:
						}
					}
					_t25 = GlobalFree(_t65);
					_v4 = _v4 - 1;
					_t55 = _t55 - 0x20;
				} while (_v4 >= _t61);
				return _t25;
			}
























                                                                                                                                  0x100025fe
                                                                                                                                  0x100025ff
                                                                                                                                  0x10002606
                                                                                                                                  0x1000260d
                                                                                                                                  0x10002617
                                                                                                                                  0x10002619
                                                                                                                                  0x1000261d
                                                                                                                                  0x10002623
                                                                                                                                  0x1000261f
                                                                                                                                  0x1000261f
                                                                                                                                  0x1000261f
                                                                                                                                  0x1000262a
                                                                                                                                  0x1000262f
                                                                                                                                  0x10002631
                                                                                                                                  0x10002633
                                                                                                                                  0x1000270c
                                                                                                                                  0x10002639
                                                                                                                                  0x10002639
                                                                                                                                  0x1000263a
                                                                                                                                  0x100026ff
                                                                                                                                  0x00000000
                                                                                                                                  0x10002640
                                                                                                                                  0x10002640
                                                                                                                                  0x10002641
                                                                                                                                  0x100026f5
                                                                                                                                  0x00000000
                                                                                                                                  0x10002647
                                                                                                                                  0x10002647
                                                                                                                                  0x10002648
                                                                                                                                  0x100026ce
                                                                                                                                  0x100026d0
                                                                                                                                  0x100026d7
                                                                                                                                  0x100026d9
                                                                                                                                  0x100026d9
                                                                                                                                  0x100026dc
                                                                                                                                  0x100026e3
                                                                                                                                  0x100026e9
                                                                                                                                  0x00000000
                                                                                                                                  0x1000264a
                                                                                                                                  0x1000264a
                                                                                                                                  0x1000264b
                                                                                                                                  0x100026be
                                                                                                                                  0x1000264d
                                                                                                                                  0x1000264d
                                                                                                                                  0x1000264e
                                                                                                                                  0x1000267d
                                                                                                                                  0x10002686
                                                                                                                                  0x10002687
                                                                                                                                  0x10002688
                                                                                                                                  0x1000268a
                                                                                                                                  0x1000269f
                                                                                                                                  0x100026a6
                                                                                                                                  0x100026ac
                                                                                                                                  0x100026ac
                                                                                                                                  0x10002650
                                                                                                                                  0x10002651
                                                                                                                                  0x10002657
                                                                                                                                  0x10002659
                                                                                                                                  0x1000265f
                                                                                                                                  0x10002665
                                                                                                                                  0x10002665
                                                                                                                                  0x10002665
                                                                                                                                  0x10002651
                                                                                                                                  0x1000264e
                                                                                                                                  0x1000264b
                                                                                                                                  0x10002648
                                                                                                                                  0x10002641
                                                                                                                                  0x1000263a
                                                                                                                                  0x10002712
                                                                                                                                  0x10002717
                                                                                                                                  0x10002728
                                                                                                                                  0x10002728
                                                                                                                                  0x1000272e
                                                                                                                                  0x10002733
                                                                                                                                  0x10002738
                                                                                                                                  0x10002744
                                                                                                                                  0x10002749
                                                                                                                                  0x00000000
                                                                                                                                  0x1000274e
                                                                                                                                  0x1000273a
                                                                                                                                  0x1000273b
                                                                                                                                  0x1000274f
                                                                                                                                  0x1000274f
                                                                                                                                  0x10002738
                                                                                                                                  0x10002751
                                                                                                                                  0x10002757
                                                                                                                                  0x1000275b
                                                                                                                                  0x1000275e
                                                                                                                                  0x1000276d

                                                                                                                                  APIs
                                                                                                                                  • wsprintfA.USER32 ref: 1000265F
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,00000000,00000001,10001A8A,00000000), ref: 10002677
                                                                                                                                  • StringFromGUID2.OLE32(?,00000000,?,?,?,?,00000000,00000001,10001A8A,00000000), ref: 1000268A
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000000,00000001,10001A8A,00000000), ref: 1000269F
                                                                                                                                  • GlobalFree.KERNEL32 ref: 100026A6
                                                                                                                                    • Part of subcall function 1000160E: lstrcpyA.KERNEL32(-10004047,00000000,?,1000118F,?,00000000), ref: 10001636
                                                                                                                                  • GlobalFree.KERNEL32 ref: 10002728
                                                                                                                                  • GlobalFree.KERNEL32 ref: 10002751
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.749338517.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.749309117.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749363604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749383020.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$AllocByteCharFromMultiStringWidelstrcpywsprintf
                                                                                                                                  • String ID: {]w@u]w
                                                                                                                                  • API String ID: 2278267121-2172857112
                                                                                                                                  • Opcode ID: f2d90fb7604344b88e62606892e29dab83ffb9f5e480ef13eb80547e1e232e8e
                                                                                                                                  • Instruction ID: 08b3d8036d164c5881487be7a8a394305a4816547ccba51f0c52e2d45aca7b17
                                                                                                                                  • Opcode Fuzzy Hash: f2d90fb7604344b88e62606892e29dab83ffb9f5e480ef13eb80547e1e232e8e
                                                                                                                                  • Instruction Fuzzy Hash: 97419D71109555EFF712DF24CC88E2BBBEDFB843C0B124519FA45C616DDB32AC509A21
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B8070 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 89memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032B8070(char* _a4, CHAR* _a8) {
				void* _v8;
				int _v12;
				int _v16;
				void* _v20;
				int _v24;
				void* _t25;
				int _t31;
				int _t39;
				void* _t40;
				void* _t43;
				int _t45;

				_t45 = 0;
				_v12 = 0;
				_t39 = GetFileVersionInfoSizeA(_a4,  &_v12);
				if(_t39 == 0) {
					return 0;
				} else {
					_t43 = GlobalAlloc(0x40, _t39);
					if(_t43 != 0) {
						_t25 = GlobalAlloc(0x40, 0x29);
						_v8 = _t25;
						if(_t25 != 0) {
							if(GetFileVersionInfoA(_a4, _v12, _t39, _t43) == 0) {
								_t40 = _v8;
							} else {
								_v16 = 0;
								_t31 = VerQueryValueA(_t43, "\\VarFileInfo\\Translation",  &_v20,  &_v16);
								_t40 = _v8;
								if(_t31 != 0) {
									wsprintfA(_t40, "\\StringFileInfo\\%04x%04x\\FileDescription",  *_v20 & 0x0000ffff,  *(_v20 + 2) & 0x0000ffff);
									_v8 = 0;
									_v24 = 0;
									if(VerQueryValueA(_t43, _t40,  &_v8,  &_v24) != 0) {
										lstrcpynA(_a8, _v8, 0x103);
										_t45 = 1;
									}
								}
							}
							GlobalFree(_t40);
						}
						GlobalFree(_t43);
					}
					return _t45;
				}
			}














                                                                                                                                  0x032b807b
                                                                                                                                  0x032b8081
                                                                                                                                  0x032b8089
                                                                                                                                  0x032b808d
                                                                                                                                  0x032b8157
                                                                                                                                  0x032b8093
                                                                                                                                  0x032b809d
                                                                                                                                  0x032b80a1
                                                                                                                                  0x032b80ab
                                                                                                                                  0x032b80b1
                                                                                                                                  0x032b80b6
                                                                                                                                  0x032b80cb
                                                                                                                                  0x032b8136
                                                                                                                                  0x032b80cd
                                                                                                                                  0x032b80d0
                                                                                                                                  0x032b80de
                                                                                                                                  0x032b80e3
                                                                                                                                  0x032b80e8
                                                                                                                                  0x032b80fc
                                                                                                                                  0x032b8105
                                                                                                                                  0x032b810b
                                                                                                                                  0x032b811c
                                                                                                                                  0x032b8129
                                                                                                                                  0x032b812f
                                                                                                                                  0x032b812f
                                                                                                                                  0x032b811c
                                                                                                                                  0x032b80e8
                                                                                                                                  0x032b813a
                                                                                                                                  0x032b813a
                                                                                                                                  0x032b8141
                                                                                                                                  0x032b8141
                                                                                                                                  0x032b814f
                                                                                                                                  0x032b814f

                                                                                                                                  APIs
                                                                                                                                  • GetFileVersionInfoSizeA.VERSION(?,?,?,00000001,?,?,032B863C,?,?), ref: 032B8084
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,?,?,?,00000001,?,?,032B863C,?,?), ref: 032B8097
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000029,?,?,032B863C,?,?), ref: 032B80AB
                                                                                                                                  • GetFileVersionInfoA.VERSION(?,?,00000000,00000000,?,?,032B863C,?,?), ref: 032B80C4
                                                                                                                                  • VerQueryValueA.VERSION(00000000,\VarFileInfo\Translation,?,032B863C,?,?,00000000,00000000,?,?,032B863C,?,?), ref: 032B80DE
                                                                                                                                  • wsprintfA.USER32 ref: 032B80FC
                                                                                                                                  • VerQueryValueA.VERSION(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 032B8115
                                                                                                                                  • lstrcpynA.KERNEL32(?,?,00000103,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 032B8129
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B813A
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B8141
                                                                                                                                  Strings
                                                                                                                                  • \StringFileInfo\%04x%04x\FileDescription, xrefs: 032B80F6
                                                                                                                                  • \VarFileInfo\Translation, xrefs: 032B80D8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFileFreeInfoQueryValueVersion$Sizelstrcpynwsprintf
                                                                                                                                  • String ID: \StringFileInfo\%04x%04x\FileDescription$\VarFileInfo\Translation
                                                                                                                                  • API String ID: 1823482089-3807587224
                                                                                                                                  • Opcode ID: 40c0df3507cbb070d7f318bb9ae3a906bb6aa9b9e766370d3fee6ca0c59d5b42
                                                                                                                                  • Instruction ID: cdf0144843d597be6951183b8685823ea25c4c0c80b8fda6e8878f08470b9a38
                                                                                                                                  • Opcode Fuzzy Hash: 40c0df3507cbb070d7f318bb9ae3a906bb6aa9b9e766370d3fee6ca0c59d5b42
                                                                                                                                  • Instruction Fuzzy Hash: A8217EB5A11229BBDB10EFA5EC88DFEBB7CEF04B80F144165F909E6141D6308A50DBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B8B20 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 50libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032B8B20() {
				intOrPtr _t1;
				_Unknown_base(*)()* _t7;
				intOrPtr _t10;
				intOrPtr _t11;
				struct HINSTANCE__* _t13;

				_t1 =  *0x32eff9c;
				if(_t1 == 0) {
					L3:
					_t13 = LoadLibraryA("psapi.dll");
					 *0x32eff9c = GetProcAddress(_t13, "EnumProcesses");
					 *0x32effa0 = GetProcAddress(_t13, "EnumProcessModules");
					 *0x32effa4 = GetProcAddress(_t13, "EnumProcessModulesEx");
					 *0x32effa8 = GetProcAddress(_t13, "GetModuleFileNameExA");
					_t7 = GetProcAddress(_t13, "GetProcessImageFileNameA");
					_t10 =  *0x32effa0;
					_t11 =  *0x32effa8;
					 *0x32effac = _t7;
					_t1 =  *0x32eff9c;
					L4:
					if(_t1 == 0 || _t10 == 0 || _t11 == 0) {
						return 0;
					} else {
						return 1;
					}
				}
				_t10 =  *0x32effa0;
				if(_t10 == 0) {
					goto L3;
				}
				_t11 =  *0x32effa8;
				if(_t11 != 0) {
					goto L4;
				}
				goto L3;
			}








                                                                                                                                  0x032b8b20
                                                                                                                                  0x032b8b27
                                                                                                                                  0x032b8b3d
                                                                                                                                  0x032b8b50
                                                                                                                                  0x032b8b60
                                                                                                                                  0x032b8b6d
                                                                                                                                  0x032b8b7a
                                                                                                                                  0x032b8b87
                                                                                                                                  0x032b8b8c
                                                                                                                                  0x032b8b8e
                                                                                                                                  0x032b8b94
                                                                                                                                  0x032b8b9b
                                                                                                                                  0x032b8ba0
                                                                                                                                  0x032b8ba6
                                                                                                                                  0x032b8ba8
                                                                                                                                  0x032b8bba
                                                                                                                                  0x032b8bb2
                                                                                                                                  0x032b8bb7
                                                                                                                                  0x032b8bb7
                                                                                                                                  0x032b8ba8
                                                                                                                                  0x032b8b29
                                                                                                                                  0x032b8b31
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b8b33
                                                                                                                                  0x032b8b3b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32(psapi.dll,76D84DE0,00000000,032B8AB4), ref: 032B8B44
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 032B8B58
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 032B8B65
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcessModulesEx), ref: 032B8B72
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExA), ref: 032B8B7F
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetProcessImageFileNameA), ref: 032B8B8C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                  • String ID: EnumProcessModules$EnumProcessModulesEx$EnumProcesses$GetModuleFileNameExA$GetProcessImageFileNameA$psapi.dll
                                                                                                                                  • API String ID: 2238633743-481373471
                                                                                                                                  • Opcode ID: 8342108d7297594c95f2846ee0e53e5ba2e02db164634e99d13f8ba57ad9679d
                                                                                                                                  • Instruction ID: af863bf177270a86e108112de3e55c923a4c041fadc95259615feafdf3f86a62
                                                                                                                                  • Opcode Fuzzy Hash: 8342108d7297594c95f2846ee0e53e5ba2e02db164634e99d13f8ba57ad9679d
                                                                                                                                  • Instruction Fuzzy Hash: 8A014470A113267ECF14EB36FD0AA5BBFB8EB86A90349C01EA424D729CD7709440CA50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B9117 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032B9117(void* __edi) {
				void* _t23;

				_t23 = __edi;
			}




                                                                                                                                  0x032b9117

                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32(WibuCm32.dll), ref: 032B9120
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CmGetVersion), ref: 032B913A
                                                                                                                                  • GetProcAddress.KERNEL32(?,CmConvertTime), ref: 032B9147
                                                                                                                                  • GetProcAddress.KERNEL32(?,CmAccess2), ref: 032B9154
                                                                                                                                  • GetProcAddress.KERNEL32(?,CmRelease), ref: 032B9161
                                                                                                                                  • GetProcAddress.KERNEL32(?,CmGetInfo), ref: 032B916E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                  • String ID: CmAccess2$CmConvertTime$CmGetInfo$CmGetVersion$CmRelease$WibuCm32.dll
                                                                                                                                  • API String ID: 2238633743-2137636411
                                                                                                                                  • Opcode ID: 0ab9a9d2fb865ae5169e29a8a9f46584942415706d929d849ec09b033a768ac9
                                                                                                                                  • Instruction ID: 3d7a1459c3022f5eed2d969c767b4804b9d00ce1d052b1d4792944c6f430a7e5
                                                                                                                                  • Opcode Fuzzy Hash: 0ab9a9d2fb865ae5169e29a8a9f46584942415706d929d849ec09b033a768ac9
                                                                                                                                  • Instruction Fuzzy Hash: EB01E5B0924B23BECB159F65E809789FFB4BB05750F048626E12452A49C3B8A0E1DAD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B7BE0 Relevance: 19.8, APIs: 13, Instructions: 258memorystringsynchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 33%
                                                                                                                                  			E032B7BE0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				unsigned int _v12;
				intOrPtr _v16;
				char _v276;
				char _v800;
				char _v804;
				void* _v808;
				unsigned int _v812;
				unsigned int _v816;
				signed int _v820;
				void* _v824;
				signed int _v828;
				intOrPtr* _v832;
				intOrPtr _v836;
				char _v840;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t85;
				intOrPtr* _t97;
				intOrPtr* _t98;
				void* _t112;
				void* _t115;
				unsigned int _t117;
				void* _t140;
				signed int _t141;
				void* _t143;
				intOrPtr* _t152;
				void* _t157;
				signed int _t158;
				unsigned int _t160;
				unsigned int _t161;
				void* _t163;
				void* _t164;
				intOrPtr* _t165;
				void* _t166;
				signed int _t167;
				signed int _t168;
				void* _t169;
				void* _t170;

				_t157 = __edi;
				_t140 = __ebx;
				_t73 =  *0x32ed474; // 0x444d31ba
				_v8 = _t73 ^ _t168;
				_v836 = _a4;
				_v832 = _a8;
				_v816 = 0x200;
				if(E032B89E0() == 0) {
					L3:
					return E032BD98D(_v8 ^ _t168);
				} else {
					_t163 = GlobalAlloc(0x40, _v816 << 2);
					_push( &_v816);
					_push(_v816 << 2);
					_push(_t163);
					_v808 = _t163;
					if( *0x32eff9c() != 0) {
						if(_t163 == 0) {
							goto L3;
						} else {
							_t85 =  *0x32effb4;
							_v824 = 0;
							if(_t85 != 0) {
								 *_t85( &_v824);
							}
							_push(_t140);
							_push(_t157);
							_t158 = 0;
							_t141 = 0;
							_v820 = 0;
							_v828 = 0;
							while(_t141 < _v816 >> 2) {
								_t93 =  !=  ? 0x410 : 0x400;
								_t164 = OpenProcess( !=  ? 0x410 : 0x400, 0,  *(_t163 + _t141 * 4));
								if(_t164 == 0) {
									L35:
									_t163 = _v808;
									_t141 = _t141 + 1;
									_v828 = _t141;
									if(_t158 == 0) {
										continue;
									}
								} else {
									E032BEF40(_t158,  &_v276, 0, 0x104);
									_t97 =  *0x32effb0;
									_t170 = _t169 + 0xc;
									if(_t97 == 0) {
										_t98 =  *0x32effac;
										_push(0x104);
										if(_t98 == 0) {
											 *0x32effa8(_t164, 0,  &_v276);
										} else {
											_push( &_v276);
											_push(_t164);
											if( *_t98() != 0) {
												E032B81C0( &_v276,  &_v276);
												_t170 = _t170 + 8;
											}
										}
									} else {
										_v840 = 0x104;
										 *_t97(_t164, 0,  &_v276,  &_v840);
									}
									CloseHandle(_t164);
									_v804 =  *((intOrPtr*)(_v808 + _t141 * 4));
									_t30 = _t141 + 1; // 0x2
									_v16 = _t30;
									_v12 = _v816 >> 2;
									lstrcpyA( &_v800,  &_v276);
									_t165 = _v832;
									E032B85F0( &_v804,  *((intOrPtr*)(_t165 + 4)));
									_t169 = _t170 + 8;
									_t112 = _v836( &_v804,  *_t165);
									_t163 = _v808;
									if(_t112 == 0) {
										L40:
										_t158 = 1;
									} else {
										if(_a12 != 0) {
											_t143 = OpenProcess(0x410, 0,  *(_t163 + _t141 * 4));
											if(_t143 != 0) {
												_v812 = 0x800;
												_t115 = GlobalAlloc(0x40, 0x800);
												_t152 =  *0x32effa4;
												_t166 = _t115;
												_v824 = _t166;
												if(_t152 == 0) {
													L21:
													_v812 = 0x800;
													_t117 =  *0x32effa0(_t143, _t166, 0x800,  &_v812);
													if(_t117 != 0) {
														goto L37;
													} else {
														_v812 = _t117;
														goto L23;
													}
												} else {
													_push(3);
													_push( &_v812);
													_push(_v812);
													_push(_t166);
													_push(_t143);
													if( *_t152() != 0) {
														L37:
														_t160 = _v812;
														if(_t160 == 0) {
															L23:
															_t161 = 0;
														} else {
															_t161 = _t160 >> 2;
														}
													} else {
														goto L21;
													}
												}
												_t167 = 0;
												if(_t161 == 0) {
													L31:
													_t158 = _v820;
												} else {
													asm("o16 nop [eax+eax]");
													do {
														E032BEF40(_t161,  &_v800, 0, 0x104);
														_t169 = _t169 + 0xc;
														_push(0x104);
														_push( &_v800);
														_push( *((intOrPtr*)(_v824 + _t167 * 4)));
														_push(_t143);
														if( *0x32effa8() == 0 || lstrcmpA( &_v800,  &_v276) == 0) {
															L29:
															if(WaitForSingleObject( *0x32eff88, 0) != 0x102) {
																goto L39;
															} else {
																goto L30;
															}
														} else {
															_push( *_v832);
															_push( &_v804);
															if(_v836() == 0) {
																L39:
																_t158 = 1;
																_v820 = 1;
															} else {
																goto L29;
															}
														}
														goto L32;
														L30:
														_t167 = _t167 + 1;
													} while (_t167 < _t161);
													goto L31;
												}
												L32:
												GlobalFree(_v824);
												CloseHandle(_t143);
												_t163 = _v808;
											}
											_t141 = _v828;
										}
										if(WaitForSingleObject( *0x32eff88, 0) != 0x102) {
											goto L40;
										} else {
											goto L35;
										}
									}
								}
								break;
							}
							GlobalFree(_t163);
							return E032BD98D(_v8 ^ _t168);
						}
					} else {
						GlobalFree(_t163);
						goto L3;
					}
				}
			}










































                                                                                                                                  0x032b7be0
                                                                                                                                  0x032b7be0
                                                                                                                                  0x032b7be9
                                                                                                                                  0x032b7bf0
                                                                                                                                  0x032b7bf6
                                                                                                                                  0x032b7c00
                                                                                                                                  0x032b7c06
                                                                                                                                  0x032b7c17
                                                                                                                                  0x032b7c56
                                                                                                                                  0x032b7c69
                                                                                                                                  0x032b7c19
                                                                                                                                  0x032b7c31
                                                                                                                                  0x032b7c3c
                                                                                                                                  0x032b7c3d
                                                                                                                                  0x032b7c3e
                                                                                                                                  0x032b7c3f
                                                                                                                                  0x032b7c4d
                                                                                                                                  0x032b7c6e
                                                                                                                                  0x00000000
                                                                                                                                  0x032b7c70
                                                                                                                                  0x032b7c70
                                                                                                                                  0x032b7c75
                                                                                                                                  0x032b7c81
                                                                                                                                  0x032b7c8a
                                                                                                                                  0x032b7c8a
                                                                                                                                  0x032b7c8c
                                                                                                                                  0x032b7c8d
                                                                                                                                  0x032b7c8e
                                                                                                                                  0x032b7c90
                                                                                                                                  0x032b7c92
                                                                                                                                  0x032b7c98
                                                                                                                                  0x032b7c9e
                                                                                                                                  0x032b7cc5
                                                                                                                                  0x032b7ccf
                                                                                                                                  0x032b7cd3
                                                                                                                                  0x032b7f33
                                                                                                                                  0x032b7f33
                                                                                                                                  0x032b7f39
                                                                                                                                  0x032b7f3a
                                                                                                                                  0x032b7f42
                                                                                                                                  0x00000000
                                                                                                                                  0x032b7f44
                                                                                                                                  0x032b7cd9
                                                                                                                                  0x032b7ce7
                                                                                                                                  0x032b7cec
                                                                                                                                  0x032b7cf1
                                                                                                                                  0x032b7cf6
                                                                                                                                  0x032b7d17
                                                                                                                                  0x032b7d1c
                                                                                                                                  0x032b7d23
                                                                                                                                  0x032b7d4f
                                                                                                                                  0x032b7d25
                                                                                                                                  0x032b7d2b
                                                                                                                                  0x032b7d2c
                                                                                                                                  0x032b7d31
                                                                                                                                  0x032b7d3b
                                                                                                                                  0x032b7d40
                                                                                                                                  0x032b7d40
                                                                                                                                  0x032b7d31
                                                                                                                                  0x032b7cf8
                                                                                                                                  0x032b7cfe
                                                                                                                                  0x032b7d13
                                                                                                                                  0x032b7d13
                                                                                                                                  0x032b7d56
                                                                                                                                  0x032b7d65
                                                                                                                                  0x032b7d6b
                                                                                                                                  0x032b7d6e
                                                                                                                                  0x032b7d7a
                                                                                                                                  0x032b7d8b
                                                                                                                                  0x032b7d91
                                                                                                                                  0x032b7da1
                                                                                                                                  0x032b7da6
                                                                                                                                  0x032b7db2
                                                                                                                                  0x032b7db8
                                                                                                                                  0x032b7dc0
                                                                                                                                  0x032b7f6c
                                                                                                                                  0x032b7f6c
                                                                                                                                  0x032b7dc6
                                                                                                                                  0x032b7dca
                                                                                                                                  0x032b7de0
                                                                                                                                  0x032b7de4
                                                                                                                                  0x032b7df1
                                                                                                                                  0x032b7dfb
                                                                                                                                  0x032b7e01
                                                                                                                                  0x032b7e07
                                                                                                                                  0x032b7e09
                                                                                                                                  0x032b7e11
                                                                                                                                  0x032b7e2e
                                                                                                                                  0x032b7e34
                                                                                                                                  0x032b7e46
                                                                                                                                  0x032b7e4e
                                                                                                                                  0x00000000
                                                                                                                                  0x032b7e54
                                                                                                                                  0x032b7e54
                                                                                                                                  0x00000000
                                                                                                                                  0x032b7e54
                                                                                                                                  0x032b7e13
                                                                                                                                  0x032b7e13
                                                                                                                                  0x032b7e1b
                                                                                                                                  0x032b7e1c
                                                                                                                                  0x032b7e22
                                                                                                                                  0x032b7e23
                                                                                                                                  0x032b7e28
                                                                                                                                  0x032b7f49
                                                                                                                                  0x032b7f49
                                                                                                                                  0x032b7f51
                                                                                                                                  0x032b7e5a
                                                                                                                                  0x032b7e5a
                                                                                                                                  0x032b7f57
                                                                                                                                  0x032b7f57
                                                                                                                                  0x032b7f57
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b7e28
                                                                                                                                  0x032b7e5c
                                                                                                                                  0x032b7e60
                                                                                                                                  0x032b7ef9
                                                                                                                                  0x032b7ef9
                                                                                                                                  0x032b7e66
                                                                                                                                  0x032b7e66
                                                                                                                                  0x032b7e70
                                                                                                                                  0x032b7e7e
                                                                                                                                  0x032b7e83
                                                                                                                                  0x032b7e8c
                                                                                                                                  0x032b7e91
                                                                                                                                  0x032b7e98
                                                                                                                                  0x032b7e9b
                                                                                                                                  0x032b7ea4
                                                                                                                                  0x032b7edb
                                                                                                                                  0x032b7eee
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b7ebe
                                                                                                                                  0x032b7ec4
                                                                                                                                  0x032b7ecc
                                                                                                                                  0x032b7ed5
                                                                                                                                  0x032b7f5f
                                                                                                                                  0x032b7f5f
                                                                                                                                  0x032b7f64
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b7ed5
                                                                                                                                  0x00000000
                                                                                                                                  0x032b7ef0
                                                                                                                                  0x032b7ef0
                                                                                                                                  0x032b7ef1
                                                                                                                                  0x00000000
                                                                                                                                  0x032b7e70
                                                                                                                                  0x032b7eff
                                                                                                                                  0x032b7f05
                                                                                                                                  0x032b7f0c
                                                                                                                                  0x032b7f12
                                                                                                                                  0x032b7f12
                                                                                                                                  0x032b7f18
                                                                                                                                  0x032b7f18
                                                                                                                                  0x032b7f31
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b7f31
                                                                                                                                  0x032b7dc0
                                                                                                                                  0x00000000
                                                                                                                                  0x032b7cd3
                                                                                                                                  0x032b7f72
                                                                                                                                  0x032b7f8f
                                                                                                                                  0x032b7f8f
                                                                                                                                  0x032b7c4f
                                                                                                                                  0x032b7c50
                                                                                                                                  0x00000000
                                                                                                                                  0x032b7c50
                                                                                                                                  0x032b7c4d

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032B89E0: CreateEventA.KERNEL32(?,?,?,?,032B7C15,?), ref: 032B89ED
                                                                                                                                    • Part of subcall function 032B89E0: GetModuleHandleA.KERNEL32(ntdll.dll,00000000,?), ref: 032B8A4E
                                                                                                                                    • Part of subcall function 032B89E0: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 032B8A5E
                                                                                                                                    • Part of subcall function 032B89E0: GetProcAddress.KERNEL32(00000000,NtQueryObject), ref: 032B8A6B
                                                                                                                                    • Part of subcall function 032B89E0: GetProcAddress.KERNEL32(00000000,NtQueryInformationFile), ref: 032B8A78
                                                                                                                                    • Part of subcall function 032B89E0: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 032B8A84
                                                                                                                                    • Part of subcall function 032B89E0: GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameA), ref: 032B8A8E
                                                                                                                                    • Part of subcall function 032B89E0: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 032B8A9B
                                                                                                                                    • Part of subcall function 032B89E0: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 032B8AA8
                                                                                                                                    • Part of subcall function 032B89E0: GetVersion.KERNEL32 ref: 032B8AB4
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000200,?), ref: 032B7C25
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B7C50
                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000000,00000000,00000000), ref: 032B7CC9
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B7D56
                                                                                                                                  • lstrcpyA.KERNEL32(?,?), ref: 032B7D8B
                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,?), ref: 032B7DDA
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000800), ref: 032B7DFB
                                                                                                                                  • lstrcmpA.KERNEL32(?,?), ref: 032B7EB4
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000), ref: 032B7EE3
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B7F05
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B7F0C
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000), ref: 032B7F26
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B7F72
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$Global$Handle$Free$AllocCloseModuleObjectOpenProcessSingleWait$CreateEventVersionlstrcmplstrcpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3497528604-0
                                                                                                                                  • Opcode ID: ec9c7de2f187475a2c1754616752d97f9397dd4d8327f2fadd80ce1bac821b50
                                                                                                                                  • Instruction ID: f94c5023b27a28f7a14d3aa6ff5c8f7f48b265d6f98c022e215da6d627c5ec51
                                                                                                                                  • Opcode Fuzzy Hash: ec9c7de2f187475a2c1754616752d97f9397dd4d8327f2fadd80ce1bac821b50
                                                                                                                                  • Instruction Fuzzy Hash: 11A163719112299BDB22DF64DD89BDAB7BCBF48740F4440D9E919E7280D7709B84CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D31A8 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032D31A8(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t2 = _t74 + 0x88; // 0x20202020
				_t25 =  *_t2;
				if(_t25 != 0 && _t25 != 0x32edd50) {
					_t3 = _t74 + 0x7c; // 0x20202020
					_t45 =  *_t3;
					if(_t45 != 0 &&  *_t45 == 0) {
						_t4 = _t74 + 0x84; // 0x20202020
						_t46 =  *_t4;
						if(_t46 != 0 &&  *_t46 == 0) {
							E032C9EFA(_t46);
							_t5 = _t74 + 0x88; // 0x20202020
							E032D3628( *_t5);
						}
						_t6 = _t74 + 0x80; // 0x20202020
						_t47 =  *_t6;
						if(_t47 != 0 &&  *_t47 == 0) {
							E032C9EFA(_t47);
							_t7 = _t74 + 0x88; // 0x20202020
							E032D3ADF( *_t7);
						}
						_t8 = _t74 + 0x7c; // 0x20202020
						E032C9EFA( *_t8);
						_t9 = _t74 + 0x88; // 0x20202020
						E032C9EFA( *_t9);
					}
				}
				_t10 = _t74 + 0x8c; // 0x20202020
				_t26 =  *_t10;
				if(_t26 != 0 &&  *_t26 == 0) {
					_t11 = _t74 + 0x90; // 0x20202020
					E032C9EFA( *_t11 - 0xfe);
					_t12 = _t74 + 0x94; // 0x0
					E032C9EFA( *_t12 - 0x80);
					_t13 = _t74 + 0x98; // 0x0
					E032C9EFA( *_t13 - 0x80);
					_t14 = _t74 + 0x8c; // 0x20202020
					E032C9EFA( *_t14);
				}
				_t15 = _t74 + 0x9c; // 0x0
				E032D331B( *_t15);
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0x32ed8d0
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x32ed858
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x32ed6e8) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E032C9EFA(_t31);
							E032C9EFA( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t22 = _t70 - 4; // 0x0
						_t29 =  *_t22;
						if(_t29 != 0 &&  *_t29 == 0) {
							E032C9EFA(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E032C9EFA(_t74);
			}















                                                                                                                                  0x032d31b0
                                                                                                                                  0x032d31b4
                                                                                                                                  0x032d31b4
                                                                                                                                  0x032d31bc
                                                                                                                                  0x032d31c5
                                                                                                                                  0x032d31c5
                                                                                                                                  0x032d31ca
                                                                                                                                  0x032d31d1
                                                                                                                                  0x032d31d1
                                                                                                                                  0x032d31d9
                                                                                                                                  0x032d31e1
                                                                                                                                  0x032d31e6
                                                                                                                                  0x032d31ec
                                                                                                                                  0x032d31f2
                                                                                                                                  0x032d31f3
                                                                                                                                  0x032d31f3
                                                                                                                                  0x032d31fb
                                                                                                                                  0x032d3203
                                                                                                                                  0x032d3208
                                                                                                                                  0x032d320e
                                                                                                                                  0x032d3214
                                                                                                                                  0x032d3215
                                                                                                                                  0x032d3218
                                                                                                                                  0x032d321d
                                                                                                                                  0x032d3223
                                                                                                                                  0x032d3229
                                                                                                                                  0x032d31ca
                                                                                                                                  0x032d322a
                                                                                                                                  0x032d322a
                                                                                                                                  0x032d3232
                                                                                                                                  0x032d3239
                                                                                                                                  0x032d3245
                                                                                                                                  0x032d324a
                                                                                                                                  0x032d3258
                                                                                                                                  0x032d325d
                                                                                                                                  0x032d3266
                                                                                                                                  0x032d326b
                                                                                                                                  0x032d3271
                                                                                                                                  0x032d3276
                                                                                                                                  0x032d3279
                                                                                                                                  0x032d327f
                                                                                                                                  0x032d3287
                                                                                                                                  0x032d3288
                                                                                                                                  0x032d3288
                                                                                                                                  0x032d328e
                                                                                                                                  0x032d3291
                                                                                                                                  0x032d3291
                                                                                                                                  0x032d3294
                                                                                                                                  0x032d329b
                                                                                                                                  0x032d329d
                                                                                                                                  0x032d32a1
                                                                                                                                  0x032d32a9
                                                                                                                                  0x032d32b0
                                                                                                                                  0x032d32b6
                                                                                                                                  0x032d32b7
                                                                                                                                  0x032d32b7
                                                                                                                                  0x032d32be
                                                                                                                                  0x032d32c0
                                                                                                                                  0x032d32c0
                                                                                                                                  0x032d32c5
                                                                                                                                  0x032d32cd
                                                                                                                                  0x032d32d2
                                                                                                                                  0x032d32d3
                                                                                                                                  0x032d32d3
                                                                                                                                  0x032d32d6
                                                                                                                                  0x032d32d9
                                                                                                                                  0x032d32dc
                                                                                                                                  0x032d32df
                                                                                                                                  0x032d32df
                                                                                                                                  0x032d32f1

                                                                                                                                  APIs
                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 032D31EC
                                                                                                                                    • Part of subcall function 032D3628: _free.LIBCMT ref: 032D3645
                                                                                                                                    • Part of subcall function 032D3628: _free.LIBCMT ref: 032D3657
                                                                                                                                    • Part of subcall function 032D3628: _free.LIBCMT ref: 032D3669
                                                                                                                                    • Part of subcall function 032D3628: _free.LIBCMT ref: 032D367B
                                                                                                                                    • Part of subcall function 032D3628: _free.LIBCMT ref: 032D368D
                                                                                                                                    • Part of subcall function 032D3628: _free.LIBCMT ref: 032D369F
                                                                                                                                    • Part of subcall function 032D3628: _free.LIBCMT ref: 032D36B1
                                                                                                                                    • Part of subcall function 032D3628: _free.LIBCMT ref: 032D36C3
                                                                                                                                    • Part of subcall function 032D3628: _free.LIBCMT ref: 032D36D5
                                                                                                                                    • Part of subcall function 032D3628: _free.LIBCMT ref: 032D36E7
                                                                                                                                    • Part of subcall function 032D3628: _free.LIBCMT ref: 032D36F9
                                                                                                                                    • Part of subcall function 032D3628: _free.LIBCMT ref: 032D370B
                                                                                                                                    • Part of subcall function 032D3628: _free.LIBCMT ref: 032D371D
                                                                                                                                  • _free.LIBCMT ref: 032D31E1
                                                                                                                                    • Part of subcall function 032C9EFA: HeapFree.KERNEL32(00000000,00000000,?,032D3D83,032ED830,00000000,032ED830,?,?,032D4028,032ED830,00000007,032ED830,?,032D3341,032ED830), ref: 032C9F10
                                                                                                                                    • Part of subcall function 032C9EFA: GetLastError.KERNEL32(032ED830,?,032D3D83,032ED830,00000000,032ED830,?,?,032D4028,032ED830,00000007,032ED830,?,032D3341,032ED830,032ED830), ref: 032C9F22
                                                                                                                                  • _free.LIBCMT ref: 032D3203
                                                                                                                                  • _free.LIBCMT ref: 032D3218
                                                                                                                                  • _free.LIBCMT ref: 032D3223
                                                                                                                                  • _free.LIBCMT ref: 032D3245
                                                                                                                                  • _free.LIBCMT ref: 032D3258
                                                                                                                                  • _free.LIBCMT ref: 032D3266
                                                                                                                                  • _free.LIBCMT ref: 032D3271
                                                                                                                                  • _free.LIBCMT ref: 032D32A9
                                                                                                                                  • _free.LIBCMT ref: 032D32B0
                                                                                                                                  • _free.LIBCMT ref: 032D32CD
                                                                                                                                  • _free.LIBCMT ref: 032D32E5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                  • Opcode ID: a316942cc3049e223120450694badf3497ba2d43a5f401fd7420c7f99dcaa37f
                                                                                                                                  • Instruction ID: 2185f7efd93cc2f9fe6d3239d067416281dfd4a263f25e4cd42b0c11cfd0338d
                                                                                                                                  • Opcode Fuzzy Hash: a316942cc3049e223120450694badf3497ba2d43a5f401fd7420c7f99dcaa37f
                                                                                                                                  • Instruction Fuzzy Hash: F1314E39A20306DFDB20EA78E848B56B3E9FF11310F19855AE54ADB550EF71ADC08751
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B1AF0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 110memorystringsynchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032B1AF0(intOrPtr _a4, long _a8, intOrPtr _a12, void* _a16, intOrPtr _a20) {
				void* _t11;
				CHAR* _t12;
				char _t18;
				long _t21;
				CHAR* _t29;
				CHAR* _t37;
				CHAR* _t40;
				void* _t43;
				CHAR* _t47;
				long _t49;
				void** _t50;
				void* _t51;
				void* _t52;
				void _t53;

				_t49 = _a8;
				if( *0x32efcc8 == 0) {
					 *0x32efccc = _a4;
					 *0x32efcd4 = _a16;
					 *0x32efcd8 = _a12;
					 *0x32efcd0 = _t49;
					 *((intOrPtr*)( *((intOrPtr*)(_a20 + 0xc))))( *0x32efcc4, E032AFFB0);
					 *0x32efcc8 = 1;
				}
				_t11 = E032AE6D0();
				if(_t11 == 0) {
					if( *0x32efcd4 == _t11) {
						return _t11;
					} else {
						_t53 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t7 = _t53 + 4; // 0x4
						_t29 = lstrcpynA(_t7, "error",  *0x32efcd0);
						_t43 =  *0x32efcd4;
						 *_t53 =  *_t43;
						 *_t43 = _t53;
						return _t29;
					}
				}
				_t12 = GlobalAlloc(0x40, _t49);
				_t50 =  *0x32efcd4;
				_t37 = _t12;
				if(_t50 == 0) {
					L18:
					return GlobalFree(_t37);
				} else {
					_t51 =  *_t50;
					if(_t51 == 0) {
						goto L18;
					}
					lstrcpyA(_t37, _t51 + 4);
					 *( *0x32efcd4) =  *_t51;
					GlobalFree(_t51);
					_t18 =  *_t37;
					_t40 = _t37;
					if(_t18 == 0) {
						L16:
						if(E032B0E70(_t40) > 0) {
							E032AF880(_t19);
						}
						goto L18;
					}
					_t47 = _t37;
					do {
						if(_t18 != 0x2c) {
							goto L14;
						}
						_t21 = E032B0E70(_t40);
						if(_t21 > 0) {
							_t52 = OpenProcess(0x100001, 0, _t21);
							if(_t52 != 0) {
								TerminateProcess(_t52, 0xffffffff);
								WaitForSingleObject(_t52, 0x3e8);
								CloseHandle(_t52);
							}
						}
						_t9 =  &(_t47[1]); // 0x1
						_t40 = _t9;
						L14:
						_t18 = _t47[1];
						_t47 =  &(_t47[1]);
					} while (_t18 != 0);
					goto L16;
				}
			}

















                                                                                                                                  0x032b1afb
                                                                                                                                  0x032b1afe
                                                                                                                                  0x032b1b03
                                                                                                                                  0x032b1b0b
                                                                                                                                  0x032b1b13
                                                                                                                                  0x032b1b26
                                                                                                                                  0x032b1b2f
                                                                                                                                  0x032b1b31
                                                                                                                                  0x032b1b31
                                                                                                                                  0x032b1b3b
                                                                                                                                  0x032b1b42
                                                                                                                                  0x032b1b4a
                                                                                                                                  0x032b1c3c
                                                                                                                                  0x032b1b50
                                                                                                                                  0x032b1b67
                                                                                                                                  0x032b1b6e
                                                                                                                                  0x032b1b72
                                                                                                                                  0x032b1b78
                                                                                                                                  0x032b1b80
                                                                                                                                  0x032b1b82
                                                                                                                                  0x032b1b86
                                                                                                                                  0x032b1b86
                                                                                                                                  0x032b1b4a
                                                                                                                                  0x032b1b8c
                                                                                                                                  0x032b1b92
                                                                                                                                  0x032b1b98
                                                                                                                                  0x032b1ba2
                                                                                                                                  0x032b1c35
                                                                                                                                  0x00000000
                                                                                                                                  0x032b1ba8
                                                                                                                                  0x032b1ba8
                                                                                                                                  0x032b1bac
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b1bb7
                                                                                                                                  0x032b1bc5
                                                                                                                                  0x032b1bc7
                                                                                                                                  0x032b1bc9
                                                                                                                                  0x032b1bcb
                                                                                                                                  0x032b1bcf
                                                                                                                                  0x032b1c22
                                                                                                                                  0x032b1c2a
                                                                                                                                  0x032b1c2d
                                                                                                                                  0x032b1c32
                                                                                                                                  0x00000000
                                                                                                                                  0x032b1c2a
                                                                                                                                  0x032b1bd1
                                                                                                                                  0x032b1bd3
                                                                                                                                  0x032b1bd5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b1bd8
                                                                                                                                  0x032b1bdf
                                                                                                                                  0x032b1bef
                                                                                                                                  0x032b1bf3
                                                                                                                                  0x032b1bf8
                                                                                                                                  0x032b1c04
                                                                                                                                  0x032b1c0b
                                                                                                                                  0x032b1c0b
                                                                                                                                  0x032b1bf3
                                                                                                                                  0x032b1c11
                                                                                                                                  0x032b1c11
                                                                                                                                  0x032b1c14
                                                                                                                                  0x032b1c14
                                                                                                                                  0x032b1c17
                                                                                                                                  0x032b1c18
                                                                                                                                  0x00000000
                                                                                                                                  0x032b1c1c

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B1B5B
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B1B72
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B1B8C
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B1BB7
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B1BC7
                                                                                                                                  • OpenProcess.KERNEL32(00100001,00000000,00000000,00000000), ref: 032B1BE9
                                                                                                                                  • TerminateProcess.KERNEL32(00000000,000000FF), ref: 032B1BF8
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 032B1C04
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B1C0B
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B1C36
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFreeProcess$CloseHandleObjectOpenSingleTerminateWaitlstrcpylstrcpyn
                                                                                                                                  • String ID: error
                                                                                                                                  • API String ID: 979056496-1574812785
                                                                                                                                  • Opcode ID: d2583a68f3627e81f386f107c270046bc9c40a16e4007e1d79a9c3c03ad27ad0
                                                                                                                                  • Instruction ID: 06a2bf075d777fd23f90cadc73248d9ebfb4f7608fbc290fde69fdb0447a9f36
                                                                                                                                  • Opcode Fuzzy Hash: d2583a68f3627e81f386f107c270046bc9c40a16e4007e1d79a9c3c03ad27ad0
                                                                                                                                  • Instruction Fuzzy Hash: FB31F276501231AFC710EF68FA49A9A77B8FF09750B158114FE05DB388DB31E8A0CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B19F0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 76memorystringfileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032B19F0(long _a8, intOrPtr _a12, void* _a16) {
				void* _t11;
				void* _t17;
				long _t25;
				long _t26;
				void* _t31;
				void* _t32;
				void** _t33;
				void* _t34;
				void _t35;

				_t26 = _a8;
				 *0x32efcd4 = _a16;
				 *0x32efcd0 = _t26;
				 *0x32efcd8 = _a12;
				_t11 = GlobalAlloc(0x40, _t26);
				_t33 =  *0x32efcd4;
				_t32 = _t11;
				if(_t33 != 0) {
					_t34 =  *_t33;
					if(_t34 != 0) {
						lstrcpyA(_t32, _t34 + 4);
						 *( *0x32efcd4) =  *_t34;
						GlobalFree(_t34);
						_a8 = 0;
						_t17 = CreateFileA(_t32, 0xc0000000, 0, 0, 3, 0x80, 0);
						if(_t17 != 0xffffffff) {
							CloseHandle(_t17);
						} else {
							_t25 = GetLastError();
							if(_t25 != 3 && _t25 != 2) {
								_a8 = 1;
							}
						}
						if( *0x32efcd4 != 0) {
							_t35 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
							_t29 =  ==  ? "false" : "true";
							_t8 = _t35 + 4; // 0x4
							lstrcpynA(_t8,  ==  ? "false" : "true",  *0x32efcd0);
							_t31 =  *0x32efcd4;
							 *_t35 =  *_t31;
							 *_t31 = _t35;
						}
					}
				}
				return GlobalFree(_t32);
			}












                                                                                                                                  0x032b19f3
                                                                                                                                  0x032b19fc
                                                                                                                                  0x032b1a06
                                                                                                                                  0x032b1a0c
                                                                                                                                  0x032b1a11
                                                                                                                                  0x032b1a17
                                                                                                                                  0x032b1a1d
                                                                                                                                  0x032b1a21
                                                                                                                                  0x032b1a27
                                                                                                                                  0x032b1a2b
                                                                                                                                  0x032b1a36
                                                                                                                                  0x032b1a44
                                                                                                                                  0x032b1a46
                                                                                                                                  0x032b1a5f
                                                                                                                                  0x032b1a66
                                                                                                                                  0x032b1a6f
                                                                                                                                  0x032b1a8b
                                                                                                                                  0x032b1a71
                                                                                                                                  0x032b1a71
                                                                                                                                  0x032b1a7a
                                                                                                                                  0x032b1a81
                                                                                                                                  0x032b1a81
                                                                                                                                  0x032b1a7a
                                                                                                                                  0x032b1a98
                                                                                                                                  0x032b1aaf
                                                                                                                                  0x032b1ac1
                                                                                                                                  0x032b1ac5
                                                                                                                                  0x032b1ac9
                                                                                                                                  0x032b1acf
                                                                                                                                  0x032b1ad7
                                                                                                                                  0x032b1ad9
                                                                                                                                  0x032b1ad9
                                                                                                                                  0x032b1a98
                                                                                                                                  0x032b1a2b
                                                                                                                                  0x032b1ae5

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B1A11
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B1A36
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B1A46
                                                                                                                                  • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 032B1A66
                                                                                                                                  • GetLastError.KERNEL32 ref: 032B1A71
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B1A8B
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B1AA5
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,true), ref: 032B1AC9
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B1ADC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFree$CloseCreateErrorFileHandleLastlstrcpylstrcpyn
                                                                                                                                  • String ID: false$true
                                                                                                                                  • API String ID: 2100058504-2658103896
                                                                                                                                  • Opcode ID: 47104eb73144eb22f75b51024dbd5b0d6524bdc506a383d05d84b89444019d4a
                                                                                                                                  • Instruction ID: c2c4add368f09733c8f2553075aac6c01a1ecd16aa7a4e42d40e7829a33c9118
                                                                                                                                  • Opcode Fuzzy Hash: 47104eb73144eb22f75b51024dbd5b0d6524bdc506a383d05d84b89444019d4a
                                                                                                                                  • Instruction Fuzzy Hash: DB218B72501224EFD720EF68F94DB697BB8EB46711F14C519FA06DB288CB31A850CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D3726 Relevance: 18.4, APIs: 12, Instructions: 375COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 97%
                                                                                                                                  			E032D3726(void* __edx, char _a4) {
				void* _v8;
				void* _v12;
				signed int _v16;
				intOrPtr* _v20;
				signed int _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t105;
				char _t195;
				intOrPtr* _t196;
				char _t209;
				signed int _t212;
				char _t221;
				char _t222;
				void* _t225;
				char* _t227;
				signed int _t228;
				signed int _t232;
				signed int _t233;
				void* _t235;
				void* _t237;
				signed int _t238;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				char* _t258;

				_t225 = __edx;
				_t209 = _a4;
				_v16 = 0;
				_v28 = _t209;
				_v24 = 0;
				if( *((intOrPtr*)(_t209 + 0xac)) != 0 ||  *((intOrPtr*)(_t209 + 0xb0)) != 0) {
					_t235 = E032CCA94(0, 1, 0x50);
					_v8 = _t235;
					E032C9EFA(0);
					if(_t235 != 0) {
						_t228 = E032CCA94(0, 1, 4);
						_v12 = _t228;
						E032C9EFA(0);
						if(_t228 != 0) {
							if( *((intOrPtr*)(_t209 + 0xac)) == 0) {
								_t212 = 0x14;
								memcpy(_v8, 0x32edd50, _t212 << 2);
								L24:
								_t237 = _v8;
								_t232 = _v16;
								 *_t237 =  *( *(_t209 + 0x88));
								 *((intOrPtr*)(_t237 + 4)) =  *((intOrPtr*)( *(_t209 + 0x88) + 4));
								 *((intOrPtr*)(_t237 + 8)) =  *((intOrPtr*)( *(_t209 + 0x88) + 8));
								 *((intOrPtr*)(_t237 + 0x30)) =  *((intOrPtr*)( *(_t209 + 0x88) + 0x30));
								 *((intOrPtr*)(_t237 + 0x34)) =  *((intOrPtr*)( *(_t209 + 0x88) + 0x34));
								 *_v12 = 1;
								if(_t232 != 0) {
									 *_t232 = 1;
								}
								goto L26;
							}
							_t233 = E032CCA94(0, 1, 4);
							_v16 = _t233;
							E032C9EFA(0);
							if(_t233 != 0) {
								_t234 =  *((intOrPtr*)(_t209 + 0xac));
								_t14 = _t235 + 0xc; // 0xc
								_t238 = E032D86AD(_t209, _t225,  *((intOrPtr*)(_t209 + 0xac)), _t235,  &_v28, 1,  *((intOrPtr*)(_t209 + 0xac)), 0x15, _t14);
								_t239 = _t238 | E032D86AD(_t209, _t225,  *((intOrPtr*)(_t209 + 0xac)), _t238,  &_v28, 1,  *((intOrPtr*)(_t209 + 0xac)), 0x14, _v8 + 0x10);
								_t240 = _t239 | E032D86AD(_t209, _t225,  *((intOrPtr*)(_t209 + 0xac)), _t239,  &_v28, 1, _t234, 0x16, _v8 + 0x14);
								_t241 = _t240 | E032D86AD(_t209, _t225, _t234, _t240,  &_v28, 1, _t234, 0x17, _v8 + 0x18);
								_v20 = _v8 + 0x1c;
								_t242 = _t241 | E032D86AD(_t209, _t225, _t234, _t241,  &_v28, 1, _t234, 0x18, _v8 + 0x1c);
								_t243 = _t242 | E032D86AD(_t209, _t225, _t234, _t242,  &_v28, 1, _t234, 0x50, _v8 + 0x20);
								_t244 = _t243 | E032D86AD(_t209, _t225, _t234, _t243,  &_v28, 1, _t234, 0x51, _v8 + 0x24);
								_t245 = _t244 | E032D86AD(_t209, _t225, _t234, _t244,  &_v28, 0, _t234, 0x1a, _v8 + 0x28);
								_t246 = _t245 | E032D86AD(_t209, _t225, _t234, _t245,  &_v28, 0, _t234, 0x19, _v8 + 0x29);
								_t247 = _t246 | E032D86AD(_t209, _t225, _t234, _t246,  &_v28, 0, _t234, 0x54, _v8 + 0x2a);
								_t248 = _t247 | E032D86AD(_t209, _t225, _t234, _t247,  &_v28, 0, _t234, 0x55, _v8 + 0x2b);
								_t249 = _t248 | E032D86AD(_t209, _t225, _t234, _t248,  &_v28, 0, _t234, 0x56, _v8 + 0x2c);
								_t250 = _t249 | E032D86AD(_t209, _t225, _t234, _t249,  &_v28, 0, _t234, 0x57, _v8 + 0x2d);
								_t251 = _t250 | E032D86AD(_t209, _t225, _t234, _t250,  &_v28, 0, _t234, 0x52, _v8 + 0x2e);
								_t252 = _t251 | E032D86AD(_t209, _t225, _t234, _t251,  &_v28, 0, _t234, 0x53, _v8 + 0x2f);
								_t253 = _t252 | E032D86AD(_t209, _t225, _t234, _t252,  &_v28, 2, _t234, 0x15, _v8 + 0x38);
								_t254 = _t253 | E032D86AD(_t209, _t225, _t234, _t253,  &_v28, 2, _t234, 0x14, _v8 + 0x3c);
								_t255 = _t254 | E032D86AD(_t209, _t225, _t234, _t254,  &_v28, 2, _t234, 0x16, _v8 + 0x40);
								_t256 = _t255 | E032D86AD(_t209, _t225, _t234, _t255,  &_v28, 2, _t234, 0x17, _v8 + 0x44);
								_t257 = _t256 | E032D86AD(_t209, _t225, _t234, _t256,  &_v28, 2, _t234, 0x50, _v8 + 0x48);
								if((E032D86AD(_t209, _t225, _t234, _t257,  &_v28, 2, _t234, 0x51, _v8 + 0x4c) | _t257) == 0) {
									_t227 =  *_v20;
									while(1) {
										_t195 =  *_t227;
										if(_t195 == 0) {
											break;
										}
										_t61 = _t195 - 0x30; // -48
										_t221 = _t61;
										if(_t221 > 9) {
											if(_t195 != 0x3b) {
												L16:
												_t227 = _t227 + 1;
												continue;
											}
											_t258 = _t227;
											do {
												_t196 = _t258 + 1;
												_t222 =  *_t196;
												 *_t258 = _t222;
												_t258 = _t196;
											} while (_t222 != 0);
											continue;
										}
										 *_t227 = _t221;
										goto L16;
									}
									goto L24;
								}
								E032D3628(_v8);
								E032C9EFA(_v8);
								E032C9EFA(_v12);
								E032C9EFA(_v16);
								goto L4;
							}
							E032C9EFA(_t235);
							E032C9EFA(_v12);
							L7:
							goto L4;
						}
						E032C9EFA(_t235);
						goto L7;
					}
					L4:
					return 1;
				} else {
					_t232 = 0;
					_v12 = 0;
					_t237 = 0x32edd50;
					L26:
					_t105 =  *(_t209 + 0x84);
					if(_t105 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t209 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t105 | 0xffffffff) == 0) {
							E032C9EFA( *(_t209 + 0x88));
							E032C9EFA( *((intOrPtr*)(_t209 + 0x7c)));
						}
					}
					 *((intOrPtr*)(_t209 + 0x7c)) = _v12;
					 *(_t209 + 0x84) = _t232;
					 *(_t209 + 0x88) = _t237;
					return 0;
				}
			}















































                                                                                                                                  0x032d3726
                                                                                                                                  0x032d372f
                                                                                                                                  0x032d3736
                                                                                                                                  0x032d3739
                                                                                                                                  0x032d373c
                                                                                                                                  0x032d3745
                                                                                                                                  0x032d3767
                                                                                                                                  0x032d376b
                                                                                                                                  0x032d376e
                                                                                                                                  0x032d3778
                                                                                                                                  0x032d378b
                                                                                                                                  0x032d378f
                                                                                                                                  0x032d3792
                                                                                                                                  0x032d379c
                                                                                                                                  0x032d37ae
                                                                                                                                  0x032d3a41
                                                                                                                                  0x032d3a42
                                                                                                                                  0x032d3a44
                                                                                                                                  0x032d3a4c
                                                                                                                                  0x032d3a50
                                                                                                                                  0x032d3a55
                                                                                                                                  0x032d3a60
                                                                                                                                  0x032d3a6c
                                                                                                                                  0x032d3a78
                                                                                                                                  0x032d3a84
                                                                                                                                  0x032d3a8a
                                                                                                                                  0x032d3a8e
                                                                                                                                  0x032d3a90
                                                                                                                                  0x032d3a90
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3a8e
                                                                                                                                  0x032d37bd
                                                                                                                                  0x032d37c1
                                                                                                                                  0x032d37c4
                                                                                                                                  0x032d37ce
                                                                                                                                  0x032d37e2
                                                                                                                                  0x032d37e8
                                                                                                                                  0x032d37fd
                                                                                                                                  0x032d3811
                                                                                                                                  0x032d3828
                                                                                                                                  0x032d3842
                                                                                                                                  0x032d384a
                                                                                                                                  0x032d385c
                                                                                                                                  0x032d3873
                                                                                                                                  0x032d388a
                                                                                                                                  0x032d38a4
                                                                                                                                  0x032d38bb
                                                                                                                                  0x032d38d2
                                                                                                                                  0x032d38e9
                                                                                                                                  0x032d3903
                                                                                                                                  0x032d391a
                                                                                                                                  0x032d3931
                                                                                                                                  0x032d3948
                                                                                                                                  0x032d3962
                                                                                                                                  0x032d3979
                                                                                                                                  0x032d3990
                                                                                                                                  0x032d39a7
                                                                                                                                  0x032d39c1
                                                                                                                                  0x032d39dd
                                                                                                                                  0x032d3a0b
                                                                                                                                  0x032d3a1a
                                                                                                                                  0x032d3a1a
                                                                                                                                  0x032d3a1e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3a0f
                                                                                                                                  0x032d3a0f
                                                                                                                                  0x032d3a15
                                                                                                                                  0x032d3a24
                                                                                                                                  0x032d3a19
                                                                                                                                  0x032d3a19
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3a19
                                                                                                                                  0x032d3a26
                                                                                                                                  0x032d3a28
                                                                                                                                  0x032d3a28
                                                                                                                                  0x032d3a2b
                                                                                                                                  0x032d3a2d
                                                                                                                                  0x032d3a2f
                                                                                                                                  0x032d3a31
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3a35
                                                                                                                                  0x032d3a17
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3a17
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3a20
                                                                                                                                  0x032d39e3
                                                                                                                                  0x032d39e9
                                                                                                                                  0x032d39f2
                                                                                                                                  0x032d39fb
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3a00
                                                                                                                                  0x032d37d1
                                                                                                                                  0x032d37da
                                                                                                                                  0x032d37a4
                                                                                                                                  0x00000000
                                                                                                                                  0x032d37a4
                                                                                                                                  0x032d379f
                                                                                                                                  0x00000000
                                                                                                                                  0x032d379f
                                                                                                                                  0x032d377a
                                                                                                                                  0x00000000
                                                                                                                                  0x032d374f
                                                                                                                                  0x032d374f
                                                                                                                                  0x032d3751
                                                                                                                                  0x032d3754
                                                                                                                                  0x032d3a92
                                                                                                                                  0x032d3a92
                                                                                                                                  0x032d3a9a
                                                                                                                                  0x032d3a9c
                                                                                                                                  0x032d3a9c
                                                                                                                                  0x032d3aa4
                                                                                                                                  0x032d3aa9
                                                                                                                                  0x032d3aad
                                                                                                                                  0x032d3ab5
                                                                                                                                  0x032d3abd
                                                                                                                                  0x032d3ac3
                                                                                                                                  0x032d3aad
                                                                                                                                  0x032d3ac7
                                                                                                                                  0x032d3acc
                                                                                                                                  0x032d3ad2
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3ad2

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                  • Opcode ID: 54c751788e12071bfb39fae949901cb5e9af43939dfffa29b2ea2330a09159e3
                                                                                                                                  • Instruction ID: c6edae8b158d3d74a9c526f42bc3ee069f169aeb07553eb46a3d32816ff81426
                                                                                                                                  • Opcode Fuzzy Hash: 54c751788e12071bfb39fae949901cb5e9af43939dfffa29b2ea2330a09159e3
                                                                                                                                  • Instruction Fuzzy Hash: 0BC12776E50319AFDB20DBA8CC81FEE77F8AB09710F144165FA05FF281D6B099819B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A1A80 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 115COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E032A1A80(void* __eflags, intOrPtr _a4) {
				void _v4;
				void _v8;
				void _v12;
				long _v16;
				void _t30;
				int _t38;
				void _t40;
				void* _t50;
				void* _t51;
				void _t52;

				_t52 = _a4;
				_v12 = 0;
				_v8 = 0;
				_v4 = 0;
				_t50 = E032A1590(0);
				if(_t50 <= 0) {
					L6:
					_t51 = E032A1590(1);
					if(_t51 <= 0) {
						L11:
						return _v12;
					}
					_v16 = 4;
					if(DeviceIoControl(_t51, 0x222013,  &_v4, 4, 0, 0,  &_v16, 0) == 0) {
						L10:
						CloseHandle(_t51);
						goto L11;
					}
					_v16 = 4;
					_t30 = _t52 - _v8;
					_v12 = _t30;
					if(_t30 > _v4) {
						_v12 = 0;
						goto L10;
					}
					if(DeviceIoControl(_t51, 0x222017,  &_v12, 4, 0, 0,  &_v16, 0) != 0) {
						goto L10;
					}
					CloseHandle(_t51);
					return 0;
				} else {
					_v16 = 4;
					if(DeviceIoControl(_t50, 0x222013,  &_v8, 4, 0, 0,  &_v16, 0) != 0) {
						_v16 = 4;
						_v12 = _t52;
						_t38 = DeviceIoControl(_t50, 0x222017,  &_v12, 4, 0, 0,  &_v16, 0);
						_push(_t50);
						if(_t38 != 0) {
							CloseHandle();
							_t40 = _v12;
							if(_t40 != 0) {
								return _t40;
							} else {
								goto L6;
							}
						} else {
							CloseHandle();
							goto L6;
						}
					} else {
						CloseHandle(_t50);
						_v8 = 0;
						goto L6;
					}
				}
			}













                                                                                                                                  0x032a1a85
                                                                                                                                  0x032a1a8e
                                                                                                                                  0x032a1a92
                                                                                                                                  0x032a1a96
                                                                                                                                  0x032a1aa5
                                                                                                                                  0x032a1aac
                                                                                                                                  0x032a1b1c
                                                                                                                                  0x032a1b23
                                                                                                                                  0x032a1b2a
                                                                                                                                  0x032a1b72
                                                                                                                                  0x00000000
                                                                                                                                  0x032a1b72
                                                                                                                                  0x032a1b41
                                                                                                                                  0x032a1b4d
                                                                                                                                  0x032a1b6b
                                                                                                                                  0x032a1b6c
                                                                                                                                  0x00000000
                                                                                                                                  0x032a1b6c
                                                                                                                                  0x032a1b53
                                                                                                                                  0x032a1b5b
                                                                                                                                  0x032a1b61
                                                                                                                                  0x032a1b65
                                                                                                                                  0x032a1b67
                                                                                                                                  0x00000000
                                                                                                                                  0x032a1b67
                                                                                                                                  0x032a1b97
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032a1b9a
                                                                                                                                  0x032a1ba9
                                                                                                                                  0x032a1aae
                                                                                                                                  0x032a1ac3
                                                                                                                                  0x032a1acf
                                                                                                                                  0x032a1af3
                                                                                                                                  0x032a1afb
                                                                                                                                  0x032a1aff
                                                                                                                                  0x032a1b03
                                                                                                                                  0x032a1b04
                                                                                                                                  0x032a1b0e
                                                                                                                                  0x032a1b14
                                                                                                                                  0x032a1b1a
                                                                                                                                  0x032a1b7d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032a1b06
                                                                                                                                  0x032a1b06
                                                                                                                                  0x00000000
                                                                                                                                  0x032a1b06
                                                                                                                                  0x032a1ad1
                                                                                                                                  0x032a1ad2
                                                                                                                                  0x032a1ad8
                                                                                                                                  0x00000000
                                                                                                                                  0x032a1ad8
                                                                                                                                  0x032a1acf

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032A1590: CreateFileA.KERNELBASE(C0000000,C0000000,00000002,00000000,00000003,00000000,00000000,?,?,?,032A19D7,00000000,00005960,032AA3A6,00000000,00285F40), ref: 032A1614
                                                                                                                                  • DeviceIoControl.KERNEL32 ref: 032A1ACB
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032A1AD2
                                                                                                                                  • DeviceIoControl.KERNEL32 ref: 032A1AFF
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032A1B06
                                                                                                                                  • DeviceIoControl.KERNEL32 ref: 032A1B49
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032A1B6C
                                                                                                                                  • DeviceIoControl.KERNEL32 ref: 032A1B93
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032A1B9A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseControlDeviceHandle$CreateFile
                                                                                                                                  • String ID: @_(
                                                                                                                                  • API String ID: 2434903882-2270018995
                                                                                                                                  • Opcode ID: 3b619e8c952c59a8f5b77889d68071bb5e710ae6224f630222ddd9a656ff4610
                                                                                                                                  • Instruction ID: d3d2a2c34172f90c8516f355721923aff6436cda95892a8282d635f42d773001
                                                                                                                                  • Opcode Fuzzy Hash: 3b619e8c952c59a8f5b77889d68071bb5e710ae6224f630222ddd9a656ff4610
                                                                                                                                  • Instruction Fuzzy Hash: 653190B1515326BFE310EF58AD84EABB7ECEB84754F40091DF65092140E771ED5886B2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AF580 Relevance: 16.6, APIs: 11, Instructions: 139windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                  			E032AF580() {
				void* _t28;
				void* _t29;
				void* _t30;
				void* _t33;
				void* _t35;
				struct HICON__* _t38;
				void* _t40;
				void* _t42;
				void* _t44;
				void* _t46;
				signed int _t52;
				signed int _t57;
				signed int _t59;
				signed int _t61;
				signed int _t63;
				signed int _t65;
				void** _t66;
				void* _t67;
				void** _t71;

				_t72 =  *0x32efc68;
				if( *0x32efc68 != 0) {
					E032B6D80(_t72);
					_push(0x18);
					E032BD9CE(_t72);
					 *0x32efc68 = 0;
				}
				_t57 =  *0x32ef440 - 1;
				if(_t57 < 0) {
					L7:
					_t59 =  *0x32ef444 - 1;
					if(_t59 < 0) {
						L12:
						_t61 =  *0x32ef448 - 1;
						if(_t61 < 0) {
							L17:
							_t63 =  *0x32ef44c - 1;
							if(_t63 < 0) {
								L22:
								_t52 =  *0x32ef450 - 1;
								if(_t52 < 0) {
									L28:
									_t65 =  *0x32ef454 - 1;
									if(_t65 < 0) {
										L33:
										 *0x32ef454 = 0;
										_t66 = 0x32efc70;
										 *0x32ef450 = 0;
										 *0x32ef44c = 0;
										 *0x32ef448 = 0;
										 *0x32ef444 = 0;
										 *0x32ef440 = 0;
										do {
											_t28 =  *_t66;
											if(_t28 != 0) {
												GlobalFree(_t28);
												 *_t66 = 0;
											}
											_t66 =  &(_t66[1]);
										} while (_t66 < 0x32efcb8);
										_t67 = 0;
										do {
											_t29 =  *(_t67 + 0x32ef858);
											 *(_t67 + 0x32ef458) = 0;
											if(_t29 != 0) {
												GlobalFree(_t29);
												 *(_t67 + 0x32ef858) = 0;
											}
											_t67 = _t67 + 4;
										} while (_t67 < 0x400);
										_t30 =  *0x32ee21c;
										if(_t30 != 0) {
											_t30 = GlobalFree(_t30);
											 *0x32ee21c = 0;
										}
										 *0x32efc58 = 0;
										 *0x32efc5c = 0;
										return _t30;
									}
									do {
										_t33 =  *(0x32ef240 + _t65 * 4);
										if(_t33 != 0) {
											GlobalFree(_t33);
											 *(0x32ef240 + _t65 * 4) = 0;
										}
										_t65 = _t65 - 1;
									} while (_t65 >= 0);
									goto L33;
								}
								_t71 = (_t52 << 4) + 0x32eea4c;
								do {
									_t35 =  *(_t71 - 4);
									if(_t35 != 0) {
										GlobalFree(_t35);
										 *(_t71 - 4) = 0;
										GlobalFree( *_t71);
										_t38 =  *(_t71 - 8);
										 *_t71 = 0;
										if(_t38 != 0) {
											DestroyIcon(_t38);
											 *(_t71 - 8) = 0;
										}
									}
									_t71 = _t71 - 0x10;
									_t52 = _t52 - 1;
								} while (_t52 >= 0);
								goto L28;
							}
							do {
								_t40 =  *(0x32ee840 + _t63 * 4);
								if(_t40 != 0) {
									GlobalFree(_t40);
									 *(0x32ee840 + _t63 * 4) = 0;
								}
								_t63 = _t63 - 1;
							} while (_t63 >= 0);
							goto L22;
						}
						do {
							_t42 =  *(0x32ee640 + _t61 * 4);
							if(_t42 != 0) {
								GlobalFree(_t42);
								 *(0x32ee640 + _t61 * 4) = 0;
							}
							_t61 = _t61 - 1;
						} while (_t61 >= 0);
						goto L17;
					}
					do {
						_t44 =  *(0x32ee440 + _t59 * 4);
						if(_t44 != 0) {
							GlobalFree(_t44);
							 *(0x32ee440 + _t59 * 4) = 0;
						}
						_t59 = _t59 - 1;
					} while (_t59 >= 0);
					goto L12;
				} else {
					do {
						_t46 =  *(0x32ee240 + _t57 * 4);
						if(_t46 != 0) {
							GlobalFree(_t46);
							 *(0x32ee240 + _t57 * 4) = 0;
						}
						_t57 = _t57 - 1;
					} while (_t57 >= 0);
					goto L7;
				}
			}






















                                                                                                                                  0x032af581
                                                                                                                                  0x032af589
                                                                                                                                  0x032af58d
                                                                                                                                  0x032af592
                                                                                                                                  0x032af595
                                                                                                                                  0x032af59d
                                                                                                                                  0x032af59d
                                                                                                                                  0x032af5b4
                                                                                                                                  0x032af5b7
                                                                                                                                  0x032af5de
                                                                                                                                  0x032af5e4
                                                                                                                                  0x032af5e7
                                                                                                                                  0x032af60e
                                                                                                                                  0x032af614
                                                                                                                                  0x032af617
                                                                                                                                  0x032af63e
                                                                                                                                  0x032af644
                                                                                                                                  0x032af647
                                                                                                                                  0x032af66e
                                                                                                                                  0x032af675
                                                                                                                                  0x032af678
                                                                                                                                  0x032af6bd
                                                                                                                                  0x032af6c3
                                                                                                                                  0x032af6c7
                                                                                                                                  0x032af6ee
                                                                                                                                  0x032af6ee
                                                                                                                                  0x032af6f8
                                                                                                                                  0x032af6fd
                                                                                                                                  0x032af707
                                                                                                                                  0x032af711
                                                                                                                                  0x032af71b
                                                                                                                                  0x032af725
                                                                                                                                  0x032af730
                                                                                                                                  0x032af730
                                                                                                                                  0x032af734
                                                                                                                                  0x032af737
                                                                                                                                  0x032af739
                                                                                                                                  0x032af739
                                                                                                                                  0x032af73f
                                                                                                                                  0x032af742
                                                                                                                                  0x032af74a
                                                                                                                                  0x032af750
                                                                                                                                  0x032af750
                                                                                                                                  0x032af756
                                                                                                                                  0x032af762
                                                                                                                                  0x032af765
                                                                                                                                  0x032af767
                                                                                                                                  0x032af767
                                                                                                                                  0x032af771
                                                                                                                                  0x032af774
                                                                                                                                  0x032af77c
                                                                                                                                  0x032af784
                                                                                                                                  0x032af787
                                                                                                                                  0x032af789
                                                                                                                                  0x032af789
                                                                                                                                  0x032af793
                                                                                                                                  0x032af79d
                                                                                                                                  0x032af7a8
                                                                                                                                  0x032af7a8
                                                                                                                                  0x032af6d0
                                                                                                                                  0x032af6d0
                                                                                                                                  0x032af6d9
                                                                                                                                  0x032af6dc
                                                                                                                                  0x032af6de
                                                                                                                                  0x032af6de
                                                                                                                                  0x032af6e9
                                                                                                                                  0x032af6e9
                                                                                                                                  0x00000000
                                                                                                                                  0x032af6d0
                                                                                                                                  0x032af67f
                                                                                                                                  0x032af685
                                                                                                                                  0x032af685
                                                                                                                                  0x032af68a
                                                                                                                                  0x032af68d
                                                                                                                                  0x032af691
                                                                                                                                  0x032af698
                                                                                                                                  0x032af69a
                                                                                                                                  0x032af69d
                                                                                                                                  0x032af6a5
                                                                                                                                  0x032af6a8
                                                                                                                                  0x032af6ae
                                                                                                                                  0x032af6ae
                                                                                                                                  0x032af6a5
                                                                                                                                  0x032af6b5
                                                                                                                                  0x032af6b8
                                                                                                                                  0x032af6b8
                                                                                                                                  0x00000000
                                                                                                                                  0x032af685
                                                                                                                                  0x032af650
                                                                                                                                  0x032af650
                                                                                                                                  0x032af659
                                                                                                                                  0x032af65c
                                                                                                                                  0x032af65e
                                                                                                                                  0x032af65e
                                                                                                                                  0x032af669
                                                                                                                                  0x032af669
                                                                                                                                  0x00000000
                                                                                                                                  0x032af650
                                                                                                                                  0x032af620
                                                                                                                                  0x032af620
                                                                                                                                  0x032af629
                                                                                                                                  0x032af62c
                                                                                                                                  0x032af62e
                                                                                                                                  0x032af62e
                                                                                                                                  0x032af639
                                                                                                                                  0x032af639
                                                                                                                                  0x00000000
                                                                                                                                  0x032af620
                                                                                                                                  0x032af5f0
                                                                                                                                  0x032af5f0
                                                                                                                                  0x032af5f9
                                                                                                                                  0x032af5fc
                                                                                                                                  0x032af5fe
                                                                                                                                  0x032af5fe
                                                                                                                                  0x032af609
                                                                                                                                  0x032af609
                                                                                                                                  0x00000000
                                                                                                                                  0x032af5c0
                                                                                                                                  0x032af5c0
                                                                                                                                  0x032af5c0
                                                                                                                                  0x032af5c9
                                                                                                                                  0x032af5cc
                                                                                                                                  0x032af5ce
                                                                                                                                  0x032af5ce
                                                                                                                                  0x032af5d9
                                                                                                                                  0x032af5d9
                                                                                                                                  0x00000000
                                                                                                                                  0x032af5c0

                                                                                                                                  APIs
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF5CC
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF5FC
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF62C
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF65C
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF68D
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF698
                                                                                                                                  • DestroyIcon.USER32(?), ref: 032AF6A8
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF6DC
                                                                                                                                    • Part of subcall function 032B6D80: CloseServiceHandle.ADVAPI32(?,?,032AF592,7477D2B0,032AFFD5,032B077F), ref: 032B6DA9
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF737
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF765
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF787
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeGlobal$CloseDestroyHandleIconService
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1945855546-0
                                                                                                                                  • Opcode ID: d2edb6c38edb1793d5c06c89d94813723b39a6cde4fc0e599cc2d2cb2416bc15
                                                                                                                                  • Instruction ID: 76d882ddae3842ea5b79595c0a424713bce68004d812d230ab98280a81ba487d
                                                                                                                                  • Opcode Fuzzy Hash: d2edb6c38edb1793d5c06c89d94813723b39a6cde4fc0e599cc2d2cb2416bc15
                                                                                                                                  • Instruction Fuzzy Hash: 8D51AFB7A20612BBE700EF2CFF4D706BBADAB41740F1B4115C9149F258CB78E5848B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AEAC0 Relevance: 16.6, APIs: 10, Strings: 1, Instructions: 106stringmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E032AEAC0(intOrPtr* _a4, intOrPtr _a8) {
				void* _t10;
				void* _t46;
				void* _t47;
				void* _t48;
				intOrPtr* _t49;
				void** _t50;
				void* _t51;
				void _t52;
				void _t53;
				void _t54;

				_t49 = _a4;
				_t10 = E032B88B0( *_t49);
				if(_t10 != 0) {
					L10:
					return 1;
				} else {
					if( *0x32efcd4 != _t10) {
						_t53 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t3 = _t53 + 4; // 0x4
						lstrcpynA(_t3, _t49 + 0x108,  *0x32efcd0);
						_t47 =  *0x32efcd4;
						 *_t53 =  *_t47;
						 *_t47 = _t53;
						_t54 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t5 = _t54 + 4; // 0x4
						lstrcpynA(_t5, _t49 + 0x210,  *0x32efcd0);
						_t48 =  *0x32efcd4;
						 *_t54 =  *_t48;
						 *_t48 = _t54;
					}
					wsprintfA(0x32efcdc, "%u",  *_t49);
					if( *0x32efcd4 != 0) {
						_t52 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t6 = _t52 + 4; // 0x4
						lstrcpynA(_t6, 0x32efcdc,  *0x32efcd0);
						_t46 =  *0x32efcd4;
						 *_t52 =  *_t46;
						 *_t46 = _t52;
					}
					_push( *0x32efccc);
					_push(_a8);
					if( *((intOrPtr*)( *((intOrPtr*)( *0x32ee1d8 + 4))))() != 0) {
						L9:
						return 0;
					} else {
						_t50 =  *0x32efcd4;
						if(_t50 == 0) {
							goto L9;
						} else {
							_t51 =  *_t50;
							if(_t51 == 0) {
								goto L9;
							} else {
								lstrcpyA(0x32efcdc, _t51 + 4);
								 *( *0x32efcd4) =  *_t51;
								GlobalFree(_t51);
								if(lstrcmpiA(0x32efcdc, "true") == 0) {
									goto L10;
								} else {
									goto L9;
								}
							}
						}
					}
				}
			}













                                                                                                                                  0x032aeac5
                                                                                                                                  0x032aeaca
                                                                                                                                  0x032aead4
                                                                                                                                  0x032aebff
                                                                                                                                  0x032aec06
                                                                                                                                  0x032aeada
                                                                                                                                  0x032aeae7
                                                                                                                                  0x032aeafc
                                                                                                                                  0x032aeb05
                                                                                                                                  0x032aeb09
                                                                                                                                  0x032aeb0f
                                                                                                                                  0x032aeb20
                                                                                                                                  0x032aeb24
                                                                                                                                  0x032aeb2e
                                                                                                                                  0x032aeb37
                                                                                                                                  0x032aeb3b
                                                                                                                                  0x032aeb41
                                                                                                                                  0x032aeb49
                                                                                                                                  0x032aeb4b
                                                                                                                                  0x032aeb4b
                                                                                                                                  0x032aeb59
                                                                                                                                  0x032aeb69
                                                                                                                                  0x032aeb7e
                                                                                                                                  0x032aeb85
                                                                                                                                  0x032aeb89
                                                                                                                                  0x032aeb8f
                                                                                                                                  0x032aeb97
                                                                                                                                  0x032aeb99
                                                                                                                                  0x032aeb99
                                                                                                                                  0x032aeba0
                                                                                                                                  0x032aeba6
                                                                                                                                  0x032aebb1
                                                                                                                                  0x032aebf7
                                                                                                                                  0x032aebfb
                                                                                                                                  0x032aebb3
                                                                                                                                  0x032aebb3
                                                                                                                                  0x032aebbb
                                                                                                                                  0x00000000
                                                                                                                                  0x032aebbd
                                                                                                                                  0x032aebbd
                                                                                                                                  0x032aebc1
                                                                                                                                  0x00000000
                                                                                                                                  0x032aebc3
                                                                                                                                  0x032aebcc
                                                                                                                                  0x032aebda
                                                                                                                                  0x032aebdc
                                                                                                                                  0x032aebf4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032aebf4
                                                                                                                                  0x032aebc1
                                                                                                                                  0x032aebbb
                                                                                                                                  0x032aebb1

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032AEAF4
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,?), ref: 032AEB09
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032AEB26
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,?), ref: 032AEB3B
                                                                                                                                  • wsprintfA.USER32 ref: 032AEB59
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032AEB76
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,032EFCDC), ref: 032AEB89
                                                                                                                                  • lstrcpyA.KERNEL32(032EFCDC,?), ref: 032AEBCC
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AEBDC
                                                                                                                                  • lstrcmpiA.KERNEL32(032EFCDC,true), ref: 032AEBEC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloclstrcpyn$Freelstrcmpilstrcpywsprintf
                                                                                                                                  • String ID: true
                                                                                                                                  • API String ID: 2797794814-4261170317
                                                                                                                                  • Opcode ID: 40c40856f79f4d181f38cb44ba0ad67292933b00b3a26c2692a9a9dcf040cb4b
                                                                                                                                  • Instruction ID: ea3c8aae6b9e28ca6e34dca4f18f6a1a4a3c5074e207ee0f1f8e4cbd1285d33a
                                                                                                                                  • Opcode Fuzzy Hash: 40c40856f79f4d181f38cb44ba0ad67292933b00b3a26c2692a9a9dcf040cb4b
                                                                                                                                  • Instruction Fuzzy Hash: 9C41A276251221FFC310EF68F94ED5AB7A8FF55700B168419FD069B318DB32A890CB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A4BB0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 60libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 46%
                                                                                                                                  			E032A4BB0(void* __edi) {
				char _v4;
				char _v8;
				intOrPtr _v16;
				intOrPtr _v24;
				intOrPtr _v28;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t21;
				struct HINSTANCE__* _t30;
				void* _t31;

				_t31 =  &_v8;
				_v8 = 0;
				_v4 = 0;
				_t30 = LoadLibraryA("wtsapi32.dll");
				if(_t30 == 0) {
					L8:
					if(_v8 == 0) {
						_push(GetLastError());
						E032A3960(_t14);
					}
					if(_t30 != 0) {
						FreeLibrary(_t30);
					}
					return _v4;
				}
				_t16 = GetProcAddress(_t30, "WTSQuerySessionInformationA");
				if(_t16 != 0) {
					_push( &_v4);
					_push( &_v8);
					_push(5);
					_push(0xffffffff);
					_push(0);
					if( *_t16() != 0) {
						_t18 = _v24;
						if(_v24 > 0x20) {
							_t18 = 0x20;
						}
						E032C6BF0(_v16, _v28, _t18);
						_t31 = _t31 + 0xc;
						_t21 = GetProcAddress(_t30, "WTSFreeMemory");
						if(_t21 != 0) {
							 *_t21(_v28);
						}
					}
				}
				goto L8;
			}












                                                                                                                                  0x032a4bb0
                                                                                                                                  0x032a4bb9
                                                                                                                                  0x032a4bc1
                                                                                                                                  0x032a4bcf
                                                                                                                                  0x032a4bd3
                                                                                                                                  0x032a4c33
                                                                                                                                  0x032a4c38
                                                                                                                                  0x032a4c40
                                                                                                                                  0x032a4c41
                                                                                                                                  0x032a4c46
                                                                                                                                  0x032a4c4b
                                                                                                                                  0x032a4c4e
                                                                                                                                  0x032a4c4e
                                                                                                                                  0x032a4c5c
                                                                                                                                  0x032a4c5c
                                                                                                                                  0x032a4be2
                                                                                                                                  0x032a4be6
                                                                                                                                  0x032a4bec
                                                                                                                                  0x032a4bf1
                                                                                                                                  0x032a4bf2
                                                                                                                                  0x032a4bf4
                                                                                                                                  0x032a4bf6
                                                                                                                                  0x032a4bfc
                                                                                                                                  0x032a4bfe
                                                                                                                                  0x032a4c05
                                                                                                                                  0x032a4c07
                                                                                                                                  0x032a4c07
                                                                                                                                  0x032a4c17
                                                                                                                                  0x032a4c1c
                                                                                                                                  0x032a4c25
                                                                                                                                  0x032a4c29
                                                                                                                                  0x032a4c30
                                                                                                                                  0x032a4c30
                                                                                                                                  0x032a4c29
                                                                                                                                  0x032a4bfc
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32 ref: 032A4BC9
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,WTSQuerySessionInformationA), ref: 032A4BE2
                                                                                                                                  • _strncpy.LIBCMT ref: 032A4C17
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,WTSFreeMemory), ref: 032A4C25
                                                                                                                                  • GetLastError.KERNEL32 ref: 032A4C3A
                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 032A4C4E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressLibraryProc$ErrorFreeLastLoad_strncpy
                                                                                                                                  • String ID: WTSFreeMemory$WTSQuerySessionInformationA$wtsapi32.dll
                                                                                                                                  • API String ID: 2054079861-1615994258
                                                                                                                                  • Opcode ID: bfafa51e6155aca150d7089260727ea1b7ec198e5392e8f0b5776699d608c669
                                                                                                                                  • Instruction ID: 3736682ed4c9549cde76cfd42e0c848353deaca10f1baa5f051a4438879ab1a9
                                                                                                                                  • Opcode Fuzzy Hash: bfafa51e6155aca150d7089260727ea1b7ec198e5392e8f0b5776699d608c669
                                                                                                                                  • Instruction Fuzzy Hash: 1511E0769197226FD210F659EC08F5FB7A8AFC0B10F088518F56896284D7B4D485CBA2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BAA90 Relevance: 15.1, APIs: 10, Instructions: 140memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 51%
                                                                                                                                  			E032BAA90(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, char _a12) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				void* _v24;
				void* _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t44;
				char* _t46;
				char _t54;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t73;
				void* _t75;
				intOrPtr* _t79;
				intOrPtr* _t81;
				intOrPtr* _t88;
				void* _t91;
				void* _t94;
				intOrPtr _t95;
				void* _t97;
				signed int _t100;

				_t44 =  *0x32ed474; // 0x444d31ba
				_t46 =  &_v16;
				 *[fs:0x0] = _t46;
				_v20 = _t100 - 0x30;
				_v24 = 0;
				_v28 = 0;
				_v8 = 0;
				__imp__#2(_a12, _t44 ^ _t100, _t91, _t94, _t75,  *[fs:0x0], E032DBCA0, 0xffffffff, _t97);
				_t95 = _t46;
				_v60 = _t95;
				__imp__#7(_t95);
				if(_t46 == 0) {
					_v32 = 0xb;
					E032C00D4( &_v32, 0x32e8f54);
					L19:
					_v36 = 1;
					E032C00D4( &_v36, 0x32e8f54);
					L20:
					_v40 = 0x1c;
					E032C00D4( &_v40, 0x32e8f54);
					L21:
					_v44 = 0x1e;
					_t54 = E032C00D4( &_v44, 0x32e8f54);
					L22:
					_v48 = _t54;
					E032C00D4( &_v48, 0x32e8f54);
					L23:
					_v52 = 0x10;
					E032C00D4( &_v52, 0x32e8f54);
					L24:
					_v56 = 0xf;
					E032C00D4( &_v56, 0x32e8f54);
					asm("int3");
					return GetFileVersionInfoSizeA();
				}
				if( *((intOrPtr*)(__ecx)) == 0) {
					goto L19;
				}
				_t79 =  *((intOrPtr*)(__ecx + 4));
				if(_t79 == 0) {
					_t54 = E032BA630(0, __ecx, __ecx, _t95, _a4, _a8, _t95,  &_a12);
					if(_t54 != 0) {
						goto L22;
					}
					if(_a12 == 1) {
						_t67 =  *((intOrPtr*)(__ecx));
						_push( &_v24);
						_push(_t67);
						if( *((intOrPtr*)( *_t67 + 0x48))() < 0) {
							goto L23;
						}
						_t69 = _v24;
						_push(_a8);
						_push(_a4);
						_push(_t69);
						if( *((intOrPtr*)( *_t69 + 0x24))() < 0) {
							goto L24;
						}
					}
				} else {
					_push( &_v28);
					_push(_t79);
					if( *((intOrPtr*)( *_t79 + 0x48))() < 0) {
						goto L20;
					}
					_t73 = _v28;
					_push(_t95);
					_push(_t73);
					if( *((intOrPtr*)( *_t73 + 0x24))() < 0) {
						goto L21;
					}
				}
				_v8 = 0xffffffff;
				if(_t95 != 0) {
					__imp__#6(_t95);
				}
				_t81 = _v24;
				if(_t81 != 0) {
					 *((intOrPtr*)( *_t81 + 8))(_t81);
				}
				_t88 = _v28;
				if(_t88 != 0) {
					 *((intOrPtr*)( *_t88 + 8))(_t88);
				}
				 *[fs:0x0] = _v16;
				return 0;
			}



































                                                                                                                                  0x032baaa7
                                                                                                                                  0x032baaaf
                                                                                                                                  0x032baab2
                                                                                                                                  0x032baab8
                                                                                                                                  0x032baac2
                                                                                                                                  0x032baac5
                                                                                                                                  0x032baac8
                                                                                                                                  0x032baacb
                                                                                                                                  0x032baad1
                                                                                                                                  0x032baad4
                                                                                                                                  0x032baad7
                                                                                                                                  0x032baadf
                                                                                                                                  0x032babc3
                                                                                                                                  0x032babcb
                                                                                                                                  0x032babd0
                                                                                                                                  0x032babd8
                                                                                                                                  0x032babe0
                                                                                                                                  0x032babe5
                                                                                                                                  0x032babed
                                                                                                                                  0x032babf5
                                                                                                                                  0x032babfa
                                                                                                                                  0x032bac02
                                                                                                                                  0x032bac0a
                                                                                                                                  0x032bac0f
                                                                                                                                  0x032bac0f
                                                                                                                                  0x032bac1b
                                                                                                                                  0x032bac20
                                                                                                                                  0x032bac28
                                                                                                                                  0x032bac30
                                                                                                                                  0x032bac35
                                                                                                                                  0x032bac3d
                                                                                                                                  0x032bac45
                                                                                                                                  0x032bac4a
                                                                                                                                  0x032bac4b
                                                                                                                                  0x032bac4b
                                                                                                                                  0x032baae7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032baaed
                                                                                                                                  0x032baaf2
                                                                                                                                  0x032bab27
                                                                                                                                  0x032bab2e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bab38
                                                                                                                                  0x032bab3a
                                                                                                                                  0x032bab3f
                                                                                                                                  0x032bab40
                                                                                                                                  0x032bab48
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bab4e
                                                                                                                                  0x032bab51
                                                                                                                                  0x032bab54
                                                                                                                                  0x032bab59
                                                                                                                                  0x032bab5f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bab65
                                                                                                                                  0x032baaf4
                                                                                                                                  0x032baaf9
                                                                                                                                  0x032baafa
                                                                                                                                  0x032bab00
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bab06
                                                                                                                                  0x032bab09
                                                                                                                                  0x032bab0a
                                                                                                                                  0x032bab12
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bab18
                                                                                                                                  0x032bab79
                                                                                                                                  0x032bab82
                                                                                                                                  0x032bab85
                                                                                                                                  0x032bab85
                                                                                                                                  0x032bab8b
                                                                                                                                  0x032bab90
                                                                                                                                  0x032bab95
                                                                                                                                  0x032bab95
                                                                                                                                  0x032bab98
                                                                                                                                  0x032bab9d
                                                                                                                                  0x032baba2
                                                                                                                                  0x032baba2
                                                                                                                                  0x032babaa
                                                                                                                                  0x032babb8

                                                                                                                                  APIs
                                                                                                                                  • SysAllocString.OLEAUT32(444D31BA), ref: 032BAACB
                                                                                                                                  • SysStringLen.OLEAUT32(00000000), ref: 032BAAD7
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 032BAB85
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BABCB
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BABE0
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BABF5
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BAC0A
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BAC1B
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BAC30
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BAC45
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw$String$AllocFree
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2081006091-0
                                                                                                                                  • Opcode ID: a172ceed3a410d700868cf13eb0c922276c092f89093c8dc3f1ae78d9f618633
                                                                                                                                  • Instruction ID: b289113f29a9d5056b1beb9d7335213c56c1a09b56ed68917ff025ea25044cc5
                                                                                                                                  • Opcode Fuzzy Hash: a172ceed3a410d700868cf13eb0c922276c092f89093c8dc3f1ae78d9f618633
                                                                                                                                  • Instruction Fuzzy Hash: 39513CB4A20309AFCB20DFA5C988EDEBBB9FF08754F504529E925A7200D775D984CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AD450 Relevance: 15.1, APIs: 10, Instructions: 102windowstringmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032AD450(CHAR* _a4, intOrPtr _a8, CHAR* _a12, intOrPtr _a16, struct HICON__* _a20, intOrPtr* _a24) {
				intOrPtr _v32;
				int _v36;
				intOrPtr _v40;
				CHAR* _v44;
				long _v48;
				long _v52;
				int _v56;
				long _v60;
				void* _v64;
				intOrPtr* _t35;
				long _t37;
				int _t52;
				CHAR* _t53;
				intOrPtr _t58;
				CHAR* _t61;
				struct HICON__* _t62;
				signed int _t67;

				_t35 = _a24;
				_t61 = _a4;
				if( *((intOrPtr*)(_t35 + 4)) != 0) {
					L7:
					_v64 = 7;
					_v44 = _t61;
					_v40 = _a8;
					_t37 = SendMessageA( *0x32ee1e0, 0x1004, 0, 0);
					_t62 = _a20;
					_v60 = _t37 - 1;
					_v56 = 0;
					_v32 = _a24;
					_v52 = 0;
					_v48 = 0;
					if(_t62 == 0) {
						_v36 = 2;
					} else {
						_v36 = ImageList_ReplaceIcon(SendMessageA( *0x32ee1e0, 0x1002, 1, 0), 0xffffffff, _t62);
						DestroyIcon(_t62);
					}
					_v60 = SendMessageA( *0x32ee1e0, 0x1007, 0,  &_v64);
					_v44 = _a12;
					_v40 = _a16;
					_v64 = 1;
					_v56 = 1;
					SendMessageA( *0x32ee1e0, 0x1006, 0,  &_v64);
					SendMessageA( *0x32ee1e0, 0x1013,  *0x32efc58, 0);
				} else {
					_t67 = 0;
					_t58 =  *((intOrPtr*)( *_t35 + 4));
					_t52 =  *0x32efc58;
					if(_t52 == 0) {
						L6:
						 *((intOrPtr*)(0x32ef458 + _t52 * 4)) = _t58;
						_t53 = GlobalAlloc(0x40,  *0x32efcd0);
						 *(0x32ef858 +  *0x32efc58 * 4) = _t53;
						lstrcpyA(_t53, _t61);
						 *0x32efc58 =  *0x32efc58 + 1;
						goto L7;
					} else {
						do {
							if( *((intOrPtr*)(0x32ef458 + _t67 * 4)) != _t58) {
								goto L5;
							} else {
								if(lstrcmpA( *(0x32ef858 + _t67 * 4), _t61) != 0) {
									_t52 =  *0x32efc58;
									goto L5;
								}
							}
							goto L11;
							L5:
							_t67 = _t67 + 1;
						} while (_t67 < _t52);
						goto L6;
					}
				}
				L11:
				return 1;
			}




















                                                                                                                                  0x032ad453
                                                                                                                                  0x032ad460
                                                                                                                                  0x032ad463
                                                                                                                                  0x032ad4ce
                                                                                                                                  0x032ad4e6
                                                                                                                                  0x032ad4ed
                                                                                                                                  0x032ad4f0
                                                                                                                                  0x032ad4f3
                                                                                                                                  0x032ad4f5
                                                                                                                                  0x032ad4f9
                                                                                                                                  0x032ad4ff
                                                                                                                                  0x032ad506
                                                                                                                                  0x032ad509
                                                                                                                                  0x032ad510
                                                                                                                                  0x032ad519
                                                                                                                                  0x032ad542
                                                                                                                                  0x032ad51b
                                                                                                                                  0x032ad537
                                                                                                                                  0x032ad53a
                                                                                                                                  0x032ad53a
                                                                                                                                  0x032ad55c
                                                                                                                                  0x032ad562
                                                                                                                                  0x032ad568
                                                                                                                                  0x032ad57c
                                                                                                                                  0x032ad583
                                                                                                                                  0x032ad58a
                                                                                                                                  0x032ad59f
                                                                                                                                  0x032ad465
                                                                                                                                  0x032ad467
                                                                                                                                  0x032ad469
                                                                                                                                  0x032ad46c
                                                                                                                                  0x032ad473
                                                                                                                                  0x032ad49e
                                                                                                                                  0x032ad4a4
                                                                                                                                  0x032ad4ad
                                                                                                                                  0x032ad4bb
                                                                                                                                  0x032ad4c2
                                                                                                                                  0x032ad4c8
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad475
                                                                                                                                  0x032ad475
                                                                                                                                  0x032ad47c
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad47e
                                                                                                                                  0x032ad48e
                                                                                                                                  0x032ad494
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad494
                                                                                                                                  0x032ad48e
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad499
                                                                                                                                  0x032ad499
                                                                                                                                  0x032ad49a
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad475
                                                                                                                                  0x032ad473
                                                                                                                                  0x032ad5a1
                                                                                                                                  0x032ad5ac

                                                                                                                                  APIs
                                                                                                                                  • lstrcmpA.KERNEL32(00000000,?,?,?,?,?,?,032AD411,?,00000400,?,0000000C,00000000,00000000,?,0000000C), ref: 032AD486
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,032AD411,?,00000400,?,0000000C,00000000,00000000,?,0000000C), ref: 032AD4AD
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,00000000,?,?,?,032AD411,?,00000400,?,0000000C,00000000,00000000,?,0000000C), ref: 032AD4C2
                                                                                                                                  • SendMessageA.USER32 ref: 032AD4F3
                                                                                                                                  • SendMessageA.USER32 ref: 032AD52A
                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(00000000,000000FF,00000000), ref: 032AD530
                                                                                                                                  • DestroyIcon.USER32(00000000), ref: 032AD53A
                                                                                                                                  • SendMessageA.USER32 ref: 032AD55A
                                                                                                                                  • SendMessageA.USER32 ref: 032AD58A
                                                                                                                                  • SendMessageA.USER32 ref: 032AD59F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Icon$AllocDestroyGlobalImageList_Replacelstrcmplstrcpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2189153160-0
                                                                                                                                  • Opcode ID: 4493f0d7e6cb904ca5444ca7b33076382dc55b832962685554e515106d195025
                                                                                                                                  • Instruction ID: 107e2e0bb97355ed33645859219e7b0c3977b116086b52b0559f535177b4ba24
                                                                                                                                  • Opcode Fuzzy Hash: 4493f0d7e6cb904ca5444ca7b33076382dc55b832962685554e515106d195025
                                                                                                                                  • Instruction Fuzzy Hash: DF413E75900218BFDB11EF99F849F89BBB9FB08710F15811AF904AB294C7B5A990CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032CA2AB Relevance: 15.1, APIs: 10, Instructions: 70COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 77%
                                                                                                                                  			E032CA2AB(void* __edx, void* __esi, char _a4) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				intOrPtr _t67;
				void* _t71;
				void* _t72;

				_t72 = __esi;
				_t71 = __edx;
				_t36 = _a4;
				_t67 =  *_a4;
				_t76 = _t67 - 0x32e0df0;
				if(_t67 != 0x32e0df0) {
					E032C9EFA(_t67);
					_t36 = _a4;
				}
				E032C9EFA( *((intOrPtr*)(_t36 + 0x3c)));
				E032C9EFA( *((intOrPtr*)(_a4 + 0x30)));
				E032C9EFA( *((intOrPtr*)(_a4 + 0x34)));
				E032C9EFA( *((intOrPtr*)(_a4 + 0x38)));
				E032C9EFA( *((intOrPtr*)(_a4 + 0x28)));
				E032C9EFA( *((intOrPtr*)(_a4 + 0x2c)));
				E032C9EFA( *((intOrPtr*)(_a4 + 0x40)));
				E032C9EFA( *((intOrPtr*)(_a4 + 0x44)));
				E032C9EFA( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E032CA0F3( &_v5, _t71, _t76);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E032CA154( &_v5, _t71, _t72, _t76);
			}













                                                                                                                                  0x032ca2ab
                                                                                                                                  0x032ca2ab
                                                                                                                                  0x032ca2b0
                                                                                                                                  0x032ca2b6
                                                                                                                                  0x032ca2b8
                                                                                                                                  0x032ca2be
                                                                                                                                  0x032ca2c1
                                                                                                                                  0x032ca2c6
                                                                                                                                  0x032ca2c9
                                                                                                                                  0x032ca2cd
                                                                                                                                  0x032ca2d8
                                                                                                                                  0x032ca2e3
                                                                                                                                  0x032ca2ee
                                                                                                                                  0x032ca2f9
                                                                                                                                  0x032ca304
                                                                                                                                  0x032ca30f
                                                                                                                                  0x032ca31a
                                                                                                                                  0x032ca328
                                                                                                                                  0x032ca333
                                                                                                                                  0x032ca33b
                                                                                                                                  0x032ca33c
                                                                                                                                  0x032ca33f
                                                                                                                                  0x032ca345
                                                                                                                                  0x032ca349
                                                                                                                                  0x032ca34d
                                                                                                                                  0x032ca34e
                                                                                                                                  0x032ca358
                                                                                                                                  0x032ca35e
                                                                                                                                  0x032ca35f
                                                                                                                                  0x032ca362
                                                                                                                                  0x032ca368
                                                                                                                                  0x032ca36c
                                                                                                                                  0x032ca370
                                                                                                                                  0x032ca379

                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 032CA2C1
                                                                                                                                    • Part of subcall function 032C9EFA: HeapFree.KERNEL32(00000000,00000000,?,032D3D83,032ED830,00000000,032ED830,?,?,032D4028,032ED830,00000007,032ED830,?,032D3341,032ED830), ref: 032C9F10
                                                                                                                                    • Part of subcall function 032C9EFA: GetLastError.KERNEL32(032ED830,?,032D3D83,032ED830,00000000,032ED830,?,?,032D4028,032ED830,00000007,032ED830,?,032D3341,032ED830,032ED830), ref: 032C9F22
                                                                                                                                  • _free.LIBCMT ref: 032CA2CD
                                                                                                                                  • _free.LIBCMT ref: 032CA2D8
                                                                                                                                  • _free.LIBCMT ref: 032CA2E3
                                                                                                                                  • _free.LIBCMT ref: 032CA2EE
                                                                                                                                  • _free.LIBCMT ref: 032CA2F9
                                                                                                                                  • _free.LIBCMT ref: 032CA304
                                                                                                                                  • _free.LIBCMT ref: 032CA30F
                                                                                                                                  • _free.LIBCMT ref: 032CA31A
                                                                                                                                  • _free.LIBCMT ref: 032CA328
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 25036ba58faad1e9640058ea429d0782bb9aa79f0149831f4c8c27fe51926d2c
                                                                                                                                  • Instruction ID: 4363b5aaacad11f6317c42eb14f8faf319cb0e8577b1fe3a50083fe5194919e2
                                                                                                                                  • Opcode Fuzzy Hash: 25036ba58faad1e9640058ea429d0782bb9aa79f0149831f4c8c27fe51926d2c
                                                                                                                                  • Instruction Fuzzy Hash: 4021AA7A920258EFCB41EF98C890DDD7BB9EF19350F00825AE5159F520EB72DAD58B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032ABBA0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 145COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 73%
                                                                                                                                  			E032ABBA0(void* __ebx, void* __edi, void* __esi) {
				void* __ebp;
				signed int _t34;
				void* _t37;
				void* _t40;
				int _t42;
				void* _t43;
				void* _t48;
				intOrPtr* _t50;
				char* _t51;
				void* _t56;
				char* _t59;
				void* _t64;
				void* _t65;
				void* _t66;
				struct HWND__* _t67;
				char _t72;
				void* _t73;
				int _t78;
				void* _t82;
				char _t83;
				char _t86;
				void* _t87;
				char* _t88;
				char* _t89;
				void* _t90;
				char* _t91;
				long _t94;
				signed int _t97;
				void* _t98;

				_t90 = __esi;
				_t87 = __edi;
				_t64 = __ebx;
				_t34 =  *0x32ed474; // 0x444d31ba
				 *(_t97 + 0x110) = _t34 ^ _t97;
				_t78 =  *(_t97 + 0x11c);
				_t67 =  *(_t97 + 0x118);
				_t37 = _t78 - 1;
				_t94 =  *(_t97 + 0x128);
				if(_t37 == 0) {
					L28:
					return E032BD98D( *(_t97 + 0x114) ^ _t97);
				} else {
					_t40 = _t37 - 1;
					if(_t40 == 0) {
						goto L28;
					} else {
						_t42 =  *(_t97 + 0x124);
						if(_t40 == 0x217) {
							_t43 = _t42 - 0x8000;
							 *(_t97 + 4) = 2;
							if(_t43 == 0) {
								 *(_t97 + 4) = 1;
								goto L8;
							} else {
								if(_t43 == 4) {
									L8:
									if( *((intOrPtr*)(_t94 + 4)) == 5) {
										 *((char*)(_t97 + 0x24)) = 0;
										E032BEF40(_t87, _t97 + 0x1d, 0, 0xff);
										_t98 = _t97 + 0xc;
										_t65 =  *0x32f0008(_t94 + 0xc, 0x20019, 2, 0, 0, _t64);
										if(_t65 != 0xffffffff) {
											_push(_t90);
											_t91 = _t94 + 0x1c;
											_t51 = _t91;
											_push(_t87);
											_t73 = 0;
											_t88 =  &(_t51[1]);
											do {
												_t83 =  *_t51;
												_t51 =  &(_t51[1]);
											} while (_t83 != 0);
											if(_t51 != _t88) {
												do {
													if( *((char*)(_t73 + _t91)) == 0x5c) {
														 *((char*)(_t73 + _t91)) = 0x23;
													}
													_t59 = _t91;
													_t73 = _t73 + 1;
													_t89 =  &(_t59[1]);
													do {
														_t86 =  *_t59;
														_t59 =  &(_t59[1]);
													} while (_t86 != 0);
												} while (_t73 < _t59 - _t89);
											}
											if(RegOpenKeyExA(_t65, _t91, 0, 0x20019, _t98 + 0x18) == 0) {
												_t56 =  *(_t98 + 0x18);
												if(_t56 != 0xffffffff) {
													 *((intOrPtr*)(_t98 + 0x2c)) = 1;
													 *((intOrPtr*)(_t98 + 0x34)) = 0x100;
													RegQueryValueExA(_t56, "DeviceInstance", 0, _t98 + 0x1c, _t98 + 0x24, _t98 + 0x1c);
													RegCloseKey( *(_t98 + 0x18));
												}
											}
											RegCloseKey(_t65);
											_pop(_t87);
											_pop(_t90);
										}
										_pop(_t66);
										if( *(_t98 + 0x18) == 0) {
											_t50 = _t94 + 0x1c;
											_t82 = _t98 + 0x14 - _t50;
											do {
												_t72 =  *_t50;
												 *((char*)(_t82 + _t50)) = _t72;
												_t50 = _t50 + 1;
											} while (_t72 != 0);
										}
										E032C91C6(_t66, _t87, _t98 + 0x14);
										_t48 = E032BF1D0(_t98 + 0x18, "vid_0d7a");
										_t97 = _t98 + 0xc;
										if(_t48 != 0) {
											E032ABAD0(_t90,  *(_t97 + 4));
											_t97 = _t97 + 4;
										}
									}
								} else {
								}
							}
							goto L28;
						} else {
							DefWindowProcA(_t67, _t78, _t42, _t94);
							return E032BD98D( *(_t97 + 0x110) ^ _t97);
						}
					}
				}
			}
































                                                                                                                                  0x032abba0
                                                                                                                                  0x032abba0
                                                                                                                                  0x032abba0
                                                                                                                                  0x032abba6
                                                                                                                                  0x032abbad
                                                                                                                                  0x032abbb4
                                                                                                                                  0x032abbbb
                                                                                                                                  0x032abbc4
                                                                                                                                  0x032abbc8
                                                                                                                                  0x032abbcf
                                                                                                                                  0x032abd5b
                                                                                                                                  0x032abd72
                                                                                                                                  0x032abbd5
                                                                                                                                  0x032abbd5
                                                                                                                                  0x032abbd8
                                                                                                                                  0x00000000
                                                                                                                                  0x032abbde
                                                                                                                                  0x032abbe3
                                                                                                                                  0x032abbea
                                                                                                                                  0x032abc0e
                                                                                                                                  0x032abc13
                                                                                                                                  0x032abc1b
                                                                                                                                  0x032abc27
                                                                                                                                  0x00000000
                                                                                                                                  0x032abc1d
                                                                                                                                  0x032abc20
                                                                                                                                  0x032abc2f
                                                                                                                                  0x032abc33
                                                                                                                                  0x032abc46
                                                                                                                                  0x032abc4b
                                                                                                                                  0x032abc50
                                                                                                                                  0x032abc68
                                                                                                                                  0x032abc6d
                                                                                                                                  0x032abc73
                                                                                                                                  0x032abc74
                                                                                                                                  0x032abc77
                                                                                                                                  0x032abc79
                                                                                                                                  0x032abc7a
                                                                                                                                  0x032abc7c
                                                                                                                                  0x032abc80
                                                                                                                                  0x032abc80
                                                                                                                                  0x032abc82
                                                                                                                                  0x032abc85
                                                                                                                                  0x032abc8b
                                                                                                                                  0x032abc90
                                                                                                                                  0x032abc94
                                                                                                                                  0x032abc96
                                                                                                                                  0x032abc96
                                                                                                                                  0x032abc9a
                                                                                                                                  0x032abc9c
                                                                                                                                  0x032abc9f
                                                                                                                                  0x032abca2
                                                                                                                                  0x032abca2
                                                                                                                                  0x032abca4
                                                                                                                                  0x032abca7
                                                                                                                                  0x032abcad
                                                                                                                                  0x032abc90
                                                                                                                                  0x032abccd
                                                                                                                                  0x032abccf
                                                                                                                                  0x032abcd6
                                                                                                                                  0x032abcef
                                                                                                                                  0x032abcf7
                                                                                                                                  0x032abcff
                                                                                                                                  0x032abd0a
                                                                                                                                  0x032abd0a
                                                                                                                                  0x032abcd6
                                                                                                                                  0x032abd0d
                                                                                                                                  0x032abd0f
                                                                                                                                  0x032abd10
                                                                                                                                  0x032abd10
                                                                                                                                  0x032abd16
                                                                                                                                  0x032abd17
                                                                                                                                  0x032abd19
                                                                                                                                  0x032abd20
                                                                                                                                  0x032abd22
                                                                                                                                  0x032abd22
                                                                                                                                  0x032abd24
                                                                                                                                  0x032abd27
                                                                                                                                  0x032abd2a
                                                                                                                                  0x032abd22
                                                                                                                                  0x032abd33
                                                                                                                                  0x032abd42
                                                                                                                                  0x032abd47
                                                                                                                                  0x032abd4c
                                                                                                                                  0x032abd53
                                                                                                                                  0x032abd58
                                                                                                                                  0x032abd58
                                                                                                                                  0x032abd4c
                                                                                                                                  0x00000000
                                                                                                                                  0x032abc22
                                                                                                                                  0x032abc20
                                                                                                                                  0x00000000
                                                                                                                                  0x032abbec
                                                                                                                                  0x032abbf0
                                                                                                                                  0x032abc0b
                                                                                                                                  0x032abc0b
                                                                                                                                  0x032abbea
                                                                                                                                  0x032abbd8

                                                                                                                                  APIs
                                                                                                                                  • DefWindowProcA.USER32(?,?,?,?), ref: 032ABBF0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProcWindow
                                                                                                                                  • String ID: DeviceInstance$vid_0d7a
                                                                                                                                  • API String ID: 181713994-110077402
                                                                                                                                  • Opcode ID: aa1b097997fc807df0334152f88ce52ef68b6fdd32e540b1088ffdab572de9e1
                                                                                                                                  • Instruction ID: b8ce43bf8ba89b54d19163a1c850e1243119c1bf607663cbb7c33d2401691bf2
                                                                                                                                  • Opcode Fuzzy Hash: aa1b097997fc807df0334152f88ce52ef68b6fdd32e540b1088ffdab572de9e1
                                                                                                                                  • Instruction Fuzzy Hash: 8E51F8715147065FD324DF28DC89FEBBBE9AB88704F08891CF5858B281D772E589C762
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10002440 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 136memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                  			E10002440(void* __edx, intOrPtr _a4) {
				signed int _v4;
				CHAR* _t32;
				intOrPtr _t33;
				void* _t34;
				void* _t36;
				void* _t43;
				void** _t49;
				CHAR* _t58;
				void* _t59;
				signed int* _t60;
				void* _t61;
				intOrPtr* _t62;
				CHAR* _t63;
				void* _t73;

				_t59 = __edx;
				_v4 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t62 = (_v4 << 5) + _t9;
					_t32 =  *(_t62 + 0x14);
					if(_t32 == 0) {
						goto L9;
					}
					_t58 = 0x1a;
					if(_t32 == _t58) {
						goto L9;
					}
					if(_t32 != 0xffffffff) {
						if(_t32 <= 0 || _t32 > 0x19) {
							 *(_t62 + 0x14) = _t58;
						} else {
							_t32 = E100015E5(_t32 - 1);
							L10:
						}
						goto L11;
					} else {
						_t32 = E10001561();
						L11:
						_t63 = _t32;
						_t13 = _t62 + 8; // 0x820
						_t60 = _t13;
						if( *((intOrPtr*)(_t62 + 4)) != 0xffffffff) {
							_t49 = _t60;
						} else {
							_t49 =  *_t60;
						}
						_t33 =  *_t62;
						 *(_t62 + 0x1c) =  *(_t62 + 0x1c) & 0x00000000;
						if(_t33 == 0) {
							 *_t60 =  *_t60 & 0x00000000;
						} else {
							if(_t33 == 1) {
								_t36 = E10001641(_t63);
								L27:
								 *_t49 = _t36;
								L31:
								_t34 = GlobalFree(_t63);
								if(_v4 == 0) {
									return _t34;
								}
								if(_v4 !=  *((intOrPtr*)(_a4 + 0x814))) {
									_v4 = _v4 + 1;
								} else {
									_v4 = _v4 & 0x00000000;
								}
								continue;
							}
							if(_t33 == 2) {
								 *_t49 = E10001641(_t63);
								_t49[1] = _t59;
								goto L31;
							}
							_t73 = _t33 - 3;
							if(_t73 == 0) {
								_t36 = E10001550(_t63);
								 *(_t62 + 0x1c) = _t36;
								goto L27;
							}
							if(_t73 > 0) {
								if(_t33 <= 5) {
									_t61 = GlobalAlloc(0x40,  *0x10004058 +  *0x10004058);
									 *(_t62 + 0x1c) = _t61;
									MultiByteToWideChar(0, 0, _t63,  *0x10004058, _t61,  *0x10004058);
									if( *_t62 != 5) {
										 *_t49 = _t61;
									} else {
										_t43 = GlobalAlloc(0x40, 0x10);
										 *(_t62 + 0x1c) = _t43;
										 *_t49 = _t43;
										__imp__CLSIDFromString(_t61, _t43);
										GlobalFree(_t61);
									}
								} else {
									if(_t33 == 6 && lstrlenA(_t63) > 0) {
										 *_t60 = E1000276E(E10001641(_t63));
									}
								}
							}
						}
						goto L31;
					}
					L9:
					_t32 = E10001550(0x10004034);
					goto L10;
				}
			}

















                                                                                                                                  0x10002440
                                                                                                                                  0x10002454
                                                                                                                                  0x10002458
                                                                                                                                  0x10002463
                                                                                                                                  0x10002463
                                                                                                                                  0x1000246a
                                                                                                                                  0x1000246f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002473
                                                                                                                                  0x10002476
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1000247b
                                                                                                                                  0x10002486
                                                                                                                                  0x10002496
                                                                                                                                  0x1000248d
                                                                                                                                  0x1000248f
                                                                                                                                  0x100024a5
                                                                                                                                  0x100024a5
                                                                                                                                  0x00000000
                                                                                                                                  0x1000247d
                                                                                                                                  0x1000247d
                                                                                                                                  0x100024a6
                                                                                                                                  0x100024aa
                                                                                                                                  0x100024ac
                                                                                                                                  0x100024ac
                                                                                                                                  0x100024af
                                                                                                                                  0x100024b5
                                                                                                                                  0x100024b1
                                                                                                                                  0x100024b1
                                                                                                                                  0x100024b1
                                                                                                                                  0x100024b7
                                                                                                                                  0x100024b9
                                                                                                                                  0x100024bf
                                                                                                                                  0x1000258a
                                                                                                                                  0x100024c5
                                                                                                                                  0x100024c8
                                                                                                                                  0x10002583
                                                                                                                                  0x1000256f
                                                                                                                                  0x10002570
                                                                                                                                  0x1000258d
                                                                                                                                  0x1000258e
                                                                                                                                  0x10002599
                                                                                                                                  0x100025c3
                                                                                                                                  0x100025c3
                                                                                                                                  0x100025a9
                                                                                                                                  0x100025b5
                                                                                                                                  0x100025ab
                                                                                                                                  0x100025ab
                                                                                                                                  0x100025ab
                                                                                                                                  0x00000000
                                                                                                                                  0x100025a9
                                                                                                                                  0x100024d1
                                                                                                                                  0x1000257b
                                                                                                                                  0x1000257d
                                                                                                                                  0x00000000
                                                                                                                                  0x1000257d
                                                                                                                                  0x100024d7
                                                                                                                                  0x100024da
                                                                                                                                  0x10002567
                                                                                                                                  0x1000256c
                                                                                                                                  0x00000000
                                                                                                                                  0x1000256c
                                                                                                                                  0x100024e0
                                                                                                                                  0x100024e9
                                                                                                                                  0x10002525
                                                                                                                                  0x10002527
                                                                                                                                  0x10002537
                                                                                                                                  0x10002540
                                                                                                                                  0x10002562
                                                                                                                                  0x10002542
                                                                                                                                  0x10002546
                                                                                                                                  0x1000254d
                                                                                                                                  0x10002551
                                                                                                                                  0x10002553
                                                                                                                                  0x1000255a
                                                                                                                                  0x1000255a
                                                                                                                                  0x100024eb
                                                                                                                                  0x100024ee
                                                                                                                                  0x10002510
                                                                                                                                  0x10002512
                                                                                                                                  0x100024ee
                                                                                                                                  0x100024e9
                                                                                                                                  0x100024e0
                                                                                                                                  0x00000000
                                                                                                                                  0x100024bf
                                                                                                                                  0x1000249b
                                                                                                                                  0x100024a0
                                                                                                                                  0x00000000
                                                                                                                                  0x100024a0

                                                                                                                                  APIs
                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 100024F5
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 1000251F
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 10002537
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000010), ref: 10002546
                                                                                                                                  • CLSIDFromString.OLE32(00000000,00000000), ref: 10002553
                                                                                                                                  • GlobalFree.KERNEL32 ref: 1000255A
                                                                                                                                  • GlobalFree.KERNEL32 ref: 1000258E
                                                                                                                                    • Part of subcall function 10001550: lstrcpyA.KERNEL32(00000000,?,10001607,?,100011A1,-000000A0), ref: 1000155A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.749338517.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.749309117.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749363604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749383020.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpylstrlen
                                                                                                                                  • String ID: @u]w
                                                                                                                                  • API String ID: 520554397-689891868
                                                                                                                                  • Opcode ID: 73698bcf168bc25748ca8d9a57d83aa9733e480b4e517d970f119df6c2bd3c01
                                                                                                                                  • Instruction ID: 5e8646e4445d362173c86146a51869b75f136194909619477c3c659b9c9ef311
                                                                                                                                  • Opcode Fuzzy Hash: 73698bcf168bc25748ca8d9a57d83aa9733e480b4e517d970f119df6c2bd3c01
                                                                                                                                  • Instruction Fuzzy Hash: 5041BB71505B02DFF324CF248C94B6AB7F8FB443E2F614919F946DA189DB70E8808B66
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AD310 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 115memorystringwindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032AD310(long _a4, intOrPtr _a8, intOrPtr _a12, CHAR* _a16, intOrPtr _a20) {
				void* _v8;
				void* _v12;
				void* _t30;
				char _t31;
				struct HWND__*** _t32;
				void* _t34;
				CHAR* _t51;
				struct HWND__** _t56;
				char* _t58;
				intOrPtr* _t62;
				void* _t66;

				_t51 = _a16;
				_t58 = _a4 + 0x210;
				if( *_t58 == 0) {
					lstrcpyA(_t51, 0x32dc4cc);
					goto L4;
				} else {
					E032B8160(_t58, 0x104, _t51, _a20);
					_t66 = _t66 + 0x10;
					if(lstrcmpiA(_t51, "explorer.exe") != 0) {
						L4:
						_v8 = GlobalAlloc(0x40, 8);
						_t30 = GlobalAlloc(0x40, 0x38);
						_t62 = _a4;
						_v12 = _t30;
						 *_t30 =  *(_t62 + 0x20c);
						 *((intOrPtr*)(_t30 + 4)) =  *_t62;
						_t9 = _t30 + 0xc; // 0xc
						_t31 = E032B7240( *0x32efc68,  *_t62, _t9);
						_t56 = _v12;
						 *((char*)(_t56 + 8)) = _t31;
						_t32 = _v8;
						 *(_t32 + 4) = 0;
						 *_t32 = _t56;
						if(_a8 != 0) {
							_t34 = E032AD5B0(_t62 + 0x108, _t58, _a12, _t32);
							GlobalFree(_v12);
							GlobalFree(_v8);
							return _t34;
						} else {
							if( *_t58 == 0) {
								_a4 = 0;
							} else {
								ExtractIconExA(_t58, 0, 0,  &_a4, 1);
							}
							if(_a12 > 0) {
								E032B1000(_t58);
								_t66 = _t66 + 4;
								 *((intOrPtr*)( *((intOrPtr*)( *0x32ee1d8 + 4))))(_a12,  *0x32efccc);
							}
							return E032AD450(_t62 + 0x108, 0x400, _t51, _a20, _a4, _v8);
						}
					} else {
						return 1;
					}
				}
			}














                                                                                                                                  0x032ad317
                                                                                                                                  0x032ad31e
                                                                                                                                  0x032ad327
                                                                                                                                  0x032ad35c
                                                                                                                                  0x00000000
                                                                                                                                  0x032ad329
                                                                                                                                  0x032ad333
                                                                                                                                  0x032ad338
                                                                                                                                  0x032ad349
                                                                                                                                  0x032ad362
                                                                                                                                  0x032ad373
                                                                                                                                  0x032ad376
                                                                                                                                  0x032ad378
                                                                                                                                  0x032ad37b
                                                                                                                                  0x032ad384
                                                                                                                                  0x032ad388
                                                                                                                                  0x032ad38b
                                                                                                                                  0x032ad397
                                                                                                                                  0x032ad3a0
                                                                                                                                  0x032ad3a3
                                                                                                                                  0x032ad3a6
                                                                                                                                  0x032ad3a9
                                                                                                                                  0x032ad3b0
                                                                                                                                  0x032ad3b2
                                                                                                                                  0x032ad427
                                                                                                                                  0x032ad43a
                                                                                                                                  0x032ad440
                                                                                                                                  0x032ad44a
                                                                                                                                  0x032ad3b4
                                                                                                                                  0x032ad3b7
                                                                                                                                  0x032ad3cc
                                                                                                                                  0x032ad3b9
                                                                                                                                  0x032ad3c4
                                                                                                                                  0x032ad3c4
                                                                                                                                  0x032ad3d7
                                                                                                                                  0x032ad3da
                                                                                                                                  0x032ad3e4
                                                                                                                                  0x032ad3f3
                                                                                                                                  0x032ad3f3
                                                                                                                                  0x032ad41a
                                                                                                                                  0x032ad41a
                                                                                                                                  0x032ad34c
                                                                                                                                  0x032ad355
                                                                                                                                  0x032ad355
                                                                                                                                  0x032ad349

                                                                                                                                  APIs
                                                                                                                                  • lstrcmpiA.KERNEL32(?,explorer.exe), ref: 032AD341
                                                                                                                                  • lstrcpyA.KERNEL32(?,032DC4CC), ref: 032AD35C
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000008), ref: 032AD36D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000038), ref: 032AD376
                                                                                                                                  • ExtractIconExA.SHELL32(?,00000000,00000000,?,00000001,?,0000000C), ref: 032AD3C4
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AD43A
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AD440
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFree$ExtractIconlstrcmpilstrcpy
                                                                                                                                  • String ID: explorer.exe
                                                                                                                                  • API String ID: 837372532-3187896405
                                                                                                                                  • Opcode ID: b29fc67ec4f14ec3db309fd611c50eaf1bac3312f6a282cf723ff74c6b5507d0
                                                                                                                                  • Instruction ID: 3592b52413bae2fb8b1fe059c8c4d9c3beb0eb7fa569e4170be4aef213c306d3
                                                                                                                                  • Opcode Fuzzy Hash: b29fc67ec4f14ec3db309fd611c50eaf1bac3312f6a282cf723ff74c6b5507d0
                                                                                                                                  • Instruction Fuzzy Hash: 7C41C975A00209BFDB10DF5CDC49F9ABBB8FF44714F148055FA089B291D7B1A990CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B5420 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 45%
                                                                                                                                  			E032B5420(void* __edi, void* __esi, CHAR* _a4) {
				signed int _v8;
				short _v520;
				WCHAR* _v524;
				short _v526;
				char _v528;
				char _v532;
				void* _v536;
				char _v560;
				void* __ebp;
				signed int _t22;
				short _t28;
				char* _t32;
				void* _t36;
				short _t40;
				void* _t46;
				CHAR* _t50;
				signed int _t52;

				_t46 = __edi;
				_t22 =  *0x32ed474; // 0x444d31ba
				_v8 = _t22 ^ _t52;
				_t50 = _a4;
				E032BEF40(__edi,  &_v520, 0, 0x200);
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x22c], xmm0");
				asm("movq [ebp-0x21c], xmm0");
				_t28 = lstrlenW( &_v520) + _t27;
				_v528 = _t28;
				_v526 = _t28 + 2;
				_push( &_v532);
				_push(0x810);
				_v524 =  &_v520;
				_push( &_v560);
				_t32 =  &_v528;
				_push(_t32);
				L032BD97B();
				if(_t32 == 0) {
					if(E032B52F0(0, _t50,  &_v536) != 0) {
						_push(_t46);
						_t40 = lstrlenW(L"SeServiceLogonRight") + _t39;
						_v524 = L"SeServiceLogonRight";
						_v528 = _t40;
						_push(1);
						_v526 = _t40 + 2;
						_push( &_v528);
						_push(_v536);
						_push(_v532);
						L032BD981();
					}
					_push(_v532);
					L032BD975();
					_t36 = _v536;
					if(_t36 != 0) {
						HeapFree(GetProcessHeap(), 0, _t36);
					}
				}
				return E032BD98D(_v8 ^ _t52);
			}




















                                                                                                                                  0x032b5420
                                                                                                                                  0x032b5429
                                                                                                                                  0x032b5430
                                                                                                                                  0x032b5434
                                                                                                                                  0x032b5445
                                                                                                                                  0x032b5453
                                                                                                                                  0x032b5456
                                                                                                                                  0x032b545e
                                                                                                                                  0x032b546c
                                                                                                                                  0x032b5474
                                                                                                                                  0x032b547e
                                                                                                                                  0x032b548b
                                                                                                                                  0x032b548c
                                                                                                                                  0x032b5497
                                                                                                                                  0x032b549d
                                                                                                                                  0x032b549e
                                                                                                                                  0x032b54a4
                                                                                                                                  0x032b54a5
                                                                                                                                  0x032b54ac
                                                                                                                                  0x032b54c6
                                                                                                                                  0x032b54ce
                                                                                                                                  0x032b54e0
                                                                                                                                  0x032b54e2
                                                                                                                                  0x032b54ec
                                                                                                                                  0x032b54f6
                                                                                                                                  0x032b54f8
                                                                                                                                  0x032b5505
                                                                                                                                  0x032b5506
                                                                                                                                  0x032b5507
                                                                                                                                  0x032b5508
                                                                                                                                  0x032b550d
                                                                                                                                  0x032b550e
                                                                                                                                  0x032b5514
                                                                                                                                  0x032b5519
                                                                                                                                  0x032b5521
                                                                                                                                  0x032b552d
                                                                                                                                  0x032b552d
                                                                                                                                  0x032b5521
                                                                                                                                  0x032b5541

                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,00000000), ref: 032B5466
                                                                                                                                  • LsaOpenPolicy.ADVAPI32(?,?,00000810,?), ref: 032B54A5
                                                                                                                                    • Part of subcall function 032B52F0: GetProcessHeap.KERNEL32(00000000,00000080,444D31BA,76D81D30), ref: 032B5345
                                                                                                                                    • Part of subcall function 032B52F0: HeapAlloc.KERNEL32(00000000), ref: 032B5348
                                                                                                                                    • Part of subcall function 032B52F0: GetProcessHeap.KERNEL32(00000000,00000010), ref: 032B535B
                                                                                                                                    • Part of subcall function 032B52F0: HeapAlloc.KERNEL32(00000000), ref: 032B535E
                                                                                                                                    • Part of subcall function 032B52F0: LookupAccountNameA.ADVAPI32(032B38AB,00000000,032B54C1,00000080,00000000,00000010,?), ref: 032B5382
                                                                                                                                    • Part of subcall function 032B52F0: GetLastError.KERNEL32 ref: 032B538C
                                                                                                                                    • Part of subcall function 032B52F0: GetProcessHeap.KERNEL32(00000000,032B54C1,00000080), ref: 032B539E
                                                                                                                                    • Part of subcall function 032B52F0: HeapReAlloc.KERNEL32(00000000), ref: 032B53A1
                                                                                                                                    • Part of subcall function 032B52F0: GetProcessHeap.KERNEL32(00000000,00000000,00000010), ref: 032B53B3
                                                                                                                                    • Part of subcall function 032B52F0: HeapReAlloc.KERNEL32(00000000), ref: 032B53B6
                                                                                                                                  • lstrlenW.KERNEL32(SeServiceLogonRight,76D81D30,?,?,?,?,?,00000000), ref: 032B54DA
                                                                                                                                  • LsaAddAccountRights.ADVAPI32(?,?,?,00000001), ref: 032B5508
                                                                                                                                  • LsaClose.ADVAPI32(?), ref: 032B5514
                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 032B5526
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 032B552D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$Process$Alloc$Accountlstrlen$CloseErrorFreeLastLookupNameOpenPolicyRights
                                                                                                                                  • String ID: SeServiceLogonRight
                                                                                                                                  • API String ID: 4243670051-347471591
                                                                                                                                  • Opcode ID: 1950df611d46bc97ae8df3deec6db6d96748be057fe4ce5dd16e35a6e2b52d10
                                                                                                                                  • Instruction ID: 17e1900c60d9bfce2df357985785aa15c282abd6300073f88d4a52a9568b39de
                                                                                                                                  • Opcode Fuzzy Hash: 1950df611d46bc97ae8df3deec6db6d96748be057fe4ce5dd16e35a6e2b52d10
                                                                                                                                  • Instruction Fuzzy Hash: 01317175D5132DAADB20EB60EC4DBEEB3BCEF14740F1481D5E518AA241EA70AAC0CF51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A48C0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 75%
                                                                                                                                  			E032A48C0(void* __ebx, void* __edi, void* __esi, short _a4, char _a8, char _a404, short _a408, signed int _a10376, void* _a10384) {
				char _v0;
				intOrPtr _v8;
				void* __ebp;
				signed int _t21;
				_Unknown_base(*)()* _t29;
				intOrPtr _t30;
				void* _t31;
				void* _t32;
				void* _t35;
				struct HINSTANCE__* _t44;
				intOrPtr* _t47;
				signed int _t52;

				_t35 = __ebx;
				E032BD9F0();
				_t21 =  *0x32ed474; // 0x444d31ba
				_a10376 = _t21 ^ _t52;
				_a4 = 0x2880;
				_t47 =  &_a8;
				_t44 = LoadLibraryA("Iphlpapi.dll");
				if(_t44 == 0) {
					L9:
					_v0 = GetLastError();
				} else {
					_t29 = GetProcAddress(_t44, "GetAdaptersInfo");
					if(_t29 == 0) {
						goto L9;
					} else {
						_t30 =  *_t29(_t47,  &_a4);
						_v8 = _t30;
						if(_t30 == 0) {
							_t31 = E032C63F0(__ebx, "127.0.0.1", 0xa);
							_t52 = _t52 + 0xc;
							if(_t31 != 0) {
								while(1) {
									_t10 = _t47 + 0x1b0; // 0x1b0
									_t32 = E032C63F0(_t10, _t35, 4);
									_t52 = _t52 + 0xc;
									if(_t32 == 0) {
										break;
									}
									_t47 =  *_t47;
									if(_t47 != 0) {
										continue;
									} else {
										_v8 = 0x32;
									}
									goto L10;
								}
								_v0 =  *((intOrPtr*)(_t47 + 0x194));
								_a4 =  *((intOrPtr*)(_t47 + 0x198));
							} else {
								_v0 = _a404;
								_a4 = _a408;
							}
						}
					}
				}
				L10:
				if(_t44 != 0) {
					FreeLibrary(_t44);
				}
				return E032BD98D(_a10376 ^ _t52);
			}















                                                                                                                                  0x032a48c0
                                                                                                                                  0x032a48c5
                                                                                                                                  0x032a48ca
                                                                                                                                  0x032a48d1
                                                                                                                                  0x032a48e7
                                                                                                                                  0x032a48ef
                                                                                                                                  0x032a48f9
                                                                                                                                  0x032a48fd
                                                                                                                                  0x032a498d
                                                                                                                                  0x032a4993
                                                                                                                                  0x032a4903
                                                                                                                                  0x032a4909
                                                                                                                                  0x032a4911
                                                                                                                                  0x00000000
                                                                                                                                  0x032a4913
                                                                                                                                  0x032a491b
                                                                                                                                  0x032a491f
                                                                                                                                  0x032a4923
                                                                                                                                  0x032a492d
                                                                                                                                  0x032a4932
                                                                                                                                  0x032a4937
                                                                                                                                  0x032a4951
                                                                                                                                  0x032a4953
                                                                                                                                  0x032a495b
                                                                                                                                  0x032a4960
                                                                                                                                  0x032a4965
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032a4967
                                                                                                                                  0x032a496b
                                                                                                                                  0x00000000
                                                                                                                                  0x032a496d
                                                                                                                                  0x032a496d
                                                                                                                                  0x032a496d
                                                                                                                                  0x00000000
                                                                                                                                  0x032a496b
                                                                                                                                  0x032a497d
                                                                                                                                  0x032a4987
                                                                                                                                  0x032a4939
                                                                                                                                  0x032a4948
                                                                                                                                  0x032a494b
                                                                                                                                  0x032a494b
                                                                                                                                  0x032a4937
                                                                                                                                  0x032a4923
                                                                                                                                  0x032a4911
                                                                                                                                  0x032a4997
                                                                                                                                  0x032a4999
                                                                                                                                  0x032a499c
                                                                                                                                  0x032a499c
                                                                                                                                  0x032a49c2

                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000), ref: 032A48F3
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 032A4909
                                                                                                                                  • GetLastError.KERNEL32 ref: 032A498D
                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 032A499C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Library$AddressErrorFreeLastLoadProc
                                                                                                                                  • String ID: 127.0.0.1$2$GetAdaptersInfo$Iphlpapi.dll
                                                                                                                                  • API String ID: 2540614322-3900670917
                                                                                                                                  • Opcode ID: a097b4e480a9c57e77d5dcce15e98f76d123ce7aec266d1d2addaee733ca7332
                                                                                                                                  • Instruction ID: 526efbdec74e8c1bc6e9924c4f590cb7cab76fb7aa53d5421b1e0dc269c3aae3
                                                                                                                                  • Opcode Fuzzy Hash: a097b4e480a9c57e77d5dcce15e98f76d123ce7aec266d1d2addaee733ca7332
                                                                                                                                  • Instruction Fuzzy Hash: 5D21717552D7029FD720EF29D809AABB7E4AF84B50F44C81DE89D87301EB74D490CB52
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B16D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032B16D0(intOrPtr _a4, int _a8, intOrPtr _a12, void* _a16, intOrPtr _a20) {
				CHAR* _t15;
				CHAR* _t19;
				CHAR* _t22;
				signed int _t35;
				void* _t37;
				CHAR* _t38;
				void _t41;
				void** _t42;
				void* _t44;

				if( *0x32efcc8 == 0) {
					 *0x32efccc = _a4;
					 *0x32efcd0 = _a8;
					 *0x32efcd4 = _a16;
					 *0x32efcd8 = _a12;
					_t15 =  *((intOrPtr*)( *((intOrPtr*)(_a20 + 0xc))))( *0x32efcc4, E032AFFB0);
					 *0x32efcc8 = 1;
				}
				if( *0x32ef454 >= 0x80) {
					if( *0x32efcd4 != 0) {
						_t41 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t14 = _t41 + 4; // 0x4
						_t15 = lstrcpynA(_t14, "error",  *0x32efcd0);
						_t37 =  *0x32efcd4;
						 *_t41 =  *_t37;
						 *_t37 = _t41;
					}
					return _t15;
				} else {
					_t19 = GlobalAlloc(0x40, 0x104);
					_t35 =  *0x32ef454;
					_t38 = _t19;
					_t42 =  *0x32efcd4;
					 *(0x32ef240 + _t35 * 4) = _t38;
					if(_t42 != 0) {
						_t44 =  *_t42;
						if(_t44 != 0) {
							lstrcpyA(_t38, _t44 + 4);
							 *( *0x32efcd4) =  *_t44;
							GlobalFree(_t44);
							_t35 =  *0x32ef454;
						}
					}
					CharLowerA( *(0x32ef240 + _t35 * 4));
					_t22 = lstrcatA( *(0x32ef240 +  *0x32ef454 * 4), "\\");
					 *0x32ef454 =  *0x32ef454 + 1;
					return _t22;
				}
			}












                                                                                                                                  0x032b16da
                                                                                                                                  0x032b16df
                                                                                                                                  0x032b16e7
                                                                                                                                  0x032b16ef
                                                                                                                                  0x032b16f7
                                                                                                                                  0x032b170d
                                                                                                                                  0x032b170f
                                                                                                                                  0x032b170f
                                                                                                                                  0x032b1724
                                                                                                                                  0x032b17a7
                                                                                                                                  0x032b17c0
                                                                                                                                  0x032b17c7
                                                                                                                                  0x032b17cb
                                                                                                                                  0x032b17d1
                                                                                                                                  0x032b17d9
                                                                                                                                  0x032b17db
                                                                                                                                  0x032b17db
                                                                                                                                  0x032b17df
                                                                                                                                  0x032b1726
                                                                                                                                  0x032b172d
                                                                                                                                  0x032b1733
                                                                                                                                  0x032b1739
                                                                                                                                  0x032b173b
                                                                                                                                  0x032b1741
                                                                                                                                  0x032b174a
                                                                                                                                  0x032b174c
                                                                                                                                  0x032b1750
                                                                                                                                  0x032b1757
                                                                                                                                  0x032b1765
                                                                                                                                  0x032b1767
                                                                                                                                  0x032b176d
                                                                                                                                  0x032b176d
                                                                                                                                  0x032b1750
                                                                                                                                  0x032b177a
                                                                                                                                  0x032b1791
                                                                                                                                  0x032b1797
                                                                                                                                  0x032b179f
                                                                                                                                  0x032b179f

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000104), ref: 032B172D
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B1757
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B1767
                                                                                                                                  • CharLowerA.USER32 ref: 032B177A
                                                                                                                                  • lstrcatA.KERNEL32(032DC9B0), ref: 032B1791
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B17B4
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B17CB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloc$CharFreeLowerlstrcatlstrcpylstrcpyn
                                                                                                                                  • String ID: error
                                                                                                                                  • API String ID: 2364924814-1574812785
                                                                                                                                  • Opcode ID: 31b737ed286eda2af274ca39e26c5bb9ecdac03f4f48b64801e108e26e50ef86
                                                                                                                                  • Instruction ID: d60b2aa859be39f7ef329c0b162ea52b1b8c0d501f293d7cd98b8b49c9e9f23f
                                                                                                                                  • Opcode Fuzzy Hash: 31b737ed286eda2af274ca39e26c5bb9ecdac03f4f48b64801e108e26e50ef86
                                                                                                                                  • Instruction Fuzzy Hash: 84312876611224EFC710FF68FA5EAA977B4FB49741B12C015EE058B398CB75A8A0CF40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A4C60 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 58libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 49%
                                                                                                                                  			E032A4C60(char* _a4) {
				char _v4;
				char _v16;
				signed char _t17;
				struct HINSTANCE__* _t20;
				intOrPtr* _t21;
				char* _t22;
				void* _t23;

				_t22 = _a4;
				_t17 = 0;
				_t20 = LoadLibraryA("Secur32.dll");
				if(_t20 == 0) {
					L8:
					_push(GetLastError());
					E032A3960(_t7);
				} else {
					_t21 = GetProcAddress(_t20, "GetUserNameExA");
					if(_t21 == 0) {
						goto L8;
					} else {
						_push( &_v4);
						_push(_t22);
						_push(3);
						_v4 = 0x20;
						if( *_t21() == 0) {
							_push(GetLastError());
							E032A3960(_t14);
							_t23 = _t23 + 4;
							goto L6;
						} else {
							if( *_t22 == 0) {
								L6:
								_v16 = 0x20;
								_t17 =  *_t21(2, _t22,  &_v16);
							}
						}
						if(_t17 == 0) {
							goto L8;
						}
					}
				}
				if(_t20 != 0) {
					FreeLibrary(_t20);
				}
				return _t17 & 0x000000ff;
			}










                                                                                                                                  0x032a4c63
                                                                                                                                  0x032a4c6e
                                                                                                                                  0x032a4c76
                                                                                                                                  0x032a4c7a
                                                                                                                                  0x032a4cd5
                                                                                                                                  0x032a4cdb
                                                                                                                                  0x032a4cdc
                                                                                                                                  0x032a4c7c
                                                                                                                                  0x032a4c88
                                                                                                                                  0x032a4c8c
                                                                                                                                  0x00000000
                                                                                                                                  0x032a4c8e
                                                                                                                                  0x032a4c92
                                                                                                                                  0x032a4c93
                                                                                                                                  0x032a4c94
                                                                                                                                  0x032a4c96
                                                                                                                                  0x032a4ca4
                                                                                                                                  0x032a4cb4
                                                                                                                                  0x032a4cb5
                                                                                                                                  0x032a4cba
                                                                                                                                  0x00000000
                                                                                                                                  0x032a4ca6
                                                                                                                                  0x032a4caa
                                                                                                                                  0x032a4cbd
                                                                                                                                  0x032a4cc5
                                                                                                                                  0x032a4ccf
                                                                                                                                  0x032a4ccf
                                                                                                                                  0x032a4caa
                                                                                                                                  0x032a4cd3
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032a4cd3
                                                                                                                                  0x032a4c8c
                                                                                                                                  0x032a4ce6
                                                                                                                                  0x032a4ce9
                                                                                                                                  0x032a4ce9
                                                                                                                                  0x032a4cf7

                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32(Secur32.dll,00000000,032ED357,00000001,032ED341,?,032A4D1E,032ED357,032A83A0,?,00000000,00000000), ref: 032A4C70
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetUserNameExA), ref: 032A4C82
                                                                                                                                  • GetLastError.KERNEL32 ref: 032A4CAE
                                                                                                                                  • GetLastError.KERNEL32(?,032A4D1E,032ED357,032A83A0,?,00000000,00000000), ref: 032A4CD5
                                                                                                                                  • FreeLibrary.KERNEL32(00000000,032ED357,032A83A0,?,00000000,00000000), ref: 032A4CE9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastLibrary$AddressFreeLoadProc
                                                                                                                                  • String ID: $GetUserNameExA$Secur32.dll
                                                                                                                                  • API String ID: 1529210728-358679740
                                                                                                                                  • Opcode ID: fee88205beea8f2888add63720d781537a1b371c3f5d31d19e6d520f3f0863b9
                                                                                                                                  • Instruction ID: 0a33cb221874d50105f5c8d8a16b840ae86c92dbdac1859606bf4a900aeade73
                                                                                                                                  • Opcode Fuzzy Hash: fee88205beea8f2888add63720d781537a1b371c3f5d31d19e6d520f3f0863b9
                                                                                                                                  • Instruction Fuzzy Hash: 7F0126768567266FD300FB2AAC0DB7BBB9CBB41705F1C4019F54687205DBB1D048CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D3B48 Relevance: 13.7, APIs: 9, Instructions: 201COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 79%
                                                                                                                                  			E032D3B48(void* __edx, char _a4) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void _t52;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t56;
				signed int _t59;
				signed int _t68;
				char _t81;
				intOrPtr* _t82;
				void* _t93;
				void* _t94;
				signed int _t97;
				void* _t100;
				char _t108;
				char _t109;
				void* _t114;
				char* _t115;
				signed int _t121;
				signed int* _t122;
				char _t124;
				intOrPtr* _t126;
				signed int _t127;
				signed int _t128;
				signed int _t129;
				signed int _t130;
				char* _t131;

				_t114 = __edx;
				_t124 = _a4;
				_v24 = _t124;
				_v20 = 0;
				if( *((intOrPtr*)(_t124 + 0xb0)) != 0 ||  *((intOrPtr*)(_t124 + 0xac)) != 0) {
					_v16 = 1;
					_t93 = E032CCA94(_t94, 1, 0x50);
					if(_t93 != 0) {
						_t97 = 0x14;
						memcpy(_t93,  *(_t124 + 0x88), _t97 << 2);
						_t126 = E032C9F34(0, 4);
						_t121 = 0;
						_v8 = _t126;
						E032C9EFA(0);
						_pop(_t100);
						if(_t126 != 0) {
							 *_t126 = 0;
							_t124 = _a4;
							if( *((intOrPtr*)(_t124 + 0xb0)) == 0) {
								_t52 =  *0x32edd50; // 0x32edda4
								 *_t93 = _t52;
								_t53 =  *0x32edd54; // 0x32f3f8c
								 *((intOrPtr*)(_t93 + 4)) = _t53;
								_t54 =  *0x32edd58; // 0x32f3f8c
								 *((intOrPtr*)(_t93 + 8)) = _t54;
								_t55 =  *0x32edd80; // 0x32edda8
								 *((intOrPtr*)(_t93 + 0x30)) = _t55;
								_t56 =  *0x32edd84; // 0x32f3f90
								 *((intOrPtr*)(_t93 + 0x34)) = _t56;
								L19:
								 *_v8 = 1;
								if(_t121 != 0) {
									 *_t121 = 1;
								}
								goto L21;
							}
							_t122 = E032C9F34(_t100, 4);
							_v12 = _t122;
							E032C9EFA(0);
							_push(_t93);
							if(_t122 != 0) {
								 *_t122 =  *_t122 & 0x00000000;
								_t123 =  *((intOrPtr*)(_t124 + 0xb0));
								_push(0xe);
								_push( *((intOrPtr*)(_t124 + 0xb0)));
								_push(1);
								_push( &_v24);
								_t68 = E032D86AD(_t93, _t114,  *((intOrPtr*)(_t124 + 0xb0)), _t124);
								_t16 = _t93 + 4; // 0x4
								_t127 = _t68;
								_t128 = _t127 | E032D86AD(_t93, _t114,  *((intOrPtr*)(_t124 + 0xb0)), _t127,  &_v24, 1, _t123, 0xf, _t16);
								_t18 = _t93 + 8; // 0x8
								_t129 = _t128 | E032D86AD(_t93, _t114, _t123, _t128,  &_v24, 1, _t123, 0x10, _t18);
								_t130 = _t129 | E032D86AD(_t93, _t114, _t123, _t129,  &_v24, 2, _t123, 0xe, _t93 + 0x30);
								_t22 = _t93 + 0x34; // 0x34
								if((E032D86AD(_t93, _t114, _t123, _t130,  &_v24, 2, _t123, 0xf, _t22) | _t130) == 0) {
									_t115 =  *((intOrPtr*)(_t93 + 8));
									while(1) {
										_t81 =  *_t115;
										if(_t81 == 0) {
											break;
										}
										_t30 = _t81 - 0x30; // -48
										_t108 = _t30;
										if(_t108 > 9) {
											if(_t81 != 0x3b) {
												L16:
												_t115 = _t115 + 1;
												continue;
											}
											_t131 = _t115;
											do {
												_t82 = _t131 + 1;
												_t109 =  *_t82;
												 *_t131 = _t109;
												_t131 = _t82;
											} while (_t109 != 0);
											continue;
										}
										 *_t115 = _t108;
										goto L16;
									}
									_t121 = _v12;
									_t124 = _a4;
									goto L19;
								}
								E032D3ADF(_t93);
								E032C9EFA(_t93);
								E032C9EFA(_v12);
								_v16 = _v16 | 0xffffffff;
								L12:
								E032C9EFA(_v8);
								return _v16;
							}
							E032C9EFA();
							goto L12;
						}
						E032C9EFA(_t93);
						return 1;
					}
					return 1;
				} else {
					_t121 = 0;
					_v8 = 0;
					_t93 = 0x32edd50;
					L21:
					_t59 =  *(_t124 + 0x80);
					if(_t59 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t124 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t59 | 0xffffffff) == 0) {
							E032C9EFA( *((intOrPtr*)(_t124 + 0x7c)));
							E032C9EFA( *(_t124 + 0x88));
						}
					}
					 *((intOrPtr*)(_t124 + 0x7c)) = _v8;
					 *(_t124 + 0x80) = _t121;
					 *(_t124 + 0x88) = _t93;
					return 0;
				}
			}





































                                                                                                                                  0x032d3b48
                                                                                                                                  0x032d3b52
                                                                                                                                  0x032d3b58
                                                                                                                                  0x032d3b5b
                                                                                                                                  0x032d3b64
                                                                                                                                  0x032d3b83
                                                                                                                                  0x032d3b8b
                                                                                                                                  0x032d3b91
                                                                                                                                  0x032d3ba4
                                                                                                                                  0x032d3ba5
                                                                                                                                  0x032d3bae
                                                                                                                                  0x032d3bb0
                                                                                                                                  0x032d3bb3
                                                                                                                                  0x032d3bb6
                                                                                                                                  0x032d3bbc
                                                                                                                                  0x032d3bbf
                                                                                                                                  0x032d3bd0
                                                                                                                                  0x032d3bd2
                                                                                                                                  0x032d3bdb
                                                                                                                                  0x032d3d2d
                                                                                                                                  0x032d3d32
                                                                                                                                  0x032d3d34
                                                                                                                                  0x032d3d39
                                                                                                                                  0x032d3d3c
                                                                                                                                  0x032d3d41
                                                                                                                                  0x032d3d44
                                                                                                                                  0x032d3d49
                                                                                                                                  0x032d3d4c
                                                                                                                                  0x032d3d51
                                                                                                                                  0x032d3cbd
                                                                                                                                  0x032d3cc3
                                                                                                                                  0x032d3cc7
                                                                                                                                  0x032d3cc9
                                                                                                                                  0x032d3cc9
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3cc7
                                                                                                                                  0x032d3be8
                                                                                                                                  0x032d3bec
                                                                                                                                  0x032d3bef
                                                                                                                                  0x032d3bf6
                                                                                                                                  0x032d3bf9
                                                                                                                                  0x032d3c06
                                                                                                                                  0x032d3c0c
                                                                                                                                  0x032d3c12
                                                                                                                                  0x032d3c14
                                                                                                                                  0x032d3c15
                                                                                                                                  0x032d3c17
                                                                                                                                  0x032d3c18
                                                                                                                                  0x032d3c1d
                                                                                                                                  0x032d3c20
                                                                                                                                  0x032d3c31
                                                                                                                                  0x032d3c33
                                                                                                                                  0x032d3c45
                                                                                                                                  0x032d3c5c
                                                                                                                                  0x032d3c5e
                                                                                                                                  0x032d3c75
                                                                                                                                  0x032d3ca1
                                                                                                                                  0x032d3cb1
                                                                                                                                  0x032d3cb1
                                                                                                                                  0x032d3cb5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3ca6
                                                                                                                                  0x032d3ca6
                                                                                                                                  0x032d3cac
                                                                                                                                  0x032d3d1a
                                                                                                                                  0x032d3cb0
                                                                                                                                  0x032d3cb0
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3cb0
                                                                                                                                  0x032d3d1c
                                                                                                                                  0x032d3d1e
                                                                                                                                  0x032d3d1e
                                                                                                                                  0x032d3d21
                                                                                                                                  0x032d3d23
                                                                                                                                  0x032d3d25
                                                                                                                                  0x032d3d27
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3d2b
                                                                                                                                  0x032d3cae
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3cae
                                                                                                                                  0x032d3cb7
                                                                                                                                  0x032d3cba
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3cba
                                                                                                                                  0x032d3c78
                                                                                                                                  0x032d3c7e
                                                                                                                                  0x032d3c86
                                                                                                                                  0x032d3c8e
                                                                                                                                  0x032d3c92
                                                                                                                                  0x032d3c96
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3c9e
                                                                                                                                  0x032d3bfb
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3c00
                                                                                                                                  0x032d3bc2
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3bca
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3b6e
                                                                                                                                  0x032d3b6e
                                                                                                                                  0x032d3b70
                                                                                                                                  0x032d3b73
                                                                                                                                  0x032d3ccb
                                                                                                                                  0x032d3ccb
                                                                                                                                  0x032d3cd3
                                                                                                                                  0x032d3cd5
                                                                                                                                  0x032d3cd5
                                                                                                                                  0x032d3cdd
                                                                                                                                  0x032d3ce2
                                                                                                                                  0x032d3ce6
                                                                                                                                  0x032d3ceb
                                                                                                                                  0x032d3cf6
                                                                                                                                  0x032d3cfc
                                                                                                                                  0x032d3ce6
                                                                                                                                  0x032d3d00
                                                                                                                                  0x032d3d05
                                                                                                                                  0x032d3d0b
                                                                                                                                  0x00000000
                                                                                                                                  0x032d3d0b

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                  • Opcode ID: a5335b419539ba1c13e5832acb4b327dceee017395e28e6051bdbb677d7b5c20
                                                                                                                                  • Instruction ID: e8b4cf60afd2aa386a79ebdcbf657058973d1e8f004fe04e674bfaaf41ea138a
                                                                                                                                  • Opcode Fuzzy Hash: a5335b419539ba1c13e5832acb4b327dceee017395e28e6051bdbb677d7b5c20
                                                                                                                                  • Instruction Fuzzy Hash: 5161B87A920345DFDB20DF68D881BAAB7E8EF45710F14455AEA45EF240EBB099C0CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B17E0 Relevance: 13.6, APIs: 6, Strings: 3, Instructions: 82memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                  			E032B17E0(void* __ebx, void* __eflags, long _a8, intOrPtr _a12, void* _a16, intOrPtr _a20) {
				intOrPtr _v8;
				char _v12;
				void* __edi;
				void* __esi;
				void* _t12;
				void* _t13;
				CHAR* _t27;
				void** _t29;
				void* _t36;
				void* _t38;
				long _t41;
				void* _t43;
				void _t44;

				 *0x32efcd4 = _a16;
				 *0x32efcd8 = _a12;
				_t41 = _a8;
				 *0x32efcd0 = _t41;
				_t12 = E032AE6D0();
				if(_t12 != 0) {
					_t13 = GlobalAlloc(0x40, _t41);
					_t29 =  *0x32efcd4;
					_t38 = _t13;
					if(_t29 == 0) {
						L6:
						_push("error");
					} else {
						_t43 =  *_t29;
						if(_t43 == 0) {
							goto L6;
						} else {
							lstrcpyA(_t38, _t43 + 4);
							 *( *0x32efcd4) =  *_t43;
							GlobalFree(_t43);
							 *0x32ee1d8 = _a20;
							_v8 = 0;
							_v12 = E032B0E70(_t38) - 1;
							E032B7BE0(__ebx, _t38, _t43, E032AEAC0,  &_v12, 0);
							_t32 =  ==  ? "cancel" : "done";
							_push( ==  ? "cancel" : "done");
						}
					}
					E032B1000();
					_t12 = GlobalFree(_t38);
					goto L8;
				} else {
					if( *0x32efcd4 == _t12) {
						L8:
						return _t12;
					} else {
						_t44 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t4 = _t44 + 4; // 0x4
						_t27 = lstrcpynA(_t4, "error",  *0x32efcd0);
						_t36 =  *0x32efcd4;
						 *_t44 =  *_t36;
						 *_t36 = _t44;
						return _t27;
					}
				}
			}
















                                                                                                                                  0x032b17e9
                                                                                                                                  0x032b17f1
                                                                                                                                  0x032b17f7
                                                                                                                                  0x032b17fa
                                                                                                                                  0x032b1800
                                                                                                                                  0x032b1807
                                                                                                                                  0x032b1852
                                                                                                                                  0x032b1858
                                                                                                                                  0x032b185e
                                                                                                                                  0x032b1862
                                                                                                                                  0x032b18c0
                                                                                                                                  0x032b18c0
                                                                                                                                  0x032b1864
                                                                                                                                  0x032b1864
                                                                                                                                  0x032b1868
                                                                                                                                  0x00000000
                                                                                                                                  0x032b186a
                                                                                                                                  0x032b186f
                                                                                                                                  0x032b187d
                                                                                                                                  0x032b187f
                                                                                                                                  0x032b1889
                                                                                                                                  0x032b188e
                                                                                                                                  0x032b189b
                                                                                                                                  0x032b18a9
                                                                                                                                  0x032b18ba
                                                                                                                                  0x032b18bd
                                                                                                                                  0x032b18bd
                                                                                                                                  0x032b1868
                                                                                                                                  0x032b18c5
                                                                                                                                  0x032b18ce
                                                                                                                                  0x00000000
                                                                                                                                  0x032b1809
                                                                                                                                  0x032b180f
                                                                                                                                  0x032b18d5
                                                                                                                                  0x032b18d9
                                                                                                                                  0x032b1815
                                                                                                                                  0x032b182c
                                                                                                                                  0x032b1833
                                                                                                                                  0x032b1837
                                                                                                                                  0x032b183d
                                                                                                                                  0x032b1845
                                                                                                                                  0x032b1847
                                                                                                                                  0x032b184d
                                                                                                                                  0x032b184d
                                                                                                                                  0x032b180f

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032AE6D0: GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,032B1805), ref: 032AE6EF
                                                                                                                                    • Part of subcall function 032AE6D0: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,032B1805), ref: 032AE6F6
                                                                                                                                    • Part of subcall function 032AE6D0: LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 032AE70B
                                                                                                                                    • Part of subcall function 032AE6D0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 032AE73E
                                                                                                                                    • Part of subcall function 032AE6D0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,032B1805), ref: 032AE75D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B1820
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B1837
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B1852
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B186F
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B187F
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B18CE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFreeProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValuelstrcpylstrcpyn
                                                                                                                                  • String ID: cancel$done$error
                                                                                                                                  • API String ID: 1466949266-1769116972
                                                                                                                                  • Opcode ID: 951b249b8a037a6301b08e2db97f07a71c1fde591197d2a490331e99bea6b1d8
                                                                                                                                  • Instruction ID: 3db95c8432fb480b1329da146db1b1b4e04e45a6e6b50b324d27c3b235ad51cb
                                                                                                                                  • Opcode Fuzzy Hash: 951b249b8a037a6301b08e2db97f07a71c1fde591197d2a490331e99bea6b1d8
                                                                                                                                  • Instruction Fuzzy Hash: BA21D376611224EFD700EF68F95AAAE77B8FF4A741F118029ED05CB304DB31A850CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032CC6CB Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 265COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 77%
                                                                                                                                  			E032CC6CB(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				short _v706;
				signed int* _v708;
				signed int _v712;
				signed int _v716;
				signed int _v720;
				signed int* _v724;
				intOrPtr _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				signed int _v772;
				void* __esi;
				void* __ebp;
				signed int _t153;
				void* _t160;
				signed int _t163;
				signed int _t164;
				intOrPtr _t165;
				signed int _t168;
				signed int _t170;
				signed int _t171;
				signed int _t173;
				signed int _t176;
				signed int _t177;
				signed int _t181;
				signed int _t182;
				signed int _t184;
				signed int _t204;
				signed int _t206;
				signed int _t208;
				signed int _t213;
				signed int _t216;
				intOrPtr* _t224;
				intOrPtr* _t225;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr* _t238;
				signed int _t240;
				signed int* _t244;
				signed int _t245;
				void* _t252;
				signed int _t255;
				signed int _t257;
				signed int _t263;
				signed int _t265;
				signed int _t266;
				long _t267;
				signed int _t271;
				signed int* _t272;
				intOrPtr* _t273;
				short _t274;
				signed int _t275;
				void* _t277;
				void* _t278;
				void* _t279;

				_t153 =  *0x32ed474; // 0x444d31ba
				_v8 = _t153 ^ _t275;
				_push(__ebx);
				_t216 = _a8;
				_push(__edi);
				_t257 = _a4;
				_v736 = _t216;
				_v724 = E032CA3F1(__ecx, __edx) + 0x278;
				_t160 = E032CBD9E(_t216, __ecx, __edx, _t257, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55,  &_v712);
				_t278 = _t277 + 0x18;
				if(_t160 == 0) {
					L39:
					__eflags = 0;
					goto L40;
				} else {
					_t10 = _t216 + 2; // 0x6
					_t263 = _t10 << 4;
					_t163 =  &_v272;
					_v716 = _t263;
					_t224 =  *((intOrPtr*)(_t263 + _t257));
					while(1) {
						_v704 = _v704 & 0x00000000;
						_t265 = _v716;
						if( *_t163 !=  *_t224) {
							break;
						}
						if( *_t163 == 0) {
							L6:
							_t164 = _v704;
						} else {
							_t274 =  *((intOrPtr*)(_t163 + 2));
							_v706 = _t274;
							_t265 = _v716;
							if(_t274 !=  *((intOrPtr*)(_t224 + 2))) {
								break;
							} else {
								_t163 = _t163 + 4;
								_t224 = _t224 + 4;
								if(_v706 != 0) {
									continue;
								} else {
									goto L6;
								}
							}
						}
						L8:
						if(_t164 != 0) {
							_t225 =  &_v272;
							_t252 = _t225 + 2;
							do {
								_t165 =  *_t225;
								_t225 = _t225 + 2;
								__eflags = _t165 - _v704;
							} while (_t165 != _v704);
							_v720 = (_t225 - _t252 >> 1) + 1;
							_t168 = E032C9F34(_t225 - _t252 >> 1, 4 + ((_t225 - _t252 >> 1) + 1) * 2);
							_v732 = _t168;
							__eflags = _t168;
							if(_t168 == 0) {
								goto L39;
							} else {
								_v728 =  *((intOrPtr*)(_t265 + _t257));
								_v740 =  *(_t257 + 0xa0 + _t216 * 4);
								_v744 =  *(_t257 + 8);
								_t232 =  &_v272;
								_v708 = _t168 + 4;
								_t170 = E032CF103(_t168 + 4, _v720,  &_v272);
								_t279 = _t278 + 0xc;
								__eflags = _t170;
								if(_t170 != 0) {
									_t171 = _v704;
									_push(_t171);
									_push(_t171);
									_push(_t171);
									_push(_t171);
									_push(_t171);
									E032C9419();
									asm("int3");
									_push(_t275);
									_push(_t265);
									_t266 = _v772;
									__eflags = _t266;
									if(_t266 == 0) {
										L49:
										_t267 = _t266 * _a4;
										__eflags = _t267;
										if(_t267 == 0) {
											_t267 = _t267 + 1;
										}
										while(1) {
											_t173 = HeapAlloc( *0x32f3f70, 8, _t267);
											__eflags = _t173;
											if(_t173 != 0) {
												break;
											}
											__eflags = E032D3124();
											if(__eflags == 0) {
												goto L55;
											} else {
												_t176 = E032C7E58(_t232, __eflags, _t267);
												_pop(_t232);
												__eflags = _t176;
												if(__eflags == 0) {
													goto L55;
												} else {
													continue;
												}
											}
											goto L56;
										}
									} else {
										_t177 = 0xffffffe0;
										__eflags = _t177 / _t266 - _a4;
										if(__eflags < 0) {
											L55:
											 *((intOrPtr*)(E032C94C6(__eflags))) = 0xc;
											_t173 = 0;
											__eflags = 0;
										} else {
											goto L49;
										}
									}
									L56:
									return _t173;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t265 + _t257)) = _v708;
									if(_v272 != 0x43) {
										L17:
										_t181 = E032CBB0D(_t216, _t257,  &_v700);
										_t234 = _v704;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L17;
										} else {
											_t234 = _v704;
											_t181 = _t234;
										}
									}
									 *(_t257 + 0xa0 + _t216 * 4) = _t181;
									__eflags = _t216 - 2;
									if(_t216 != 2) {
										__eflags = _t216 - 1;
										if(_t216 != 1) {
											__eflags = _t216 - 5;
											if(_t216 == 5) {
												 *((intOrPtr*)(_t257 + 0x14)) = _v712;
											}
										} else {
											 *((intOrPtr*)(_t257 + 0x10)) = _v712;
										}
									} else {
										_t272 = _v724;
										_t255 = _t234;
										_t244 = _t272;
										 *(_t257 + 8) = _v712;
										_v708 = _t272;
										_v720 = _t272[8];
										_v712 = _t272[9];
										while(1) {
											__eflags =  *(_t257 + 8) -  *_t244;
											if( *(_t257 + 8) ==  *_t244) {
												break;
											}
											_t273 = _v708;
											_t255 = _t255 + 1;
											_t213 =  *_t244;
											 *_t273 = _v720;
											_v712 = _t244[1];
											_t244 = _t273 + 8;
											 *((intOrPtr*)(_t273 + 4)) = _v712;
											_t216 = _v736;
											_t272 = _v724;
											_v720 = _t213;
											_v708 = _t244;
											__eflags = _t255 - 5;
											if(_t255 < 5) {
												continue;
											} else {
											}
											L25:
											__eflags = _t255 - 5;
											if(__eflags == 0) {
												_t204 = E032D4217(_t216, _t255, _t257, _t272, __eflags, _v704, 1, 0x32e1138, 0x7f,  &_v528,  *(_t257 + 8), 1);
												_t279 = _t279 + 0x1c;
												__eflags = _t204;
												if(_t204 == 0) {
													_t245 = _v704;
												} else {
													_t206 = _v704;
													do {
														 *(_t275 + _t206 * 2 - 0x20c) =  *(_t275 + _t206 * 2 - 0x20c) & 0x000001ff;
														_t206 = _t206 + 1;
														__eflags = _t206 - 0x7f;
													} while (_t206 < 0x7f);
													_t208 = E032DAA65( &_v528,  *0x32ed61c, 0xfe);
													_t279 = _t279 + 0xc;
													__eflags = _t208;
													_t245 = 0 | _t208 == 0x00000000;
												}
												_t272[1] = _t245;
												 *_t272 =  *(_t257 + 8);
											}
											 *(_t257 + 0x18) = _t272[1];
											goto L37;
										}
										__eflags = _t255;
										if(_t255 != 0) {
											 *_t272 =  *(_t272 + _t255 * 8);
											_t272[1] =  *(_t272 + 4 + _t255 * 8);
											 *(_t272 + _t255 * 8) = _v720;
											 *(_t272 + 4 + _t255 * 8) = _v712;
										}
										goto L25;
									}
									L37:
									_t182 = _t216 * 0xc;
									_t106 = _t182 + 0x32e11c0; // 0x32cb8be
									 *0x32dc424(_t257);
									_t184 =  *((intOrPtr*)( *_t106))();
									_t237 = _v728;
									__eflags = _t184;
									if(_t184 == 0) {
										__eflags = _t237 - 0x32ed6e8;
										if(_t237 != 0x32ed6e8) {
											_t271 = _t216 + _t216;
											__eflags = _t271;
											asm("lock xadd [eax], ecx");
											if(_t271 != 0) {
												goto L44;
											} else {
												E032C9EFA( *((intOrPtr*)(_t257 + 0x28 + _t271 * 8)));
												E032C9EFA( *((intOrPtr*)(_t257 + 0x24 + _t271 * 8)));
												E032C9EFA( *(_t257 + 0xa0 + _t216 * 4));
												_t240 = _v704;
												 *(_v716 + _t257) = _t240;
												 *(_t257 + 0xa0 + _t216 * 4) = _t240;
											}
										}
										_t238 = _v732;
										 *_t238 = 1;
										 *((intOrPtr*)(_t257 + 0x28 + (_t216 + _t216) * 8)) = _t238;
									} else {
										 *((intOrPtr*)(_v716 + _t257)) = _t237;
										E032C9EFA( *(_t257 + 0xa0 + _t216 * 4));
										 *(_t257 + 0xa0 + _t216 * 4) = _v740;
										E032C9EFA(_v732);
										 *(_t257 + 8) = _v744;
										goto L39;
									}
									goto L40;
								}
							}
						} else {
							L40:
							return E032BD98D(_v8 ^ _t275);
						}
						goto L57;
					}
					asm("sbb eax, eax");
					_t164 = _t163 | 0x00000001;
					__eflags = _t164;
					goto L8;
				}
				L57:
			}

































































                                                                                                                                  0x032cc6d6
                                                                                                                                  0x032cc6dd
                                                                                                                                  0x032cc6e0
                                                                                                                                  0x032cc6e1
                                                                                                                                  0x032cc6e8
                                                                                                                                  0x032cc6e9
                                                                                                                                  0x032cc6ec
                                                                                                                                  0x032cc6fc
                                                                                                                                  0x032cc71f
                                                                                                                                  0x032cc724
                                                                                                                                  0x032cc729
                                                                                                                                  0x032cca01
                                                                                                                                  0x032cca01
                                                                                                                                  0x00000000
                                                                                                                                  0x032cc72f
                                                                                                                                  0x032cc72f
                                                                                                                                  0x032cc732
                                                                                                                                  0x032cc735
                                                                                                                                  0x032cc73b
                                                                                                                                  0x032cc744
                                                                                                                                  0x032cc746
                                                                                                                                  0x032cc749
                                                                                                                                  0x032cc753
                                                                                                                                  0x032cc759
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032cc75f
                                                                                                                                  0x032cc788
                                                                                                                                  0x032cc788
                                                                                                                                  0x032cc761
                                                                                                                                  0x032cc761
                                                                                                                                  0x032cc769
                                                                                                                                  0x032cc770
                                                                                                                                  0x032cc776
                                                                                                                                  0x00000000
                                                                                                                                  0x032cc778
                                                                                                                                  0x032cc778
                                                                                                                                  0x032cc77b
                                                                                                                                  0x032cc786
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032cc786
                                                                                                                                  0x032cc776
                                                                                                                                  0x032cc795
                                                                                                                                  0x032cc797
                                                                                                                                  0x032cc7a0
                                                                                                                                  0x032cc7a6
                                                                                                                                  0x032cc7a9
                                                                                                                                  0x032cc7a9
                                                                                                                                  0x032cc7ac
                                                                                                                                  0x032cc7af
                                                                                                                                  0x032cc7af
                                                                                                                                  0x032cc7bf
                                                                                                                                  0x032cc7cd
                                                                                                                                  0x032cc7d2
                                                                                                                                  0x032cc7d9
                                                                                                                                  0x032cc7db
                                                                                                                                  0x00000000
                                                                                                                                  0x032cc7e1
                                                                                                                                  0x032cc7e7
                                                                                                                                  0x032cc7f4
                                                                                                                                  0x032cc7fd
                                                                                                                                  0x032cc803
                                                                                                                                  0x032cc810
                                                                                                                                  0x032cc817
                                                                                                                                  0x032cc81c
                                                                                                                                  0x032cc81f
                                                                                                                                  0x032cc821
                                                                                                                                  0x032cca83
                                                                                                                                  0x032cca89
                                                                                                                                  0x032cca8a
                                                                                                                                  0x032cca8b
                                                                                                                                  0x032cca8c
                                                                                                                                  0x032cca8d
                                                                                                                                  0x032cca8e
                                                                                                                                  0x032cca93
                                                                                                                                  0x032cca96
                                                                                                                                  0x032cca99
                                                                                                                                  0x032cca9a
                                                                                                                                  0x032cca9d
                                                                                                                                  0x032cca9f
                                                                                                                                  0x032ccaad
                                                                                                                                  0x032ccaad
                                                                                                                                  0x032ccab1
                                                                                                                                  0x032ccab3
                                                                                                                                  0x032ccab5
                                                                                                                                  0x032ccab5
                                                                                                                                  0x032ccacc
                                                                                                                                  0x032ccad5
                                                                                                                                  0x032ccadb
                                                                                                                                  0x032ccadd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ccabd
                                                                                                                                  0x032ccabf
                                                                                                                                  0x00000000
                                                                                                                                  0x032ccac1
                                                                                                                                  0x032ccac2
                                                                                                                                  0x032ccac7
                                                                                                                                  0x032ccac8
                                                                                                                                  0x032ccaca
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ccaca
                                                                                                                                  0x00000000
                                                                                                                                  0x032ccabf
                                                                                                                                  0x032ccaa1
                                                                                                                                  0x032ccaa5
                                                                                                                                  0x032ccaa8
                                                                                                                                  0x032ccaab
                                                                                                                                  0x032ccae1
                                                                                                                                  0x032ccae6
                                                                                                                                  0x032ccaec
                                                                                                                                  0x032ccaec
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032ccaab
                                                                                                                                  0x032ccaee
                                                                                                                                  0x032ccaf0
                                                                                                                                  0x032cc827
                                                                                                                                  0x032cc827
                                                                                                                                  0x032cc835
                                                                                                                                  0x032cc838
                                                                                                                                  0x032cc84e
                                                                                                                                  0x032cc855
                                                                                                                                  0x032cc85b
                                                                                                                                  0x032cc83a
                                                                                                                                  0x032cc83a
                                                                                                                                  0x032cc842
                                                                                                                                  0x00000000
                                                                                                                                  0x032cc844
                                                                                                                                  0x032cc844
                                                                                                                                  0x032cc84a
                                                                                                                                  0x032cc84a
                                                                                                                                  0x032cc842
                                                                                                                                  0x032cc861
                                                                                                                                  0x032cc868
                                                                                                                                  0x032cc86b
                                                                                                                                  0x032cc98b
                                                                                                                                  0x032cc98e
                                                                                                                                  0x032cc99b
                                                                                                                                  0x032cc99e
                                                                                                                                  0x032cc9a6
                                                                                                                                  0x032cc9a6
                                                                                                                                  0x032cc990
                                                                                                                                  0x032cc996
                                                                                                                                  0x032cc996
                                                                                                                                  0x032cc871
                                                                                                                                  0x032cc871
                                                                                                                                  0x032cc877
                                                                                                                                  0x032cc87f
                                                                                                                                  0x032cc881
                                                                                                                                  0x032cc884
                                                                                                                                  0x032cc88d
                                                                                                                                  0x032cc896
                                                                                                                                  0x032cc89c
                                                                                                                                  0x032cc89f
                                                                                                                                  0x032cc8a1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032cc8a3
                                                                                                                                  0x032cc8a9
                                                                                                                                  0x032cc8aa
                                                                                                                                  0x032cc8b5
                                                                                                                                  0x032cc8bd
                                                                                                                                  0x032cc8c5
                                                                                                                                  0x032cc8c8
                                                                                                                                  0x032cc8cb
                                                                                                                                  0x032cc8d1
                                                                                                                                  0x032cc8d7
                                                                                                                                  0x032cc8dd
                                                                                                                                  0x032cc8e3
                                                                                                                                  0x032cc8e6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032cc8e8
                                                                                                                                  0x032cc90d
                                                                                                                                  0x032cc90d
                                                                                                                                  0x032cc910
                                                                                                                                  0x032cc92d
                                                                                                                                  0x032cc932
                                                                                                                                  0x032cc935
                                                                                                                                  0x032cc937
                                                                                                                                  0x032cc975
                                                                                                                                  0x032cc939
                                                                                                                                  0x032cc939
                                                                                                                                  0x032cc93f
                                                                                                                                  0x032cc944
                                                                                                                                  0x032cc94c
                                                                                                                                  0x032cc94d
                                                                                                                                  0x032cc94d
                                                                                                                                  0x032cc964
                                                                                                                                  0x032cc96b
                                                                                                                                  0x032cc96e
                                                                                                                                  0x032cc970
                                                                                                                                  0x032cc970
                                                                                                                                  0x032cc97b
                                                                                                                                  0x032cc981
                                                                                                                                  0x032cc981
                                                                                                                                  0x032cc986
                                                                                                                                  0x00000000
                                                                                                                                  0x032cc986
                                                                                                                                  0x032cc8ea
                                                                                                                                  0x032cc8ec
                                                                                                                                  0x032cc8f1
                                                                                                                                  0x032cc8f7
                                                                                                                                  0x032cc900
                                                                                                                                  0x032cc909
                                                                                                                                  0x032cc909
                                                                                                                                  0x00000000
                                                                                                                                  0x032cc8ec
                                                                                                                                  0x032cc9a9
                                                                                                                                  0x032cc9a9
                                                                                                                                  0x032cc9ad
                                                                                                                                  0x032cc9b5
                                                                                                                                  0x032cc9bb
                                                                                                                                  0x032cc9be
                                                                                                                                  0x032cc9c4
                                                                                                                                  0x032cc9c6
                                                                                                                                  0x032cca14
                                                                                                                                  0x032cca1a
                                                                                                                                  0x032cca21
                                                                                                                                  0x032cca21
                                                                                                                                  0x032cca27
                                                                                                                                  0x032cca2b
                                                                                                                                  0x00000000
                                                                                                                                  0x032cca2d
                                                                                                                                  0x032cca31
                                                                                                                                  0x032cca3a
                                                                                                                                  0x032cca46
                                                                                                                                  0x032cca54
                                                                                                                                  0x032cca5a
                                                                                                                                  0x032cca5d
                                                                                                                                  0x032cca5d
                                                                                                                                  0x032cca2b
                                                                                                                                  0x032cca6c
                                                                                                                                  0x032cca74
                                                                                                                                  0x032cca7d
                                                                                                                                  0x032cc9c8
                                                                                                                                  0x032cc9ce
                                                                                                                                  0x032cc9d8
                                                                                                                                  0x032cc9ea
                                                                                                                                  0x032cc9f1
                                                                                                                                  0x032cc9fe
                                                                                                                                  0x00000000
                                                                                                                                  0x032cc9fe
                                                                                                                                  0x00000000
                                                                                                                                  0x032cc9c6
                                                                                                                                  0x032cc821
                                                                                                                                  0x032cc799
                                                                                                                                  0x032cca03
                                                                                                                                  0x032cca13
                                                                                                                                  0x032cca13
                                                                                                                                  0x00000000
                                                                                                                                  0x032cc797
                                                                                                                                  0x032cc790
                                                                                                                                  0x032cc792
                                                                                                                                  0x032cc792
                                                                                                                                  0x00000000
                                                                                                                                  0x032cc792
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032CA3F1: GetLastError.KERNEL32(00000000,00000000,00000000,032D2CCB,00000000,?,032C9CEC,?), ref: 032CA3F6
                                                                                                                                    • Part of subcall function 032CA3F1: SetLastError.KERNEL32(00000000,00000008,000000FF,?,032C9CEC,?), ref: 032CA494
                                                                                                                                  • _memcmp.LIBVCRUNTIME ref: 032CC964
                                                                                                                                  • _free.LIBCMT ref: 032CC9D8
                                                                                                                                  • _free.LIBCMT ref: 032CC9F1
                                                                                                                                  • _free.LIBCMT ref: 032CCA31
                                                                                                                                  • _free.LIBCMT ref: 032CCA3A
                                                                                                                                  • _free.LIBCMT ref: 032CCA46
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorLast$_memcmp
                                                                                                                                  • String ID: C
                                                                                                                                  • API String ID: 4275183328-1037565863
                                                                                                                                  • Opcode ID: ad3e2e25dd6758f94f08628085542fe5753db5f30c940ceff54da3fc8d80a752
                                                                                                                                  • Instruction ID: 55a4343a480e75f50d986bbc6938c7dd39726a11db0521e7f525730f944564ef
                                                                                                                                  • Opcode Fuzzy Hash: ad3e2e25dd6758f94f08628085542fe5753db5f30c940ceff54da3fc8d80a752
                                                                                                                                  • Instruction Fuzzy Hash: 46B12B7592126A9BDB24DF18C888AADB3B4FB48304F1446EED84DA7350D771AED1CF80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BACA5 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 96sleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                  			E032BACA5(void* __edx, void* __esi) {
				long _t18;
				void* _t19;
				int _t20;
				void* _t22;
				char _t23;
				char _t24;
				char _t27;
				intOrPtr _t28;
				void* _t31;
				void* _t37;
				int _t38;
				void* _t40;
				void* _t42;

				_t40 = __esi;
				_t37 = __edx;
				0x32effdc->nLength = 0xc;
				 *0x32effe4 = 1;
				 *0x32effe0 = 0x32effe8;
				InitializeSecurityDescriptor(0x32effe8, 1);
				SetSecurityDescriptorDacl(0x32effe8, 1, 0, 0);
				_t31 = Sleep;
				_t38 = 0;
				while(1) {
					 *(_t40 + 8) = CreateEventA(0x32effdc, 0, 0, "Global\\ibaDongle");
					_t18 = GetLastError();
					if(_t18 != 0xb7 && _t18 != 5) {
						break;
					}
					_t19 =  *(_t40 + 8);
					if(_t19 != 0) {
						CloseHandle(_t19);
					}
					Sleep(0x64);
					_t38 = _t38 + 1;
					if(_t38 < 0x32) {
						continue;
					} else {
						_t20 = 0;
					}
					L8:
					 *(_t40 + 4) = 0;
					if(_t20 == 0) {
						 *(_t40 + 8) = 0xffffffff;
					} else {
						_t22 = L032BB3E0(_t40);
						_t55 = _t22;
						if(_t22 != 0) {
							__eflags =  *0x32ec004;
							if( *0x32ec004 == 0) {
								_t23 =  *0x32effd8;
								goto L18;
							} else {
								 *0x32ec004 = 0;
								_t27 = E032BD8A0();
								 *0x32effd8 = _t27;
								__eflags = _t27;
								if(_t27 != 0) {
									_t23 = E032BD7A0();
									 *0x32effd8 = _t23;
									L18:
									__eflags = _t23;
									if(_t23 != 0) {
										__eflags =  *(_t40 + 8) - 0xffffffff;
										if(__eflags != 0) {
											_push(0x14);
											_t24 = E032BD99E(__eflags);
											 *((intOrPtr*)(_t42 - 0x10)) = _t24;
											 *(_t42 - 4) = 3;
											__eflags = _t24;
											if(_t24 == 0) {
												goto L13;
											} else {
												 *(_t40 + 4) = E032BBF20(_t24, _t38, _t40);
											}
										} else {
											 *(_t40 + 4) = 0;
										}
									}
								}
							}
						} else {
							_push(0x18);
							_t28 = E032BD99E(_t55);
							 *((intOrPtr*)(_t42 - 0x10)) = _t28;
							 *(_t42 - 4) = 0;
							_t56 = _t28;
							if(_t28 == 0) {
								L13:
								 *(_t40 + 4) = 0;
							} else {
								 *(_t40 + 4) = E032BB260(_t31, _t28, _t37, _t38, _t56);
							}
						}
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t42 - 0xc));
					return _t40;
				}
				_t20 = 1;
				goto L8;
			}
















                                                                                                                                  0x032baca5
                                                                                                                                  0x032baca5
                                                                                                                                  0x032bacac
                                                                                                                                  0x032bacb6
                                                                                                                                  0x032bacc0
                                                                                                                                  0x032bacca
                                                                                                                                  0x032bacdb
                                                                                                                                  0x032bace1
                                                                                                                                  0x032bace7
                                                                                                                                  0x032bacf0
                                                                                                                                  0x032bad04
                                                                                                                                  0x032bad07
                                                                                                                                  0x032bad12
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bad19
                                                                                                                                  0x032bad1e
                                                                                                                                  0x032bad21
                                                                                                                                  0x032bad21
                                                                                                                                  0x032bad29
                                                                                                                                  0x032bad2b
                                                                                                                                  0x032bad2f
                                                                                                                                  0x00000000
                                                                                                                                  0x032bad31
                                                                                                                                  0x032bad31
                                                                                                                                  0x032bad31
                                                                                                                                  0x032bad33
                                                                                                                                  0x032bad33
                                                                                                                                  0x032bad3c
                                                                                                                                  0x032bade3
                                                                                                                                  0x032bad42
                                                                                                                                  0x032bad42
                                                                                                                                  0x032bad47
                                                                                                                                  0x032bad49
                                                                                                                                  0x032bad7d
                                                                                                                                  0x032bad84
                                                                                                                                  0x032bada7
                                                                                                                                  0x00000000
                                                                                                                                  0x032bad86
                                                                                                                                  0x032bad86
                                                                                                                                  0x032bad8d
                                                                                                                                  0x032bad92
                                                                                                                                  0x032bad97
                                                                                                                                  0x032bad99
                                                                                                                                  0x032bad9b
                                                                                                                                  0x032bada0
                                                                                                                                  0x032badac
                                                                                                                                  0x032badac
                                                                                                                                  0x032badae
                                                                                                                                  0x032badb0
                                                                                                                                  0x032badb4
                                                                                                                                  0x032badbf
                                                                                                                                  0x032badc1
                                                                                                                                  0x032badc9
                                                                                                                                  0x032badcc
                                                                                                                                  0x032badd3
                                                                                                                                  0x032badd5
                                                                                                                                  0x00000000
                                                                                                                                  0x032badd7
                                                                                                                                  0x032badde
                                                                                                                                  0x032badde
                                                                                                                                  0x032badb6
                                                                                                                                  0x032badb6
                                                                                                                                  0x032badb6
                                                                                                                                  0x032badb4
                                                                                                                                  0x032badae
                                                                                                                                  0x032bad99
                                                                                                                                  0x032bad4b
                                                                                                                                  0x032bad4b
                                                                                                                                  0x032bad4d
                                                                                                                                  0x032bad55
                                                                                                                                  0x032bad58
                                                                                                                                  0x032bad5f
                                                                                                                                  0x032bad61
                                                                                                                                  0x032bad76
                                                                                                                                  0x032bad78
                                                                                                                                  0x032bad63
                                                                                                                                  0x032bad6a
                                                                                                                                  0x032bad6a
                                                                                                                                  0x032bad61
                                                                                                                                  0x032bad49
                                                                                                                                  0x032badef
                                                                                                                                  0x032badfd
                                                                                                                                  0x032badfd
                                                                                                                                  0x032bad6f
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(032EFFE8,00000001), ref: 032BACCA
                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(032EFFE8,00000001,00000000,00000000), ref: 032BACDB
                                                                                                                                  • CreateEventA.KERNEL32(032EFFDC,00000000,00000000,Global\ibaDongle,444D31BA,?,?,00000000,?,00000000,032DBCDE,000000FF,?,032ACBE6,00000000,00000000), ref: 032BACFE
                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,?,00000000,032DBCDE,000000FF,?,032ACBE6,00000000,00000000,00000000,?,?,00000000,032ACD5E), ref: 032BAD07
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 032BAD21
                                                                                                                                  • Sleep.KERNEL32(00000064,?,?,00000000,?,00000000,032DBCDE,000000FF,?,032ACBE6,00000000,00000000,00000000,?,?,00000000), ref: 032BAD29
                                                                                                                                    • Part of subcall function 032BD8A0: LoadLibraryA.KERNELBASE(mpiwin32.dll,032BAD92), ref: 032BD8A5
                                                                                                                                    • Part of subcall function 032BD7A0: LoadLibraryA.KERNEL32(mpiwin32.dll,?,032BADA0), ref: 032BD7A6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DescriptorLibraryLoadSecurity$CloseCreateDaclErrorEventHandleInitializeLastSleep
                                                                                                                                  • String ID: Global\ibaDongle
                                                                                                                                  • API String ID: 955536651-1687497774
                                                                                                                                  • Opcode ID: 0150b3367824505dea9748dad75ca1f0b133dc6d282c9c5904266891133e8bcb
                                                                                                                                  • Instruction ID: 0f750e0074c2cb3588a19ec2732a18267831c22e9d6d44a80746e11da0ce7311
                                                                                                                                  • Opcode Fuzzy Hash: 0150b3367824505dea9748dad75ca1f0b133dc6d282c9c5904266891133e8bcb
                                                                                                                                  • Instruction Fuzzy Hash: 91318171A25303EEEB20EFA4EA0A7E977B0AB467D6F048469D556CF2D0E7B180C4C711
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AD860 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032AD860(intOrPtr _a4, intOrPtr _a8, int _a12, intOrPtr _a16, void* _a20, intOrPtr _a24) {
				CHAR* _t14;
				CHAR* _t18;
				CHAR* _t19;
				intOrPtr _t30;
				signed int _t33;
				void* _t35;
				CHAR* _t36;
				void _t39;
				void** _t40;
				void* _t42;

				_t30 = _a4;
				 *0x32efcc4 = _t30;
				if( *0x32efcc8 == 0) {
					 *0x32efccc = _a8;
					 *0x32efcd0 = _a12;
					 *0x32efcd4 = _a20;
					 *0x32efcd8 = _a16;
					_t14 =  *((intOrPtr*)( *((intOrPtr*)(_a24 + 0xc))))(_t30, E032AFFB0);
					 *0x32efcc8 = 1;
				}
				if( *0x32ef444 >= 0x80) {
					if( *0x32efcd4 != 0) {
						_t39 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t13 = _t39 + 4; // 0x4
						_t14 = lstrcpynA(_t13, "error",  *0x32efcd0);
						_t35 =  *0x32efcd4;
						 *_t39 =  *_t35;
						 *_t35 = _t39;
					}
					return _t14;
				} else {
					_t18 = GlobalAlloc(0x40, 0x104);
					_t33 =  *0x32ef444;
					_t36 = _t18;
					_t40 =  *0x32efcd4;
					 *(0x32ee440 + _t33 * 4) = _t36;
					if(_t40 != 0) {
						_t42 =  *_t40;
						if(_t42 != 0) {
							lstrcpyA(_t36, _t42 + 4);
							 *( *0x32efcd4) =  *_t42;
							GlobalFree(_t42);
							_t33 =  *0x32ef444;
						}
					}
					_t19 = CharLowerA( *(0x32ee440 + _t33 * 4));
					 *0x32ef444 =  *0x32ef444 + 1;
					return _t19;
				}
			}













                                                                                                                                  0x032ad86a
                                                                                                                                  0x032ad86d
                                                                                                                                  0x032ad873
                                                                                                                                  0x032ad878
                                                                                                                                  0x032ad880
                                                                                                                                  0x032ad888
                                                                                                                                  0x032ad890
                                                                                                                                  0x032ad8a1
                                                                                                                                  0x032ad8a3
                                                                                                                                  0x032ad8a3
                                                                                                                                  0x032ad8b8
                                                                                                                                  0x032ad924
                                                                                                                                  0x032ad93d
                                                                                                                                  0x032ad944
                                                                                                                                  0x032ad948
                                                                                                                                  0x032ad94e
                                                                                                                                  0x032ad956
                                                                                                                                  0x032ad958
                                                                                                                                  0x032ad958
                                                                                                                                  0x032ad95c
                                                                                                                                  0x032ad8ba
                                                                                                                                  0x032ad8c1
                                                                                                                                  0x032ad8c7
                                                                                                                                  0x032ad8cd
                                                                                                                                  0x032ad8cf
                                                                                                                                  0x032ad8d5
                                                                                                                                  0x032ad8de
                                                                                                                                  0x032ad8e0
                                                                                                                                  0x032ad8e4
                                                                                                                                  0x032ad8eb
                                                                                                                                  0x032ad8f9
                                                                                                                                  0x032ad8fb
                                                                                                                                  0x032ad901
                                                                                                                                  0x032ad901
                                                                                                                                  0x032ad8e4
                                                                                                                                  0x032ad90e
                                                                                                                                  0x032ad914
                                                                                                                                  0x032ad91c
                                                                                                                                  0x032ad91c

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000104,?,?,032B202D,?,?,?,?,?), ref: 032AD8C1
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?,?,?,032B202D,?,?,?,?,?), ref: 032AD8EB
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AD8FB
                                                                                                                                  • CharLowerA.USER32(?,?,032B202D,?,?,?,?,?), ref: 032AD90E
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,032B202D,?,?,?,?,?), ref: 032AD931
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error,?,?,032B202D,?,?,?,?,?), ref: 032AD948
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloc$CharFreeLowerlstrcpylstrcpyn
                                                                                                                                  • String ID: error
                                                                                                                                  • API String ID: 2833046303-1574812785
                                                                                                                                  • Opcode ID: 91182e07c932244dc7b9411c07bef4c6fc9da53de0c23c78e15908e2857957d0
                                                                                                                                  • Instruction ID: edb4d601e98b13d54f859623f3c055d038e449aa670b1130f6c98a66b6503d30
                                                                                                                                  • Opcode Fuzzy Hash: 91182e07c932244dc7b9411c07bef4c6fc9da53de0c23c78e15908e2857957d0
                                                                                                                                  • Instruction Fuzzy Hash: E73157B6605225EFC710EF68F65EA5977B4FB49701B12C029EE099B398CB31A850CF41
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00405DC8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00405DC8(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056C6(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405684("*?|<>/\":", _t5))) == 0) {
							E004057FE(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                                  0x00405dca
                                                                                                                                  0x00405dd2
                                                                                                                                  0x00405de6
                                                                                                                                  0x00405de6
                                                                                                                                  0x00405dec
                                                                                                                                  0x00405df9
                                                                                                                                  0x00405df9
                                                                                                                                  0x00405dfa
                                                                                                                                  0x00405dfc
                                                                                                                                  0x00405e00
                                                                                                                                  0x00405e02
                                                                                                                                  0x00405e0b
                                                                                                                                  0x00405e0d
                                                                                                                                  0x00405e27
                                                                                                                                  0x00405e2f
                                                                                                                                  0x00405e2f
                                                                                                                                  0x00405e34
                                                                                                                                  0x00405e36
                                                                                                                                  0x00405e38
                                                                                                                                  0x00405e3c
                                                                                                                                  0x00405e3d
                                                                                                                                  0x00405e40
                                                                                                                                  0x00405e48
                                                                                                                                  0x00405e4a
                                                                                                                                  0x00405e4e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405e54
                                                                                                                                  0x00405e59
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00405e59
                                                                                                                                  0x00405e5e

                                                                                                                                  APIs
                                                                                                                                  • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                                  • CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                                  • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                                  • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                  • String ID: "C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                  • API String ID: 589700163-935097701
                                                                                                                                  • Opcode ID: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                                                  • Instruction ID: 3b6179abbfe29fc78842bf11aa846075366cc437f950451d76d565b88bc2b460
                                                                                                                                  • Opcode Fuzzy Hash: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                                                  • Instruction Fuzzy Hash: A0110861805B9129EB3227284C48BBB7F89CF66754F18447FD8C4722C2C67C5D429FAD
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B1250 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 69memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032B1250(intOrPtr _a4, int _a8, intOrPtr _a12, void* _a16, intOrPtr _a20) {
				CHAR* _t13;
				CHAR* _t17;
				CHAR* _t18;
				signed int _t31;
				void* _t33;
				CHAR* _t34;
				void _t37;
				void** _t38;
				void* _t40;

				if( *0x32efcc8 == 0) {
					 *0x32efccc = _a4;
					 *0x32efcd0 = _a8;
					 *0x32efcd4 = _a16;
					 *0x32efcd8 = _a12;
					_t13 =  *((intOrPtr*)( *((intOrPtr*)(_a20 + 0xc))))( *0x32efcc4, E032AFFB0);
					 *0x32efcc8 = 1;
				}
				if( *0x32ef448 >= 0x80) {
					if( *0x32efcd4 != 0) {
						_t37 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t12 = _t37 + 4; // 0x4
						_t13 = lstrcpynA(_t12, "error",  *0x32efcd0);
						_t33 =  *0x32efcd4;
						 *_t37 =  *_t33;
						 *_t33 = _t37;
					}
					return _t13;
				} else {
					_t17 = GlobalAlloc(0x40, 0x104);
					_t31 =  *0x32ef448;
					_t34 = _t17;
					_t38 =  *0x32efcd4;
					 *(0x32ee640 + _t31 * 4) = _t34;
					if(_t38 != 0) {
						_t40 =  *_t38;
						if(_t40 != 0) {
							lstrcpyA(_t34, _t40 + 4);
							 *( *0x32efcd4) =  *_t40;
							GlobalFree(_t40);
							_t31 =  *0x32ef448;
						}
					}
					_t18 = CharLowerA( *(0x32ee640 + _t31 * 4));
					 *0x32ef448 =  *0x32ef448 + 1;
					return _t18;
				}
			}












                                                                                                                                  0x032b125a
                                                                                                                                  0x032b125f
                                                                                                                                  0x032b1267
                                                                                                                                  0x032b126f
                                                                                                                                  0x032b1277
                                                                                                                                  0x032b128d
                                                                                                                                  0x032b128f
                                                                                                                                  0x032b128f
                                                                                                                                  0x032b12a4
                                                                                                                                  0x032b1310
                                                                                                                                  0x032b1329
                                                                                                                                  0x032b1330
                                                                                                                                  0x032b1334
                                                                                                                                  0x032b133a
                                                                                                                                  0x032b1342
                                                                                                                                  0x032b1344
                                                                                                                                  0x032b1344
                                                                                                                                  0x032b1348
                                                                                                                                  0x032b12a6
                                                                                                                                  0x032b12ad
                                                                                                                                  0x032b12b3
                                                                                                                                  0x032b12b9
                                                                                                                                  0x032b12bb
                                                                                                                                  0x032b12c1
                                                                                                                                  0x032b12ca
                                                                                                                                  0x032b12cc
                                                                                                                                  0x032b12d0
                                                                                                                                  0x032b12d7
                                                                                                                                  0x032b12e5
                                                                                                                                  0x032b12e7
                                                                                                                                  0x032b12ed
                                                                                                                                  0x032b12ed
                                                                                                                                  0x032b12d0
                                                                                                                                  0x032b12fa
                                                                                                                                  0x032b1300
                                                                                                                                  0x032b1308
                                                                                                                                  0x032b1308

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000104), ref: 032B12AD
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B12D7
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B12E7
                                                                                                                                  • CharLowerA.USER32 ref: 032B12FA
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B131D
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B1334
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloc$CharFreeLowerlstrcpylstrcpyn
                                                                                                                                  • String ID: error
                                                                                                                                  • API String ID: 2833046303-1574812785
                                                                                                                                  • Opcode ID: fa44f13124249e6d9a78737e59a473c26cdf6e6a3557bfc4a0bfc1f428ddf9e7
                                                                                                                                  • Instruction ID: d2d2f03b02291068635712e3a4d71ef8c01cff6349f934dd23de3ca7c43a8d25
                                                                                                                                  • Opcode Fuzzy Hash: fa44f13124249e6d9a78737e59a473c26cdf6e6a3557bfc4a0bfc1f428ddf9e7
                                                                                                                                  • Instruction Fuzzy Hash: 5C215776501220EFC750EF68F68EA9977F4FB09711B12C419EE459B398CB31A890CF51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B1150 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 69memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032B1150(intOrPtr _a4, int _a8, intOrPtr _a12, void* _a16, intOrPtr _a20) {
				CHAR* _t13;
				CHAR* _t17;
				CHAR* _t18;
				signed int _t31;
				void* _t33;
				CHAR* _t34;
				void _t37;
				void** _t38;
				void* _t40;

				if( *0x32efcc8 == 0) {
					 *0x32efccc = _a4;
					 *0x32efcd0 = _a8;
					 *0x32efcd4 = _a16;
					 *0x32efcd8 = _a12;
					_t13 =  *((intOrPtr*)( *((intOrPtr*)(_a20 + 0xc))))( *0x32efcc4, E032AFFB0);
					 *0x32efcc8 = 1;
				}
				if( *0x32ef44c >= 0x80) {
					if( *0x32efcd4 != 0) {
						_t37 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t12 = _t37 + 4; // 0x4
						_t13 = lstrcpynA(_t12, "error",  *0x32efcd0);
						_t33 =  *0x32efcd4;
						 *_t37 =  *_t33;
						 *_t33 = _t37;
					}
					return _t13;
				} else {
					_t17 = GlobalAlloc(0x40, 0x104);
					_t31 =  *0x32ef44c;
					_t34 = _t17;
					_t38 =  *0x32efcd4;
					 *(0x32ee840 + _t31 * 4) = _t34;
					if(_t38 != 0) {
						_t40 =  *_t38;
						if(_t40 != 0) {
							lstrcpyA(_t34, _t40 + 4);
							 *( *0x32efcd4) =  *_t40;
							GlobalFree(_t40);
							_t31 =  *0x32ef44c;
						}
					}
					_t18 = CharLowerA( *(0x32ee840 + _t31 * 4));
					 *0x32ef44c =  *0x32ef44c + 1;
					return _t18;
				}
			}












                                                                                                                                  0x032b115a
                                                                                                                                  0x032b115f
                                                                                                                                  0x032b1167
                                                                                                                                  0x032b116f
                                                                                                                                  0x032b1177
                                                                                                                                  0x032b118d
                                                                                                                                  0x032b118f
                                                                                                                                  0x032b118f
                                                                                                                                  0x032b11a4
                                                                                                                                  0x032b1210
                                                                                                                                  0x032b1229
                                                                                                                                  0x032b1230
                                                                                                                                  0x032b1234
                                                                                                                                  0x032b123a
                                                                                                                                  0x032b1242
                                                                                                                                  0x032b1244
                                                                                                                                  0x032b1244
                                                                                                                                  0x032b1248
                                                                                                                                  0x032b11a6
                                                                                                                                  0x032b11ad
                                                                                                                                  0x032b11b3
                                                                                                                                  0x032b11b9
                                                                                                                                  0x032b11bb
                                                                                                                                  0x032b11c1
                                                                                                                                  0x032b11ca
                                                                                                                                  0x032b11cc
                                                                                                                                  0x032b11d0
                                                                                                                                  0x032b11d7
                                                                                                                                  0x032b11e5
                                                                                                                                  0x032b11e7
                                                                                                                                  0x032b11ed
                                                                                                                                  0x032b11ed
                                                                                                                                  0x032b11d0
                                                                                                                                  0x032b11fa
                                                                                                                                  0x032b1200
                                                                                                                                  0x032b1208
                                                                                                                                  0x032b1208

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000104), ref: 032B11AD
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B11D7
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B11E7
                                                                                                                                  • CharLowerA.USER32 ref: 032B11FA
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B121D
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B1234
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloc$CharFreeLowerlstrcpylstrcpyn
                                                                                                                                  • String ID: error
                                                                                                                                  • API String ID: 2833046303-1574812785
                                                                                                                                  • Opcode ID: 2c56fcfe9b515b2389a1f49be6d7318fac0af860c35de4a1ebc5af3ae2ceebb2
                                                                                                                                  • Instruction ID: ce2c3b20f3b822449f9f8a2cef3f82449ebd1b7d6204a352d97cbd6eae9ec981
                                                                                                                                  • Opcode Fuzzy Hash: 2c56fcfe9b515b2389a1f49be6d7318fac0af860c35de4a1ebc5af3ae2ceebb2
                                                                                                                                  • Instruction Fuzzy Hash: 29212776511220EFC710EF68FA4EA9977B4FB49741B16C419EE45DB398CB31A850CF41
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B15D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 69memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032B15D0(intOrPtr _a4, int _a8, intOrPtr _a12, void* _a16, intOrPtr _a20) {
				CHAR* _t13;
				CHAR* _t17;
				CHAR* _t18;
				signed int _t31;
				void* _t33;
				CHAR* _t34;
				void _t37;
				void** _t38;
				void* _t40;

				if( *0x32efcc8 == 0) {
					 *0x32efccc = _a4;
					 *0x32efcd0 = _a8;
					 *0x32efcd4 = _a16;
					 *0x32efcd8 = _a12;
					_t13 =  *((intOrPtr*)( *((intOrPtr*)(_a20 + 0xc))))( *0x32efcc4, E032AFFB0);
					 *0x32efcc8 = 1;
				}
				if( *0x32ef440 >= 0x80) {
					if( *0x32efcd4 != 0) {
						_t37 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
						_t12 = _t37 + 4; // 0x4
						_t13 = lstrcpynA(_t12, "error",  *0x32efcd0);
						_t33 =  *0x32efcd4;
						 *_t37 =  *_t33;
						 *_t33 = _t37;
					}
					return _t13;
				} else {
					_t17 = GlobalAlloc(0x40, 0x104);
					_t31 =  *0x32ef440;
					_t34 = _t17;
					_t38 =  *0x32efcd4;
					 *(0x32ee240 + _t31 * 4) = _t34;
					if(_t38 != 0) {
						_t40 =  *_t38;
						if(_t40 != 0) {
							lstrcpyA(_t34, _t40 + 4);
							 *( *0x32efcd4) =  *_t40;
							GlobalFree(_t40);
							_t31 =  *0x32ef440;
						}
					}
					_t18 = CharLowerA( *(0x32ee240 + _t31 * 4));
					 *0x32ef440 =  *0x32ef440 + 1;
					return _t18;
				}
			}












                                                                                                                                  0x032b15da
                                                                                                                                  0x032b15df
                                                                                                                                  0x032b15e7
                                                                                                                                  0x032b15ef
                                                                                                                                  0x032b15f7
                                                                                                                                  0x032b160d
                                                                                                                                  0x032b160f
                                                                                                                                  0x032b160f
                                                                                                                                  0x032b1624
                                                                                                                                  0x032b1690
                                                                                                                                  0x032b16a9
                                                                                                                                  0x032b16b0
                                                                                                                                  0x032b16b4
                                                                                                                                  0x032b16ba
                                                                                                                                  0x032b16c2
                                                                                                                                  0x032b16c4
                                                                                                                                  0x032b16c4
                                                                                                                                  0x032b16c8
                                                                                                                                  0x032b1626
                                                                                                                                  0x032b162d
                                                                                                                                  0x032b1633
                                                                                                                                  0x032b1639
                                                                                                                                  0x032b163b
                                                                                                                                  0x032b1641
                                                                                                                                  0x032b164a
                                                                                                                                  0x032b164c
                                                                                                                                  0x032b1650
                                                                                                                                  0x032b1657
                                                                                                                                  0x032b1665
                                                                                                                                  0x032b1667
                                                                                                                                  0x032b166d
                                                                                                                                  0x032b166d
                                                                                                                                  0x032b1650
                                                                                                                                  0x032b167a
                                                                                                                                  0x032b1680
                                                                                                                                  0x032b1688
                                                                                                                                  0x032b1688

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000104), ref: 032B162D
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032B1657
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B1667
                                                                                                                                  • CharLowerA.USER32 ref: 032B167A
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B169D
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B16B4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloc$CharFreeLowerlstrcpylstrcpyn
                                                                                                                                  • String ID: error
                                                                                                                                  • API String ID: 2833046303-1574812785
                                                                                                                                  • Opcode ID: 0394f09b030d4b72b6037e0fc2f1cdcac8fdd8b56dd406dae9fac0332429db6c
                                                                                                                                  • Instruction ID: d4f56b9a3f5fa5b0d0df5089a047ebf4a939c1b764d6a7c037fc8766820032f2
                                                                                                                                  • Opcode Fuzzy Hash: 0394f09b030d4b72b6037e0fc2f1cdcac8fdd8b56dd406dae9fac0332429db6c
                                                                                                                                  • Instruction Fuzzy Hash: E5215C76601220EFC710EF68FA4EA9977F4FB49740B16D419EE059B398CB31A8A0CF41
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D2519 Relevance: 12.2, APIs: 8, Instructions: 204COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                  			E032D2519(signed int __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v48;
				signed int _t59;
				signed int _t62;
				signed int _t64;
				signed int _t67;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t76;
				signed int* _t78;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed int _t91;
				intOrPtr* _t98;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				void* _t116;
				intOrPtr* _t120;
				signed int _t121;
				void* _t122;
				void* _t126;
				signed int _t130;
				signed int _t138;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t146;
				signed int _t149;
				signed int _t150;
				void* _t153;
				void* _t157;
				void* _t158;
				void* _t160;
				void* _t162;

				_t110 = __ebx;
				_t153 = _t157;
				_t158 = _t157 - 0x10;
				_t146 = _a4;
				_t163 = _t146;
				if(_t146 != 0) {
					_push(__ebx);
					_t141 = _t146;
					_t59 = E032BF0A0(_t146, 0x3d);
					_v20 = _t59;
					_pop(_t116);
					__eflags = _t59;
					if(__eflags == 0) {
						L38:
						 *((intOrPtr*)(E032C94C6(__eflags))) = 0x16;
						goto L39;
					} else {
						__eflags = _t59 - _t146;
						if(__eflags == 0) {
							goto L38;
						} else {
							_v5 =  *((intOrPtr*)(_t59 + 1));
							L60();
							_t110 = 0;
							__eflags =  *0x32f39f0 - _t110; // 0x6f59c0
							if(__eflags != 0) {
								L14:
								_t64 =  *0x32f39f0; // 0x6f59c0
								_v12 = _t64;
								__eflags = _t64;
								if(_t64 == 0) {
									goto L39;
								} else {
									_t67 = E032D2825(_t146, _v20 - _t146);
									_v16 = _t67;
									_t120 = _v12;
									__eflags = _t67;
									if(_t67 < 0) {
										L24:
										__eflags = _v5 - _t110;
										if(_v5 == _t110) {
											goto L40;
										} else {
											_t68 =  ~_t67;
											_v16 = _t68;
											_t30 = _t68 + 2; // 0x2
											_t139 = _t30;
											__eflags = _t139 - _t68;
											if(_t139 < _t68) {
												goto L39;
											} else {
												__eflags = _t139 - 0x3fffffff;
												if(_t139 >= 0x3fffffff) {
													goto L39;
												} else {
													_v12 = E032C94D9(_t120, _t139, 4);
													E032C9EFA(_t110);
													_t71 = _v12;
													_t158 = _t158 + 0x10;
													__eflags = _t71;
													if(_t71 == 0) {
														goto L39;
													} else {
														_t121 = _v16;
														_t141 = _t110;
														 *(_t71 + _t121 * 4) = _t146;
														 *(_t71 + 4 + _t121 * 4) = _t110;
														goto L29;
													}
												}
											}
										}
									} else {
										__eflags =  *_t120 - _t110;
										if( *_t120 == _t110) {
											goto L24;
										} else {
											E032C9EFA( *((intOrPtr*)(_t120 + _t67 * 4)));
											_t138 = _v16;
											__eflags = _v5 - _t110;
											if(_v5 != _t110) {
												_t141 = _t110;
												 *(_v12 + _t138 * 4) = _t146;
											} else {
												_t139 = _v12;
												while(1) {
													__eflags =  *((intOrPtr*)(_t139 + _t138 * 4)) - _t110;
													if( *((intOrPtr*)(_t139 + _t138 * 4)) == _t110) {
														break;
													}
													 *((intOrPtr*)(_t139 + _t138 * 4)) =  *((intOrPtr*)(_t139 + 4 + _t138 * 4));
													_t138 = _t138 + 1;
													__eflags = _t138;
												}
												_v16 = E032C94D9(_t139, _t138, 4);
												E032C9EFA(_t110);
												_t71 = _v16;
												_t158 = _t158 + 0x10;
												__eflags = _t71;
												if(_t71 != 0) {
													L29:
													 *0x32f39f0 = _t71;
												}
											}
											__eflags = _a8 - _t110;
											if(_a8 == _t110) {
												goto L40;
											} else {
												_t122 = _t146 + 1;
												do {
													_t72 =  *_t146;
													_t146 = _t146 + 1;
													__eflags = _t72;
												} while (_t72 != 0);
												_v16 = _t146 - _t122 + 2;
												_t149 = E032CCA94(_t122, _t146 - _t122 + 2, 1);
												_pop(_t124);
												__eflags = _t149;
												if(_t149 == 0) {
													L37:
													E032C9EFA(_t149);
													goto L40;
												} else {
													_t76 = E032C958A(_t149, _v16, _a4);
													_t160 = _t158 + 0xc;
													__eflags = _t76;
													if(__eflags != 0) {
														_push(_t110);
														_push(_t110);
														_push(_t110);
														_push(_t110);
														_push(_t110);
														E032C9419();
														asm("int3");
														_push(_t153);
														_push(_t141);
														_t143 = _v48;
														__eflags = _t143;
														if(_t143 != 0) {
															_t126 = 0;
															_t78 = _t143;
															__eflags =  *_t143;
															if( *_t143 != 0) {
																do {
																	_t78 =  &(_t78[1]);
																	_t126 = _t126 + 1;
																	__eflags =  *_t78;
																} while ( *_t78 != 0);
															}
															_t51 = _t126 + 1; // 0x2
															_t150 = E032CCA94(_t126, _t51, 4);
															_t128 = _t149;
															__eflags = _t150;
															if(_t150 == 0) {
																L58:
																E032C9546(_t110, _t128, _t139, _t143, _t150);
																goto L59;
															} else {
																_t130 =  *_t143;
																__eflags = _t130;
																if(_t130 == 0) {
																	L57:
																	E032C9EFA(0);
																	_t86 = _t150;
																	goto L45;
																} else {
																	_push(_t110);
																	_t110 = _t150 - _t143;
																	__eflags = _t110;
																	do {
																		_t52 = _t130 + 1; // 0x5
																		_t139 = _t52;
																		do {
																			_t87 =  *_t130;
																			_t130 = _t130 + 1;
																			__eflags = _t87;
																		} while (_t87 != 0);
																		_t53 = _t130 - _t139 + 1; // 0x6
																		_v12 = _t53;
																		 *(_t110 + _t143) = E032CCA94(_t130 - _t139, _t53, 1);
																		E032C9EFA(0);
																		_t162 = _t160 + 0xc;
																		__eflags =  *(_t110 + _t143);
																		if( *(_t110 + _t143) == 0) {
																			goto L58;
																		} else {
																			_t91 = E032C958A( *(_t110 + _t143), _v12,  *_t143);
																			_t160 = _t162 + 0xc;
																			__eflags = _t91;
																			if(_t91 != 0) {
																				L59:
																				_push(0);
																				_push(0);
																				_push(0);
																				_push(0);
																				_push(0);
																				E032C9419();
																				asm("int3");
																				_t84 =  *0x32f39f0; // 0x6f59c0
																				__eflags = _t84 -  *0x32f39fc; // 0x6f59c0
																				if(__eflags == 0) {
																					_push(_t84);
																					L43();
																					 *0x32f39f0 = _t84;
																					return _t84;
																				}
																				return _t84;
																			} else {
																				goto L55;
																			}
																		}
																		goto L63;
																		L55:
																		_t143 = _t143 + 4;
																		_t130 =  *_t143;
																		__eflags = _t130;
																	} while (_t130 != 0);
																	goto L57;
																}
															}
														} else {
															_t86 = 0;
															__eflags = 0;
															L45:
															return _t86;
														}
													} else {
														asm("sbb eax, eax");
														 *(_v20 + 1 + _t149 - _a4 - 1) = _t110;
														__eflags = E032D8535(_v20 + 1 + _t149 - _a4, _t139, __eflags, _t149,  ~_v5 & _v20 + 0x00000001 + _t149 - _a4);
														if(__eflags == 0) {
															_t98 = E032C94C6(__eflags);
															_t111 = _t110 | 0xffffffff;
															__eflags = _t111;
															 *_t98 = 0x2a;
														}
														goto L37;
													}
												}
											}
										}
									}
								}
							} else {
								__eflags = _a8;
								if(_a8 == 0) {
									L9:
									__eflags = _v5 - _t110;
									if(_v5 != _t110) {
										 *0x32f39f0 = E032CCA94(_t116, 1, 4);
										E032C9EFA(_t110);
										_t158 = _t158 + 0xc;
										__eflags =  *0x32f39f0 - _t110; // 0x6f59c0
										if(__eflags == 0) {
											L39:
											_t111 = _t110 | 0xffffffff;
											__eflags = _t111;
											goto L40;
										} else {
											__eflags =  *0x32f39f4 - _t110; // 0x0
											if(__eflags != 0) {
												goto L14;
											} else {
												 *0x32f39f4 = E032CCA94(_t116, 1, 4);
												E032C9EFA(_t110);
												_t158 = _t158 + 0xc;
												__eflags =  *0x32f39f4 - _t110; // 0x0
												if(__eflags == 0) {
													goto L39;
												} else {
													goto L14;
												}
											}
										}
									} else {
										_t111 = 0;
										L40:
										E032C9EFA(_t141);
										_t62 = _t111;
										goto L41;
									}
								} else {
									__eflags =  *0x32f39f4 - _t110; // 0x0
									if(__eflags == 0) {
										goto L9;
									} else {
										__eflags = L032C88D4(0);
										if(__eflags == 0) {
											goto L38;
										} else {
											L60();
											goto L14;
										}
									}
								}
							}
						}
					}
				} else {
					_t109 = E032C94C6(_t163);
					 *_t109 = 0x16;
					_t62 = _t109 | 0xffffffff;
					L41:
					return _t62;
				}
				L63:
			}











































                                                                                                                                  0x032d2519
                                                                                                                                  0x032d251c
                                                                                                                                  0x032d251e
                                                                                                                                  0x032d2522
                                                                                                                                  0x032d2525
                                                                                                                                  0x032d2527
                                                                                                                                  0x032d253c
                                                                                                                                  0x032d2541
                                                                                                                                  0x032d2543
                                                                                                                                  0x032d2548
                                                                                                                                  0x032d254c
                                                                                                                                  0x032d254d
                                                                                                                                  0x032d254f
                                                                                                                                  0x032d2730
                                                                                                                                  0x032d2735
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2555
                                                                                                                                  0x032d2555
                                                                                                                                  0x032d2557
                                                                                                                                  0x00000000
                                                                                                                                  0x032d255d
                                                                                                                                  0x032d2560
                                                                                                                                  0x032d2563
                                                                                                                                  0x032d2568
                                                                                                                                  0x032d256a
                                                                                                                                  0x032d2570
                                                                                                                                  0x032d25ed
                                                                                                                                  0x032d25ed
                                                                                                                                  0x032d25f2
                                                                                                                                  0x032d25f5
                                                                                                                                  0x032d25f7
                                                                                                                                  0x00000000
                                                                                                                                  0x032d25fd
                                                                                                                                  0x032d2604
                                                                                                                                  0x032d2609
                                                                                                                                  0x032d260e
                                                                                                                                  0x032d2611
                                                                                                                                  0x032d2613
                                                                                                                                  0x032d2664
                                                                                                                                  0x032d2664
                                                                                                                                  0x032d2667
                                                                                                                                  0x00000000
                                                                                                                                  0x032d266d
                                                                                                                                  0x032d266d
                                                                                                                                  0x032d266f
                                                                                                                                  0x032d2672
                                                                                                                                  0x032d2672
                                                                                                                                  0x032d2675
                                                                                                                                  0x032d2677
                                                                                                                                  0x00000000
                                                                                                                                  0x032d267d
                                                                                                                                  0x032d267d
                                                                                                                                  0x032d2683
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2689
                                                                                                                                  0x032d2693
                                                                                                                                  0x032d2696
                                                                                                                                  0x032d269b
                                                                                                                                  0x032d269e
                                                                                                                                  0x032d26a1
                                                                                                                                  0x032d26a3
                                                                                                                                  0x00000000
                                                                                                                                  0x032d26a9
                                                                                                                                  0x032d26a9
                                                                                                                                  0x032d26ac
                                                                                                                                  0x032d26ae
                                                                                                                                  0x032d26b1
                                                                                                                                  0x00000000
                                                                                                                                  0x032d26b1
                                                                                                                                  0x032d26a3
                                                                                                                                  0x032d2683
                                                                                                                                  0x032d2677
                                                                                                                                  0x032d2615
                                                                                                                                  0x032d2615
                                                                                                                                  0x032d2617
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2619
                                                                                                                                  0x032d261c
                                                                                                                                  0x032d2622
                                                                                                                                  0x032d2625
                                                                                                                                  0x032d2628
                                                                                                                                  0x032d265d
                                                                                                                                  0x032d265f
                                                                                                                                  0x032d262a
                                                                                                                                  0x032d262a
                                                                                                                                  0x032d2637
                                                                                                                                  0x032d2637
                                                                                                                                  0x032d263a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2633
                                                                                                                                  0x032d2636
                                                                                                                                  0x032d2636
                                                                                                                                  0x032d2636
                                                                                                                                  0x032d2646
                                                                                                                                  0x032d2649
                                                                                                                                  0x032d264e
                                                                                                                                  0x032d2651
                                                                                                                                  0x032d2654
                                                                                                                                  0x032d2656
                                                                                                                                  0x032d26b5
                                                                                                                                  0x032d26b5
                                                                                                                                  0x032d26b5
                                                                                                                                  0x032d2656
                                                                                                                                  0x032d26ba
                                                                                                                                  0x032d26bd
                                                                                                                                  0x00000000
                                                                                                                                  0x032d26bf
                                                                                                                                  0x032d26bf
                                                                                                                                  0x032d26c2
                                                                                                                                  0x032d26c2
                                                                                                                                  0x032d26c4
                                                                                                                                  0x032d26c5
                                                                                                                                  0x032d26c5
                                                                                                                                  0x032d26d1
                                                                                                                                  0x032d26d9
                                                                                                                                  0x032d26dc
                                                                                                                                  0x032d26dd
                                                                                                                                  0x032d26df
                                                                                                                                  0x032d2727
                                                                                                                                  0x032d2728
                                                                                                                                  0x00000000
                                                                                                                                  0x032d26e1
                                                                                                                                  0x032d26e8
                                                                                                                                  0x032d26ed
                                                                                                                                  0x032d26f0
                                                                                                                                  0x032d26f2
                                                                                                                                  0x032d274e
                                                                                                                                  0x032d274f
                                                                                                                                  0x032d2750
                                                                                                                                  0x032d2751
                                                                                                                                  0x032d2752
                                                                                                                                  0x032d2753
                                                                                                                                  0x032d2758
                                                                                                                                  0x032d275b
                                                                                                                                  0x032d275f
                                                                                                                                  0x032d2760
                                                                                                                                  0x032d2763
                                                                                                                                  0x032d2765
                                                                                                                                  0x032d276e
                                                                                                                                  0x032d2770
                                                                                                                                  0x032d2772
                                                                                                                                  0x032d2774
                                                                                                                                  0x032d2776
                                                                                                                                  0x032d2776
                                                                                                                                  0x032d2779
                                                                                                                                  0x032d277a
                                                                                                                                  0x032d277a
                                                                                                                                  0x032d2776
                                                                                                                                  0x032d2780
                                                                                                                                  0x032d278b
                                                                                                                                  0x032d278e
                                                                                                                                  0x032d278f
                                                                                                                                  0x032d2791
                                                                                                                                  0x032d27f9
                                                                                                                                  0x032d27f9
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2793
                                                                                                                                  0x032d2793
                                                                                                                                  0x032d2795
                                                                                                                                  0x032d2797
                                                                                                                                  0x032d27e9
                                                                                                                                  0x032d27eb
                                                                                                                                  0x032d27f1
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2799
                                                                                                                                  0x032d2799
                                                                                                                                  0x032d279c
                                                                                                                                  0x032d279c
                                                                                                                                  0x032d279e
                                                                                                                                  0x032d279e
                                                                                                                                  0x032d279e
                                                                                                                                  0x032d27a1
                                                                                                                                  0x032d27a1
                                                                                                                                  0x032d27a3
                                                                                                                                  0x032d27a4
                                                                                                                                  0x032d27a4
                                                                                                                                  0x032d27ac
                                                                                                                                  0x032d27b0
                                                                                                                                  0x032d27ba
                                                                                                                                  0x032d27bd
                                                                                                                                  0x032d27c2
                                                                                                                                  0x032d27c5
                                                                                                                                  0x032d27c9
                                                                                                                                  0x00000000
                                                                                                                                  0x032d27cb
                                                                                                                                  0x032d27d3
                                                                                                                                  0x032d27d8
                                                                                                                                  0x032d27db
                                                                                                                                  0x032d27dd
                                                                                                                                  0x032d27fe
                                                                                                                                  0x032d2800
                                                                                                                                  0x032d2801
                                                                                                                                  0x032d2802
                                                                                                                                  0x032d2803
                                                                                                                                  0x032d2804
                                                                                                                                  0x032d2805
                                                                                                                                  0x032d280a
                                                                                                                                  0x032d280b
                                                                                                                                  0x032d2810
                                                                                                                                  0x032d2816
                                                                                                                                  0x032d2818
                                                                                                                                  0x032d2819
                                                                                                                                  0x032d281f
                                                                                                                                  0x00000000
                                                                                                                                  0x032d281f
                                                                                                                                  0x032d2824
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d27dd
                                                                                                                                  0x00000000
                                                                                                                                  0x032d27df
                                                                                                                                  0x032d27df
                                                                                                                                  0x032d27e2
                                                                                                                                  0x032d27e4
                                                                                                                                  0x032d27e4
                                                                                                                                  0x00000000
                                                                                                                                  0x032d27e8
                                                                                                                                  0x032d2797
                                                                                                                                  0x032d2767
                                                                                                                                  0x032d2767
                                                                                                                                  0x032d2767
                                                                                                                                  0x032d2769
                                                                                                                                  0x032d276d
                                                                                                                                  0x032d276d
                                                                                                                                  0x032d26f4
                                                                                                                                  0x032d2705
                                                                                                                                  0x032d2709
                                                                                                                                  0x032d2715
                                                                                                                                  0x032d2717
                                                                                                                                  0x032d2719
                                                                                                                                  0x032d271e
                                                                                                                                  0x032d271e
                                                                                                                                  0x032d2721
                                                                                                                                  0x032d2721
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2717
                                                                                                                                  0x032d26f2
                                                                                                                                  0x032d26df
                                                                                                                                  0x032d26bd
                                                                                                                                  0x032d2617
                                                                                                                                  0x032d2613
                                                                                                                                  0x032d2572
                                                                                                                                  0x032d2572
                                                                                                                                  0x032d2575
                                                                                                                                  0x032d2593
                                                                                                                                  0x032d2593
                                                                                                                                  0x032d2596
                                                                                                                                  0x032d25a9
                                                                                                                                  0x032d25ae
                                                                                                                                  0x032d25b3
                                                                                                                                  0x032d25b6
                                                                                                                                  0x032d25bc
                                                                                                                                  0x032d273b
                                                                                                                                  0x032d273b
                                                                                                                                  0x032d273b
                                                                                                                                  0x00000000
                                                                                                                                  0x032d25c2
                                                                                                                                  0x032d25c2
                                                                                                                                  0x032d25c8
                                                                                                                                  0x00000000
                                                                                                                                  0x032d25ca
                                                                                                                                  0x032d25d4
                                                                                                                                  0x032d25d9
                                                                                                                                  0x032d25de
                                                                                                                                  0x032d25e1
                                                                                                                                  0x032d25e7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032d25e7
                                                                                                                                  0x032d25c8
                                                                                                                                  0x032d2598
                                                                                                                                  0x032d2598
                                                                                                                                  0x032d273e
                                                                                                                                  0x032d273f
                                                                                                                                  0x032d2746
                                                                                                                                  0x00000000
                                                                                                                                  0x032d2748
                                                                                                                                  0x032d2577
                                                                                                                                  0x032d2577
                                                                                                                                  0x032d257d
                                                                                                                                  0x00000000
                                                                                                                                  0x032d257f
                                                                                                                                  0x032d2584
                                                                                                                                  0x032d2586
                                                                                                                                  0x00000000
                                                                                                                                  0x032d258c
                                                                                                                                  0x032d258c
                                                                                                                                  0x00000000
                                                                                                                                  0x032d258c
                                                                                                                                  0x032d2586
                                                                                                                                  0x032d257d
                                                                                                                                  0x032d2575
                                                                                                                                  0x032d2570
                                                                                                                                  0x032d2557
                                                                                                                                  0x032d2529
                                                                                                                                  0x032d2529
                                                                                                                                  0x032d252e
                                                                                                                                  0x032d2534
                                                                                                                                  0x032d2749
                                                                                                                                  0x032d274d
                                                                                                                                  0x032d274d
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$___from_strstr_to_strchr
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3409252457-0
                                                                                                                                  • Opcode ID: c75557ef5089a5f16b9098bbce9ca9cc109a2b6dba02493a4019538d214ff5c2
                                                                                                                                  • Instruction ID: d6a1ca38df8880a08bcf0ff8ecbd8a7ddee0ce922712eba5f50f663d11f8f641
                                                                                                                                  • Opcode Fuzzy Hash: c75557ef5089a5f16b9098bbce9ca9cc109a2b6dba02493a4019538d214ff5c2
                                                                                                                                  • Instruction Fuzzy Hash: 4F51D875975346EFDB24EF789980E6DB7B8EF01310F048A6ED5649B180EB7185C1CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AF7B0 Relevance: 12.1, APIs: 7, Strings: 1, Instructions: 71stringmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                  			E032AF7B0(void* __ecx, intOrPtr* _a4) {
				CHAR* _v8;
				intOrPtr* _t10;
				signed int _t20;
				void* _t28;
				void* _t33;
				void* _t35;
				void** _t42;
				void* _t43;
				void _t44;

				_t35 = 0;
				_t28 = GlobalAlloc(0x40,  *0x32efcd0);
				_t10 = _a4;
				_t2 = _t10 + 0xc; // 0xffffffff
				_v8 =  *_t2;
				if( *0x32efcd4 != 0) {
					_t44 = GlobalAlloc(0x40,  *0x32efcd0 + 8);
					_t5 = _t44 + 4; // 0x4
					lstrcpynA(_t5, _v8,  *0x32efcd0);
					_t33 =  *0x32efcd4;
					 *_t44 =  *_t33;
					_t10 = _a4;
					 *_t33 = _t44;
				}
				_push( *0x32efccc);
				_push( *_t10);
				if( *((intOrPtr*)( *((intOrPtr*)( *0x32ee1d8 + 4))))() == 0) {
					_t42 =  *0x32efcd4;
					if(_t42 != 0) {
						_t43 =  *_t42;
						if(_t43 != 0) {
							lstrcpyA(_t28, _t43 + 4);
							 *( *0x32efcd4) =  *_t43;
							GlobalFree(_t43);
							_t20 = lstrcmpiA(_t28, "true");
							asm("sbb edi, edi");
							_t35 =  ~_t20 + 1;
						}
					}
				}
				GlobalFree(_t28);
				return _t35;
			}












                                                                                                                                  0x032af7c3
                                                                                                                                  0x032af7c9
                                                                                                                                  0x032af7cb
                                                                                                                                  0x032af7ce
                                                                                                                                  0x032af7d1
                                                                                                                                  0x032af7da
                                                                                                                                  0x032af7ef
                                                                                                                                  0x032af7f4
                                                                                                                                  0x032af7f8
                                                                                                                                  0x032af7fe
                                                                                                                                  0x032af806
                                                                                                                                  0x032af808
                                                                                                                                  0x032af80b
                                                                                                                                  0x032af80b
                                                                                                                                  0x032af80d
                                                                                                                                  0x032af813
                                                                                                                                  0x032af821
                                                                                                                                  0x032af823
                                                                                                                                  0x032af82b
                                                                                                                                  0x032af82d
                                                                                                                                  0x032af831
                                                                                                                                  0x032af838
                                                                                                                                  0x032af846
                                                                                                                                  0x032af848
                                                                                                                                  0x032af854
                                                                                                                                  0x032af85e
                                                                                                                                  0x032af860
                                                                                                                                  0x032af860
                                                                                                                                  0x032af831
                                                                                                                                  0x032af82b
                                                                                                                                  0x032af862
                                                                                                                                  0x032af870

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,?,?,?,032AD7FF,?), ref: 032AF7C7
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,032AD7FF,?), ref: 032AF7E7
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,?,?,?,032AD7FF,?), ref: 032AF7F8
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,00000000,?,?,032AD7FF,?), ref: 032AF838
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF848
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,true,?,?,032AD7FF,?), ref: 032AF854
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AF862
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFree$lstrcmpilstrcpylstrcpyn
                                                                                                                                  • String ID: true
                                                                                                                                  • API String ID: 3070573648-4261170317
                                                                                                                                  • Opcode ID: 33d37eafbb793ccdef45c101bc3d009b71568676b97e5d16137af38b15669446
                                                                                                                                  • Instruction ID: ea372dcbcdaf97a64938d9e4d0690eee264c8c3b3c50b33046b1b7934781e2fd
                                                                                                                                  • Opcode Fuzzy Hash: 33d37eafbb793ccdef45c101bc3d009b71568676b97e5d16137af38b15669446
                                                                                                                                  • Instruction Fuzzy Hash: 02216D76A01624BFC710EF69FD4DC1ABBA8FB89B117158055FD05DB318CA32AC10CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00403F7F Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00403F7F(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                                                  0x00403f91
                                                                                                                                  0x00404025
                                                                                                                                  0x00000000
                                                                                                                                  0x00404025
                                                                                                                                  0x00403fa2
                                                                                                                                  0x00403fa6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403fac
                                                                                                                                  0x00403fb5
                                                                                                                                  0x00403fb8
                                                                                                                                  0x00403fb8
                                                                                                                                  0x00403fbe
                                                                                                                                  0x00403fc4
                                                                                                                                  0x00403fc4
                                                                                                                                  0x00403fd0
                                                                                                                                  0x00403fd6
                                                                                                                                  0x00403fdd
                                                                                                                                  0x00403fe0
                                                                                                                                  0x00403fe3
                                                                                                                                  0x00403fe5
                                                                                                                                  0x00403fe5
                                                                                                                                  0x00403fed
                                                                                                                                  0x00403ff3
                                                                                                                                  0x00403ff3
                                                                                                                                  0x00403ffd
                                                                                                                                  0x00404002
                                                                                                                                  0x00404005
                                                                                                                                  0x0040400a
                                                                                                                                  0x0040400d
                                                                                                                                  0x0040400d
                                                                                                                                  0x0040401d
                                                                                                                                  0x0040401d
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                  • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                                  • Instruction ID: 4cc26f8bf5fc777f430f8318c3ba194748f169832e683f7fcd21add738ba3f9d
                                                                                                                                  • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                                  • Instruction Fuzzy Hash: C221C371904705ABCB209F78DD08B4BBBF8AF40711F048A29F992F26E0C738E904CB55
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BFA00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 29%
                                                                                                                                  			E032BFA00(void* __ebx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				int _v32;
				void* _v36;
				void* _v40;
				char* __edi;
				intOrPtr* __esi;
				signed int _t145;
				int _t148;
				signed int _t155;
				intOrPtr _t156;
				void* _t157;
				intOrPtr* _t158;
				intOrPtr _t160;
				void* _t163;
				signed int _t165;
				void _t173;
				void _t174;
				int _t176;
				unsigned int _t177;
				int _t178;
				int _t189;
				intOrPtr _t193;
				intOrPtr _t195;
				signed int _t197;
				char _t199;
				int _t203;
				unsigned int _t204;
				int _t205;
				int _t207;
				int _t212;
				signed int _t224;
				unsigned int _t228;
				int _t229;
				int _t231;
				signed int _t237;
				void* _t239;
				intOrPtr _t240;
				void* _t242;
				signed int _t250;
				intOrPtr _t257;
				void* _t259;
				void* _t262;
				void* _t263;
				void* _t264;
				intOrPtr* _t266;
				int _t270;
				void* _t274;
				void* _t276;
				void* _t286;

				_t193 = _a8;
				_push(_t239);
				_v5 = 0;
				_t257 = _t193 + 0x10;
				_t145 =  *(_t193 + 8) ^  *0x32ed474;
				_push(_t257);
				_push(_t145);
				_v16 = 1;
				_v20 = _t257;
				_v12 = _t145;
				E032BF9C0(_t239, _t257);
				E032C13BC(_a12);
				_t148 = _a4;
				_t276 = _t274 - 0x1c + 0xc;
				_t240 =  *((intOrPtr*)(_t193 + 0xc));
				if(( *(_t148 + 4) & 0x00000066) != 0) {
					__eflags = _t240 - 0xfffffffe;
					if(_t240 != 0xfffffffe) {
						E032C1570(_t193, 0xfffffffe, _t257, 0x32ed474);
						goto L14;
					}
					goto L15;
				} else {
					_v32 = _t148;
					_v28 = _a12;
					 *((intOrPtr*)(_t193 - 4)) =  &_v32;
					if(_t240 == 0xfffffffe) {
						L15:
						return _v16;
					} else {
						do {
							_t197 = _v12;
							_t20 = _t240 + 2; // 0x3
							_t155 = _t240 + _t20 * 2;
							_t195 =  *((intOrPtr*)(_t197 + _t155 * 4));
							_t156 = _t197 + _t155 * 4;
							_t198 =  *((intOrPtr*)(_t156 + 4));
							_v24 = _t156;
							if( *((intOrPtr*)(_t156 + 4)) == 0) {
								_t199 = _v5;
								goto L8;
							} else {
								_t157 = E032C1520(_t198, _t257);
								_t199 = 1;
								_v5 = 1;
								_t286 = _t157;
								if(_t286 < 0) {
									_v16 = 0;
									L14:
									_push(_t257);
									_push(_v12);
									E032BF9C0(_t240, _t257);
									goto L15;
								} else {
									if(_t286 > 0) {
										_t158 = _a4;
										__eflags =  *_t158 - 0xe06d7363;
										if( *_t158 == 0xe06d7363) {
											__eflags =  *0x32dfa44;
											if(__eflags != 0) {
												_t189 = E032DA420(__eflags, 0x32dfa44);
												_t276 = _t276 + 4;
												__eflags = _t189;
												if(_t189 != 0) {
													_t270 =  *0x32dfa44; // 0x32c0141
													 *0x32dc424(_a4, 1);
													 *_t270();
													_t257 = _v20;
													_t276 = _t276 + 8;
												}
												_t158 = _a4;
											}
										}
										E032C1554(_t158, _a8, _t158);
										_t160 = _a8;
										__eflags =  *((intOrPtr*)(_t160 + 0xc)) - _t240;
										if( *((intOrPtr*)(_t160 + 0xc)) != _t240) {
											E032C1570(_t160, _t240, _t257, 0x32ed474);
											_t160 = _a8;
										}
										_push(_t257);
										_push(_v12);
										 *((intOrPtr*)(_t160 + 0xc)) = _t195;
										E032BF9C0(_t240, _t257);
										E032C1538();
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t240);
										_push(_t257);
										_t259 = _v36;
										_t203 = _v32;
										_t242 = _v40;
										_t163 = _t259 + _t203;
										__eflags = _t242 - _t259;
										if(_t242 <= _t259) {
											L26:
											__eflags = _t203 - 0x20;
											if(_t203 < 0x20) {
												L97:
												_t204 = _t203 & 0x0000001f;
												__eflags = _t204;
												if(_t204 != 0) {
													_t165 = _t204;
													_t205 = _t204 >> 2;
													__eflags = _t205;
													while(_t205 != 0) {
														 *_t242 =  *_t259;
														_t242 = _t242 + 4;
														_t259 = _t259 + 4;
														_t205 = _t205 - 1;
														__eflags = _t205;
													}
													_t207 = _t165 & 0x00000003;
													__eflags = _t207;
													while(_t207 != 0) {
														 *_t242 =  *_t259;
														_t259 = _t259 + 1;
														_t242 = _t242 + 1;
														_t207 = _t207 - 1;
														__eflags = _t207;
													}
												}
												goto L103;
											} else {
												__eflags = _t203 - 0x80;
												if(__eflags >= 0) {
													asm("bt dword [0x32f37d8], 0x1");
													if(__eflags >= 0) {
														__eflags = (_t242 ^ _t259) & 0x0000000f;
														if(__eflags != 0) {
															L34:
															asm("bt dword [0x32f37d8], 0x0");
															if(__eflags >= 0) {
																goto L59;
															} else {
																__eflags = _t242 & 0x00000003;
																if((_t242 & 0x00000003) != 0) {
																	goto L59;
																} else {
																	__eflags = _t259 & 0x00000003;
																	if(__eflags == 0) {
																		asm("bt edi, 0x2");
																		if(__eflags < 0) {
																			_t174 =  *_t259;
																			_t203 = _t203 - 4;
																			__eflags = _t203;
																			_t259 = _t259 + 4;
																			 *_t242 = _t174;
																			_t242 = _t242 + 4;
																		}
																		asm("bt edi, 0x3");
																		if(__eflags < 0) {
																			asm("movq xmm1, [esi]");
																			_t203 = _t203 - 8;
																			__eflags = _t203;
																			_t259 = _t259 + 8;
																			asm("movq [edi], xmm1");
																			_t242 = _t242 + 8;
																		}
																		__eflags = _t259 & 0x00000007;
																		if(__eflags == 0) {
																			asm("movdqa xmm1, [esi-0x8]");
																			_t262 = _t259 - 8;
																			do {
																				asm("movdqa xmm3, [esi+0x10]");
																				_t203 = _t203 - 0x30;
																				asm("movdqa xmm0, [esi+0x20]");
																				asm("movdqa xmm5, [esi+0x30]");
																				_t262 = _t262 + 0x30;
																				__eflags = _t203 - 0x30;
																				asm("movdqa xmm2, xmm3");
																				asm("palignr xmm3, xmm1, 0x8");
																				asm("movdqa [edi], xmm3");
																				asm("movdqa xmm4, xmm0");
																				asm("palignr xmm0, xmm2, 0x8");
																				asm("movdqa [edi+0x10], xmm0");
																				asm("movdqa xmm1, xmm5");
																				asm("palignr xmm5, xmm4, 0x8");
																				asm("movdqa [edi+0x20], xmm5");
																				_t242 = _t242 + 0x30;
																			} while (_t203 >= 0x30);
																			_t259 = _t262 + 8;
																		} else {
																			asm("bt esi, 0x3");
																			if(__eflags >= 0) {
																				asm("movdqa xmm1, [esi-0x4]");
																				_t263 = _t259 - 4;
																				do {
																					asm("movdqa xmm3, [esi+0x10]");
																					_t203 = _t203 - 0x30;
																					asm("movdqa xmm0, [esi+0x20]");
																					asm("movdqa xmm5, [esi+0x30]");
																					_t263 = _t263 + 0x30;
																					__eflags = _t203 - 0x30;
																					asm("movdqa xmm2, xmm3");
																					asm("palignr xmm3, xmm1, 0x4");
																					asm("movdqa [edi], xmm3");
																					asm("movdqa xmm4, xmm0");
																					asm("palignr xmm0, xmm2, 0x4");
																					asm("movdqa [edi+0x10], xmm0");
																					asm("movdqa xmm1, xmm5");
																					asm("palignr xmm5, xmm4, 0x4");
																					asm("movdqa [edi+0x20], xmm5");
																					_t242 = _t242 + 0x30;
																				} while (_t203 >= 0x30);
																				_t259 = _t263 + 4;
																				while(1) {
																					L52:
																					__eflags = _t203 - 0x10;
																					if(__eflags < 0) {
																						break;
																					}
																					asm("movdqu xmm1, [esi]");
																					_t203 = _t203 - 0x10;
																					_t259 = _t259 + 0x10;
																					asm("movdqa [edi], xmm1");
																					_t242 = _t242 + 0x10;
																				}
																				asm("bt ecx, 0x2");
																				if(__eflags < 0) {
																					_t173 =  *_t259;
																					_t203 = _t203 - 4;
																					__eflags = _t203;
																					_t259 = _t259 + 4;
																					 *_t242 = _t173;
																					_t242 = _t242 + 4;
																				}
																				asm("bt ecx, 0x3");
																				if(__eflags < 0) {
																					asm("movq xmm1, [esi]");
																					__eflags = _t203;
																					_t259 = _t259 + 8;
																					asm("movq [edi], xmm1");
																					_t242 = _t242 + 8;
																				}
																				goto __eax;
																			}
																			asm("movdqa xmm1, [esi-0xc]");
																			_t264 = _t259 - 0xc;
																			do {
																				asm("movdqa xmm3, [esi+0x10]");
																				_t203 = _t203 - 0x30;
																				asm("movdqa xmm0, [esi+0x20]");
																				asm("movdqa xmm5, [esi+0x30]");
																				_t264 = _t264 + 0x30;
																				__eflags = _t203 - 0x30;
																				asm("movdqa xmm2, xmm3");
																				asm("palignr xmm3, xmm1, 0xc");
																				asm("movdqa [edi], xmm3");
																				asm("movdqa xmm4, xmm0");
																				asm("palignr xmm0, xmm2, 0xc");
																				asm("movdqa [edi+0x10], xmm0");
																				asm("movdqa xmm1, xmm5");
																				asm("palignr xmm5, xmm4, 0xc");
																				asm("movdqa [edi+0x20], xmm5");
																				_t242 = _t242 + 0x30;
																			} while (_t203 >= 0x30);
																			_t259 = _t264 + 0xc;
																		}
																		goto L52;
																	}
																}
															}
															goto L61;
														} else {
															asm("bt dword [0x32ed490], 0x1");
															if(__eflags < 0) {
																_t176 = _t259 & 0x0000000f;
																__eflags = _t176;
																if(_t176 != 0) {
																	_push(_t203 - 0x10);
																	_t177 = 0x10 - _t176;
																	_t212 = _t177 & 0x00000003;
																	__eflags = _t212;
																	while(_t212 != 0) {
																		 *_t242 =  *_t259;
																		_t259 = _t259 + 1;
																		_t242 = _t242 + 1;
																		_t212 = _t212 - 1;
																		__eflags = _t212;
																	}
																	_t178 = _t177 >> 2;
																	__eflags = _t178;
																	while(_t178 != 0) {
																		 *_t242 =  *_t259;
																		_t259 = _t259 + 4;
																		_t242 = _t242 + 4;
																		_t178 = _t178 - 1;
																		__eflags = _t178;
																	}
																	_pop(_t203);
																}
																_t228 = _t203;
																_t203 = _t203 & 0x0000007f;
																_t229 = _t228 >> 7;
																__eflags = _t229;
																while(_t229 != 0) {
																	asm("movdqa xmm0, [esi]");
																	asm("movdqa xmm1, [esi+0x10]");
																	asm("movdqa xmm2, [esi+0x20]");
																	asm("movdqa xmm3, [esi+0x30]");
																	asm("movdqa [edi], xmm0");
																	asm("movdqa [edi+0x10], xmm1");
																	asm("movdqa [edi+0x20], xmm2");
																	asm("movdqa [edi+0x30], xmm3");
																	asm("movdqa xmm4, [esi+0x40]");
																	asm("movdqa xmm5, [esi+0x50]");
																	asm("movdqa xmm6, [esi+0x60]");
																	asm("movdqa xmm7, [esi+0x70]");
																	asm("movdqa [edi+0x40], xmm4");
																	asm("movdqa [edi+0x50], xmm5");
																	asm("movdqa [edi+0x60], xmm6");
																	asm("movdqa [edi+0x70], xmm7");
																	_t259 = _t259 + 0x80;
																	_t242 = _t242 + 0x80;
																	_t229 = _t229 - 1;
																	__eflags = _t229;
																}
																goto L93;
															} else {
																goto L34;
															}
														}
													} else {
														memcpy(_t242, _t259, _t203);
														return _v40;
													}
												} else {
													asm("bt dword [0x32ed490], 0x1");
													if(__eflags < 0) {
														L93:
														__eflags = _t203;
														if(_t203 != 0) {
															_t231 = _t203 >> 5;
															__eflags = _t231;
															if(_t231 != 0) {
																do {
																	asm("movdqu xmm0, [esi]");
																	asm("movdqu xmm1, [esi+0x10]");
																	asm("movdqu [edi], xmm0");
																	asm("movdqu [edi+0x10], xmm1");
																	_t259 = _t259 + 0x20;
																	_t242 = _t242 + 0x20;
																	_t231 = _t231 - 1;
																	__eflags = _t231;
																} while (_t231 != 0);
															}
															goto L97;
														}
														L103:
														return _v40;
													} else {
														L59:
														__eflags = _t242 & 0x00000003;
														while((_t242 & 0x00000003) != 0) {
															 *_t242 =  *_t259;
															_t203 = _t203 - 1;
															_t259 = _t259 + 1;
															_t242 = _t242 + 1;
															__eflags = _t242 & 0x00000003;
														}
														L61:
														_t224 = _t203;
														__eflags = _t203 - 0x20;
														if(_t203 < 0x20) {
															goto L97;
														} else {
															memcpy(_t242, _t259, _t203 >> 2 << 2);
															switch( *((intOrPtr*)((_t224 & 0x00000003) * 4 +  &M032BFDC4))) {
																case 0:
																	return _v40;
																	goto L109;
																case 1:
																	 *__edi =  *__esi;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L109;
																case 2:
																	 *__edi =  *__esi;
																	_t91 = __esi + 1; // 0x335f0cc4
																	 *((char*)(__edi + 1)) =  *_t91;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L109;
																case 3:
																	 *__edi =  *__esi;
																	 *((char*)(__edi + 1)) =  *((intOrPtr*)(__esi + 1));
																	 *((char*)(__edi + 2)) =  *((intOrPtr*)(__esi + 2));
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L109;
															}
														}
													}
												}
											}
										} else {
											__eflags = _t242 - _t163;
											if(_t242 < _t163) {
												_t266 = _t259 + _t203;
												_t250 = _t242 + _t203;
												__eflags = _t203 - 0x20;
												if(__eflags < 0) {
													L84:
													__eflags = _t203 & 0xfffffffc;
													while((_t203 & 0xfffffffc) != 0) {
														_t250 = _t250 - 4;
														_t266 = _t266 - 4;
														 *_t250 =  *_t266;
														_t203 = _t203 - 4;
														__eflags = _t203 & 0xfffffffc;
													}
													__eflags = _t203;
													if(_t203 != 0) {
														do {
															_t250 = _t250 - 1;
															_t266 = _t266 - 1;
															 *_t250 =  *_t266;
															_t203 = _t203 - 1;
															__eflags = _t203;
														} while (_t203 != 0);
													}
													return _v40;
												} else {
													asm("bt dword [0x32ed490], 0x1");
													if(__eflags < 0) {
														__eflags = _t250 & 0x0000000f;
														if((_t250 & 0x0000000f) != 0) {
															do {
																_t203 = _t203 - 1;
																_t266 = _t266 - 1;
																_t250 = _t250 - 1;
																 *_t250 =  *_t266;
																__eflags = _t250 & 0x0000000f;
															} while ((_t250 & 0x0000000f) != 0);
															while(1) {
																L80:
																__eflags = _t203 - 0x80;
																if(_t203 < 0x80) {
																	break;
																}
																_t266 = _t266 - 0x80;
																_t250 = _t250 - 0x80;
																asm("movdqu xmm0, [esi]");
																asm("movdqu xmm1, [esi+0x10]");
																asm("movdqu xmm2, [esi+0x20]");
																asm("movdqu xmm3, [esi+0x30]");
																asm("movdqu xmm4, [esi+0x40]");
																asm("movdqu xmm5, [esi+0x50]");
																asm("movdqu xmm6, [esi+0x60]");
																asm("movdqu xmm7, [esi+0x70]");
																asm("movdqu [edi], xmm0");
																asm("movdqu [edi+0x10], xmm1");
																asm("movdqu [edi+0x20], xmm2");
																asm("movdqu [edi+0x30], xmm3");
																asm("movdqu [edi+0x40], xmm4");
																asm("movdqu [edi+0x50], xmm5");
																asm("movdqu [edi+0x60], xmm6");
																asm("movdqu [edi+0x70], xmm7");
																_t203 = _t203 - 0x80;
																__eflags = _t203 & 0xffffff80;
																if((_t203 & 0xffffff80) != 0) {
																	continue;
																}
																break;
															}
															__eflags = _t203 - 0x20;
															if(_t203 >= 0x20) {
																do {
																	_t266 = _t266 - 0x20;
																	_t250 = _t250 - 0x20;
																	asm("movdqu xmm0, [esi]");
																	asm("movdqu xmm1, [esi+0x10]");
																	asm("movdqu [edi], xmm0");
																	asm("movdqu [edi+0x10], xmm1");
																	_t203 = _t203 - 0x20;
																	__eflags = _t203 & 0xffffffe0;
																} while ((_t203 & 0xffffffe0) != 0);
															}
															goto L84;
														}
														goto L80;
													} else {
														__eflags = _t250 & 0x00000003;
														if((_t250 & 0x00000003) != 0) {
															_t237 = _t250 & 0x00000003;
															_t203 = _t203 - _t237;
															__eflags = _t203;
															do {
																 *(_t250 - 1) =  *((intOrPtr*)(_t266 - 1));
																_t266 = _t266 - 1;
																_t250 = _t250 - 1;
																_t237 = _t237 - 1;
																__eflags = _t237;
															} while (_t237 != 0);
														}
														__eflags = _t203 - 0x20;
														if(_t203 < 0x20) {
															goto L84;
														} else {
															asm("std");
															memcpy(_t250 - 4, _t266 - 4, _t203 >> 2 << 2);
															asm("cld");
															switch( *((intOrPtr*)((_t203 & 0x00000003) * 4 +  &M032BFE70))) {
																case 0:
																	return _v40;
																	goto L109;
																case 1:
																	 *((char*)(__edi + 3)) =  *((intOrPtr*)(__esi + 3));
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L109;
																case 2:
																	_t112 = __esi + 3; // 0x5bc0335f
																	 *((char*)(__edi + 3)) =  *_t112;
																	_t114 = __esi + 2; // 0xc0335f0c
																	 *((char*)(__edi + 2)) =  *_t114;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L109;
																case 3:
																	 *((char*)(__edi + 3)) =  *((intOrPtr*)(__esi + 3));
																	 *((char*)(__edi + 2)) =  *((intOrPtr*)(__esi + 2));
																	 *((char*)(__edi + 1)) =  *((intOrPtr*)(__esi + 1));
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L109;
															}
														}
													}
												}
											} else {
												goto L26;
											}
										}
									} else {
										goto L8;
									}
								}
							}
							goto L109;
							L8:
							_t240 = _t195;
						} while (_t195 != 0xfffffffe);
						if(_t199 != 0) {
							goto L14;
						}
						goto L15;
					}
				}
				L109:
			}

























































                                                                                                                                  0x032bfa07
                                                                                                                                  0x032bfa0b
                                                                                                                                  0x032bfa0c
                                                                                                                                  0x032bfa13
                                                                                                                                  0x032bfa16
                                                                                                                                  0x032bfa1c
                                                                                                                                  0x032bfa1d
                                                                                                                                  0x032bfa1e
                                                                                                                                  0x032bfa25
                                                                                                                                  0x032bfa28
                                                                                                                                  0x032bfa2b
                                                                                                                                  0x032bfa33
                                                                                                                                  0x032bfa38
                                                                                                                                  0x032bfa3b
                                                                                                                                  0x032bfa3e
                                                                                                                                  0x032bfa45
                                                                                                                                  0x032bfaa6
                                                                                                                                  0x032bfaa9
                                                                                                                                  0x032bfab8
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfab8
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfa47
                                                                                                                                  0x032bfa47
                                                                                                                                  0x032bfa4d
                                                                                                                                  0x032bfa53
                                                                                                                                  0x032bfa59
                                                                                                                                  0x032bfac9
                                                                                                                                  0x032bfad2
                                                                                                                                  0x032bfa5b
                                                                                                                                  0x032bfa60
                                                                                                                                  0x032bfa60
                                                                                                                                  0x032bfa63
                                                                                                                                  0x032bfa66
                                                                                                                                  0x032bfa69
                                                                                                                                  0x032bfa6c
                                                                                                                                  0x032bfa6f
                                                                                                                                  0x032bfa72
                                                                                                                                  0x032bfa77
                                                                                                                                  0x032bfa8d
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfa79
                                                                                                                                  0x032bfa7b
                                                                                                                                  0x032bfa80
                                                                                                                                  0x032bfa82
                                                                                                                                  0x032bfa85
                                                                                                                                  0x032bfa87
                                                                                                                                  0x032bfa9d
                                                                                                                                  0x032bfabd
                                                                                                                                  0x032bfabd
                                                                                                                                  0x032bfabe
                                                                                                                                  0x032bfac1
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfa89
                                                                                                                                  0x032bfa89
                                                                                                                                  0x032bfad3
                                                                                                                                  0x032bfad6
                                                                                                                                  0x032bfadc
                                                                                                                                  0x032bfade
                                                                                                                                  0x032bfae5
                                                                                                                                  0x032bfaec
                                                                                                                                  0x032bfaf1
                                                                                                                                  0x032bfaf4
                                                                                                                                  0x032bfaf6
                                                                                                                                  0x032bfaf8
                                                                                                                                  0x032bfb05
                                                                                                                                  0x032bfb0b
                                                                                                                                  0x032bfb0d
                                                                                                                                  0x032bfb10
                                                                                                                                  0x032bfb10
                                                                                                                                  0x032bfb13
                                                                                                                                  0x032bfb13
                                                                                                                                  0x032bfae5
                                                                                                                                  0x032bfb1b
                                                                                                                                  0x032bfb20
                                                                                                                                  0x032bfb23
                                                                                                                                  0x032bfb26
                                                                                                                                  0x032bfb32
                                                                                                                                  0x032bfb37
                                                                                                                                  0x032bfb37
                                                                                                                                  0x032bfb3a
                                                                                                                                  0x032bfb3b
                                                                                                                                  0x032bfb3e
                                                                                                                                  0x032bfb41
                                                                                                                                  0x032bfb51
                                                                                                                                  0x032bfb56
                                                                                                                                  0x032bfb57
                                                                                                                                  0x032bfb58
                                                                                                                                  0x032bfb59
                                                                                                                                  0x032bfb5a
                                                                                                                                  0x032bfb5b
                                                                                                                                  0x032bfb5c
                                                                                                                                  0x032bfb5d
                                                                                                                                  0x032bfb5e
                                                                                                                                  0x032bfb5f
                                                                                                                                  0x032bfb60
                                                                                                                                  0x032bfb61
                                                                                                                                  0x032bfb62
                                                                                                                                  0x032bfb66
                                                                                                                                  0x032bfb6a
                                                                                                                                  0x032bfb72
                                                                                                                                  0x032bfb74
                                                                                                                                  0x032bfb76
                                                                                                                                  0x032bfb80
                                                                                                                                  0x032bfb80
                                                                                                                                  0x032bfb83
                                                                                                                                  0x032c005b
                                                                                                                                  0x032c005b
                                                                                                                                  0x032c005b
                                                                                                                                  0x032c005e
                                                                                                                                  0x032c0060
                                                                                                                                  0x032c0062
                                                                                                                                  0x032c0062
                                                                                                                                  0x032c0065
                                                                                                                                  0x032c0069
                                                                                                                                  0x032c006b
                                                                                                                                  0x032c006e
                                                                                                                                  0x032c0071
                                                                                                                                  0x032c0071
                                                                                                                                  0x032c0071
                                                                                                                                  0x032c0078
                                                                                                                                  0x032c0078
                                                                                                                                  0x032c007b
                                                                                                                                  0x032c007f
                                                                                                                                  0x032c0081
                                                                                                                                  0x032c0082
                                                                                                                                  0x032c0083
                                                                                                                                  0x032c0083
                                                                                                                                  0x032c0083
                                                                                                                                  0x032c007b
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfb89
                                                                                                                                  0x032bfb89
                                                                                                                                  0x032bfb8f
                                                                                                                                  0x032bfba4
                                                                                                                                  0x032bfbac
                                                                                                                                  0x032bfbbb
                                                                                                                                  0x032bfbc0
                                                                                                                                  0x032bfbd0
                                                                                                                                  0x032bfbd0
                                                                                                                                  0x032bfbd8
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfbde
                                                                                                                                  0x032bfbde
                                                                                                                                  0x032bfbe4
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfbea
                                                                                                                                  0x032bfbea
                                                                                                                                  0x032bfbf0
                                                                                                                                  0x032bfbf6
                                                                                                                                  0x032bfbfa
                                                                                                                                  0x032bfbfc
                                                                                                                                  0x032bfbfe
                                                                                                                                  0x032bfbfe
                                                                                                                                  0x032bfc01
                                                                                                                                  0x032bfc04
                                                                                                                                  0x032bfc06
                                                                                                                                  0x032bfc06
                                                                                                                                  0x032bfc09
                                                                                                                                  0x032bfc0d
                                                                                                                                  0x032bfc0f
                                                                                                                                  0x032bfc13
                                                                                                                                  0x032bfc13
                                                                                                                                  0x032bfc16
                                                                                                                                  0x032bfc19
                                                                                                                                  0x032bfc1d
                                                                                                                                  0x032bfc1d
                                                                                                                                  0x032bfc20
                                                                                                                                  0x032bfc26
                                                                                                                                  0x032bfc8d
                                                                                                                                  0x032bfc92
                                                                                                                                  0x032bfc98
                                                                                                                                  0x032bfc98
                                                                                                                                  0x032bfc9d
                                                                                                                                  0x032bfca0
                                                                                                                                  0x032bfca5
                                                                                                                                  0x032bfcaa
                                                                                                                                  0x032bfcad
                                                                                                                                  0x032bfcb0
                                                                                                                                  0x032bfcb4
                                                                                                                                  0x032bfcba
                                                                                                                                  0x032bfcbe
                                                                                                                                  0x032bfcc2
                                                                                                                                  0x032bfcc8
                                                                                                                                  0x032bfccd
                                                                                                                                  0x032bfcd1
                                                                                                                                  0x032bfcd7
                                                                                                                                  0x032bfcdc
                                                                                                                                  0x032bfcdc
                                                                                                                                  0x032bfce1
                                                                                                                                  0x032bfc28
                                                                                                                                  0x032bfc28
                                                                                                                                  0x032bfc2c
                                                                                                                                  0x032bfce6
                                                                                                                                  0x032bfceb
                                                                                                                                  0x032bfcf0
                                                                                                                                  0x032bfcf0
                                                                                                                                  0x032bfcf5
                                                                                                                                  0x032bfcf8
                                                                                                                                  0x032bfcfd
                                                                                                                                  0x032bfd02
                                                                                                                                  0x032bfd05
                                                                                                                                  0x032bfd08
                                                                                                                                  0x032bfd0c
                                                                                                                                  0x032bfd12
                                                                                                                                  0x032bfd16
                                                                                                                                  0x032bfd1a
                                                                                                                                  0x032bfd20
                                                                                                                                  0x032bfd25
                                                                                                                                  0x032bfd29
                                                                                                                                  0x032bfd2f
                                                                                                                                  0x032bfd34
                                                                                                                                  0x032bfd34
                                                                                                                                  0x032bfd39
                                                                                                                                  0x032bfd3c
                                                                                                                                  0x032bfd3c
                                                                                                                                  0x032bfd3c
                                                                                                                                  0x032bfd3f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfd41
                                                                                                                                  0x032bfd45
                                                                                                                                  0x032bfd48
                                                                                                                                  0x032bfd4b
                                                                                                                                  0x032bfd4f
                                                                                                                                  0x032bfd4f
                                                                                                                                  0x032bfd54
                                                                                                                                  0x032bfd58
                                                                                                                                  0x032bfd5a
                                                                                                                                  0x032bfd5c
                                                                                                                                  0x032bfd5c
                                                                                                                                  0x032bfd5f
                                                                                                                                  0x032bfd62
                                                                                                                                  0x032bfd64
                                                                                                                                  0x032bfd64
                                                                                                                                  0x032bfd67
                                                                                                                                  0x032bfd6b
                                                                                                                                  0x032bfd6d
                                                                                                                                  0x032bfd71
                                                                                                                                  0x032bfd74
                                                                                                                                  0x032bfd77
                                                                                                                                  0x032bfd7b
                                                                                                                                  0x032bfd7b
                                                                                                                                  0x032bfd85
                                                                                                                                  0x032bfd85
                                                                                                                                  0x032bfc32
                                                                                                                                  0x032bfc37
                                                                                                                                  0x032bfc3c
                                                                                                                                  0x032bfc3c
                                                                                                                                  0x032bfc41
                                                                                                                                  0x032bfc44
                                                                                                                                  0x032bfc49
                                                                                                                                  0x032bfc4e
                                                                                                                                  0x032bfc51
                                                                                                                                  0x032bfc54
                                                                                                                                  0x032bfc58
                                                                                                                                  0x032bfc5e
                                                                                                                                  0x032bfc62
                                                                                                                                  0x032bfc66
                                                                                                                                  0x032bfc6c
                                                                                                                                  0x032bfc71
                                                                                                                                  0x032bfc75
                                                                                                                                  0x032bfc7b
                                                                                                                                  0x032bfc80
                                                                                                                                  0x032bfc80
                                                                                                                                  0x032bfc85
                                                                                                                                  0x032bfc85
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfc26
                                                                                                                                  0x032bfbf0
                                                                                                                                  0x032bfbe4
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfbc2
                                                                                                                                  0x032bfbc2
                                                                                                                                  0x032bfbca
                                                                                                                                  0x032bffb2
                                                                                                                                  0x032bffb5
                                                                                                                                  0x032bffb7
                                                                                                                                  0x032c00a9
                                                                                                                                  0x032c00aa
                                                                                                                                  0x032c00ae
                                                                                                                                  0x032c00ae
                                                                                                                                  0x032c00b1
                                                                                                                                  0x032c00b5
                                                                                                                                  0x032c00b7
                                                                                                                                  0x032c00b8
                                                                                                                                  0x032c00b9
                                                                                                                                  0x032c00b9
                                                                                                                                  0x032c00b9
                                                                                                                                  0x032c00bc
                                                                                                                                  0x032c00bc
                                                                                                                                  0x032c00bf
                                                                                                                                  0x032c00c3
                                                                                                                                  0x032c00c5
                                                                                                                                  0x032c00c8
                                                                                                                                  0x032c00cb
                                                                                                                                  0x032c00cb
                                                                                                                                  0x032c00cb
                                                                                                                                  0x032c00ce
                                                                                                                                  0x032c00ce
                                                                                                                                  0x032bffbd
                                                                                                                                  0x032bffbf
                                                                                                                                  0x032bffc2
                                                                                                                                  0x032bffc2
                                                                                                                                  0x032bffc5
                                                                                                                                  0x032bffd0
                                                                                                                                  0x032bffd4
                                                                                                                                  0x032bffd9
                                                                                                                                  0x032bffde
                                                                                                                                  0x032bffe3
                                                                                                                                  0x032bffe7
                                                                                                                                  0x032bffec
                                                                                                                                  0x032bfff1
                                                                                                                                  0x032bfff6
                                                                                                                                  0x032bfffb
                                                                                                                                  0x032c0000
                                                                                                                                  0x032c0005
                                                                                                                                  0x032c000a
                                                                                                                                  0x032c000f
                                                                                                                                  0x032c0014
                                                                                                                                  0x032c0019
                                                                                                                                  0x032c001e
                                                                                                                                  0x032c0024
                                                                                                                                  0x032c002a
                                                                                                                                  0x032c002a
                                                                                                                                  0x032c002a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfbca
                                                                                                                                  0x032bfbae
                                                                                                                                  0x032bfbae
                                                                                                                                  0x032bfbb6
                                                                                                                                  0x032bfbb6
                                                                                                                                  0x032bfb91
                                                                                                                                  0x032bfb91
                                                                                                                                  0x032bfb99
                                                                                                                                  0x032c002d
                                                                                                                                  0x032c002d
                                                                                                                                  0x032c002f
                                                                                                                                  0x032c0033
                                                                                                                                  0x032c0036
                                                                                                                                  0x032c0038
                                                                                                                                  0x032c0040
                                                                                                                                  0x032c0040
                                                                                                                                  0x032c0044
                                                                                                                                  0x032c0049
                                                                                                                                  0x032c004d
                                                                                                                                  0x032c0052
                                                                                                                                  0x032c0055
                                                                                                                                  0x032c0058
                                                                                                                                  0x032c0058
                                                                                                                                  0x032c0058
                                                                                                                                  0x032c0040
                                                                                                                                  0x00000000
                                                                                                                                  0x032c0038
                                                                                                                                  0x032c0090
                                                                                                                                  0x032c0096
                                                                                                                                  0x032bfb9f
                                                                                                                                  0x032bfd87
                                                                                                                                  0x032bfd87
                                                                                                                                  0x032bfd8d
                                                                                                                                  0x032bfd91
                                                                                                                                  0x032bfd93
                                                                                                                                  0x032bfd94
                                                                                                                                  0x032bfd97
                                                                                                                                  0x032bfd9a
                                                                                                                                  0x032bfd9a
                                                                                                                                  0x032bfda2
                                                                                                                                  0x032bfda2
                                                                                                                                  0x032bfda4
                                                                                                                                  0x032bfda7
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfdad
                                                                                                                                  0x032bfdb0
                                                                                                                                  0x032bfdb5
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfdda
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfdde
                                                                                                                                  0x032bfde0
                                                                                                                                  0x032bfde4
                                                                                                                                  0x032bfde5
                                                                                                                                  0x032bfde6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfdea
                                                                                                                                  0x032bfdec
                                                                                                                                  0x032bfdef
                                                                                                                                  0x032bfdf2
                                                                                                                                  0x032bfdf6
                                                                                                                                  0x032bfdf7
                                                                                                                                  0x032bfdf8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfdfe
                                                                                                                                  0x032bfe03
                                                                                                                                  0x032bfe09
                                                                                                                                  0x032bfe0c
                                                                                                                                  0x032bfe10
                                                                                                                                  0x032bfe11
                                                                                                                                  0x032bfe12
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfdb5
                                                                                                                                  0x032bfda7
                                                                                                                                  0x032bfb99
                                                                                                                                  0x032bfb8f
                                                                                                                                  0x032bfb78
                                                                                                                                  0x032bfb78
                                                                                                                                  0x032bfb7a
                                                                                                                                  0x032bfe14
                                                                                                                                  0x032bfe17
                                                                                                                                  0x032bfe1a
                                                                                                                                  0x032bfe1d
                                                                                                                                  0x032bff74
                                                                                                                                  0x032bff74
                                                                                                                                  0x032bff7a
                                                                                                                                  0x032bff7c
                                                                                                                                  0x032bff7f
                                                                                                                                  0x032bff84
                                                                                                                                  0x032bff86
                                                                                                                                  0x032bff89
                                                                                                                                  0x032bff89
                                                                                                                                  0x032bff91
                                                                                                                                  0x032bff93
                                                                                                                                  0x032bff95
                                                                                                                                  0x032bff95
                                                                                                                                  0x032bff98
                                                                                                                                  0x032bff9d
                                                                                                                                  0x032bff9f
                                                                                                                                  0x032bff9f
                                                                                                                                  0x032bff9f
                                                                                                                                  0x032bff95
                                                                                                                                  0x032bffaa
                                                                                                                                  0x032bfe23
                                                                                                                                  0x032bfe23
                                                                                                                                  0x032bfe2b
                                                                                                                                  0x032bfec5
                                                                                                                                  0x032bfecb
                                                                                                                                  0x032bfecd
                                                                                                                                  0x032bfecd
                                                                                                                                  0x032bfece
                                                                                                                                  0x032bfecf
                                                                                                                                  0x032bfed2
                                                                                                                                  0x032bfed4
                                                                                                                                  0x032bfed4
                                                                                                                                  0x032bfedc
                                                                                                                                  0x032bfedc
                                                                                                                                  0x032bfedc
                                                                                                                                  0x032bfee2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfee4
                                                                                                                                  0x032bfeea
                                                                                                                                  0x032bfef0
                                                                                                                                  0x032bfef4
                                                                                                                                  0x032bfef9
                                                                                                                                  0x032bfefe
                                                                                                                                  0x032bff03
                                                                                                                                  0x032bff08
                                                                                                                                  0x032bff0d
                                                                                                                                  0x032bff12
                                                                                                                                  0x032bff17
                                                                                                                                  0x032bff1b
                                                                                                                                  0x032bff20
                                                                                                                                  0x032bff25
                                                                                                                                  0x032bff2a
                                                                                                                                  0x032bff2f
                                                                                                                                  0x032bff34
                                                                                                                                  0x032bff39
                                                                                                                                  0x032bff3e
                                                                                                                                  0x032bff44
                                                                                                                                  0x032bff4a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bff4a
                                                                                                                                  0x032bff4c
                                                                                                                                  0x032bff4f
                                                                                                                                  0x032bff51
                                                                                                                                  0x032bff51
                                                                                                                                  0x032bff54
                                                                                                                                  0x032bff57
                                                                                                                                  0x032bff5b
                                                                                                                                  0x032bff60
                                                                                                                                  0x032bff64
                                                                                                                                  0x032bff69
                                                                                                                                  0x032bff6c
                                                                                                                                  0x032bff6c
                                                                                                                                  0x032bff51
                                                                                                                                  0x00000000
                                                                                                                                  0x032bff4f
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfe31
                                                                                                                                  0x032bfe31
                                                                                                                                  0x032bfe37
                                                                                                                                  0x032bfe3b
                                                                                                                                  0x032bfe3e
                                                                                                                                  0x032bfe3e
                                                                                                                                  0x032bfe40
                                                                                                                                  0x032bfe43
                                                                                                                                  0x032bfe46
                                                                                                                                  0x032bfe47
                                                                                                                                  0x032bfe48
                                                                                                                                  0x032bfe48
                                                                                                                                  0x032bfe48
                                                                                                                                  0x032bfe40
                                                                                                                                  0x032bfe4d
                                                                                                                                  0x032bfe50
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfe56
                                                                                                                                  0x032bfe64
                                                                                                                                  0x032bfe65
                                                                                                                                  0x032bfe67
                                                                                                                                  0x032bfe68
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfe86
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfe8b
                                                                                                                                  0x032bfe8e
                                                                                                                                  0x032bfe92
                                                                                                                                  0x032bfe93
                                                                                                                                  0x032bfe94
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfe98
                                                                                                                                  0x032bfe9b
                                                                                                                                  0x032bfe9e
                                                                                                                                  0x032bfea1
                                                                                                                                  0x032bfea4
                                                                                                                                  0x032bfea8
                                                                                                                                  0x032bfea9
                                                                                                                                  0x032bfeaa
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfeaf
                                                                                                                                  0x032bfeb5
                                                                                                                                  0x032bfebb
                                                                                                                                  0x032bfebe
                                                                                                                                  0x032bfec2
                                                                                                                                  0x032bfec3
                                                                                                                                  0x032bfec4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfe68
                                                                                                                                  0x032bfe50
                                                                                                                                  0x032bfe2b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfb7a
                                                                                                                                  0x032bfa8b
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfa8b
                                                                                                                                  0x032bfa89
                                                                                                                                  0x032bfa87
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfa90
                                                                                                                                  0x032bfa90
                                                                                                                                  0x032bfa92
                                                                                                                                  0x032bfa99
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfa9b
                                                                                                                                  0x00000000
                                                                                                                                  0x032bfa99
                                                                                                                                  0x032bfa59
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 032BFA2B
                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 032BFA33
                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 032BFAC1
                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 032BFAEC
                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 032BFB41
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                  • String ID: csm
                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                  • Opcode ID: f1f59864d8f289b514910319e7bddcee11f4ee7e8e9219e51d120e2286e50f14
                                                                                                                                  • Instruction ID: 3a56211e7523b1b07ee7c515355f3c79fdbd640f7fe0ca386c77c901d3890fe0
                                                                                                                                  • Opcode Fuzzy Hash: f1f59864d8f289b514910319e7bddcee11f4ee7e8e9219e51d120e2286e50f14
                                                                                                                                  • Instruction Fuzzy Hash: 3641B134A20209FBCB14DF68CD84ADEBBB5AF44794F08C199D8199B352D771EA91CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032ADC10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 112COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E032ADC10(void* __edi, void* __esi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v276;
				intOrPtr _v280;
				char _v540;
				char _v800;
				char _v804;
				void* __ebp;
				signed int _t30;
				long _t32;
				void* _t62;
				int _t67;
				intOrPtr* _t69;
				struct HWND__* _t72;
				signed int _t74;

				_t30 =  *0x32ed474; // 0x444d31ba
				_v8 = _t30 ^ _t74;
				_t67 = _a8;
				_t32 = _a16;
				_t72 = _a4;
				if(_t67 != 0x4a) {
					L8:
					CallWindowProcA( *0x32efc6c, _t72, _t67, _a12, _t32);
					return E032BD98D(_v8 ^ _t74);
				} else {
					_t62 =  *_t32;
					if(_t62 != 1) {
						if(_t62 != 2 ||  *((intOrPtr*)(_t32 + 4)) != 4) {
							goto L8;
						} else {
							 *0x32efcbc =  *((intOrPtr*)( *((intOrPtr*)(_t32 + 8))));
							return E032BD98D(_v8 ^ _t74);
						}
					} else {
						if( *((intOrPtr*)(_t32 + 4)) != 0x630 ||  *0x32efcb8 == 0) {
							goto L8;
						} else {
							_t69 =  *((intOrPtr*)(_t32 + 8));
							_v804 =  *_t69;
							_v280 =  *((intOrPtr*)(_t69 + 0x418));
							_v16 =  *((intOrPtr*)(_t69 + 0x628));
							_v12 =  *((intOrPtr*)(_t69 + 0x62c));
							WideCharToMultiByte(0xfde9, 0, _t69 + 4, 0xffffffff,  &_v800, 0x104, 0, 0);
							WideCharToMultiByte(0xfde9, 0, _t69 + 0x20c, 0xffffffff,  &_v540, 0x104, 0, 0);
							WideCharToMultiByte(0xfde9, 0, _t69 + 0x420, 0xffffffff,  &_v276, 0x104, 0, 0);
							E032B7620(CharLowerA( &_v800), "interfaces.dll");
							E032AE780( &_v804,  *((intOrPtr*)( *((intOrPtr*)( *0x32efcb8 + 4)))));
							return E032BD98D(_v8 ^ _t74);
						}
					}
				}
			}



















                                                                                                                                  0x032adc19
                                                                                                                                  0x032adc20
                                                                                                                                  0x032adc23
                                                                                                                                  0x032adc26
                                                                                                                                  0x032adc2a
                                                                                                                                  0x032adc30
                                                                                                                                  0x032add5a
                                                                                                                                  0x032add66
                                                                                                                                  0x032add7a
                                                                                                                                  0x032adc36
                                                                                                                                  0x032adc36
                                                                                                                                  0x032adc3b
                                                                                                                                  0x032add34
                                                                                                                                  0x00000000
                                                                                                                                  0x032add3c
                                                                                                                                  0x032add42
                                                                                                                                  0x032add57
                                                                                                                                  0x032add57
                                                                                                                                  0x032adc41
                                                                                                                                  0x032adc48
                                                                                                                                  0x00000000
                                                                                                                                  0x032adc5b
                                                                                                                                  0x032adc5c
                                                                                                                                  0x032adc6b
                                                                                                                                  0x032adc77
                                                                                                                                  0x032adc83
                                                                                                                                  0x032adc91
                                                                                                                                  0x032adca8
                                                                                                                                  0x032adcca
                                                                                                                                  0x032adcec
                                                                                                                                  0x032add01
                                                                                                                                  0x032add1a
                                                                                                                                  0x032add2e
                                                                                                                                  0x032add2e
                                                                                                                                  0x032adc48
                                                                                                                                  0x032adc3b

                                                                                                                                  APIs
                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000630,000000FF,?,00000104,00000000,00000000), ref: 032ADCA8
                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000104,00000000,00000000), ref: 032ADCCA
                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000104,00000000,00000000), ref: 032ADCEC
                                                                                                                                  • CharLowerA.USER32(?,interfaces.dll), ref: 032ADCFA
                                                                                                                                    • Part of subcall function 032B7620: lstrlenA.KERNEL32(00000000,00000000,76D81D30,?,032B1475,00000000,.ico), ref: 032B7636
                                                                                                                                    • Part of subcall function 032B7620: lstrlenA.KERNEL32(032B1475,?,032B1475,00000000,.ico), ref: 032B7641
                                                                                                                                    • Part of subcall function 032AE780: SendMessageA.USER32 ref: 032AE7F3
                                                                                                                                    • Part of subcall function 032AE780: wsprintfA.USER32 ref: 032AE82B
                                                                                                                                    • Part of subcall function 032AE780: SendMessageA.USER32 ref: 032AE844
                                                                                                                                    • Part of subcall function 032AE780: SendMessageA.USER32 ref: 032AE857
                                                                                                                                    • Part of subcall function 032AE780: GlobalAlloc.KERNEL32(00000040,00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,032ADD1F), ref: 032AE888
                                                                                                                                    • Part of subcall function 032AE780: GlobalAlloc.KERNEL32(00000040,00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,032ADD1F), ref: 032AE891
                                                                                                                                  • CallWindowProcA.USER32 ref: 032ADD66
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Char$ByteMessageMultiSendWide$AllocGloballstrlen$CallLowerProcWindowwsprintf
                                                                                                                                  • String ID: interfaces.dll
                                                                                                                                  • API String ID: 1322203981-503624376
                                                                                                                                  • Opcode ID: 11af7872fc86ed6037e9937aa08cfe55cf5f1b3d37aebdb4b977686693c13b03
                                                                                                                                  • Instruction ID: 4f8c1ea0a42a3fa4ee07dedeb8918bba01f495f8fe053322c3590fda042b99a7
                                                                                                                                  • Opcode Fuzzy Hash: 11af7872fc86ed6037e9937aa08cfe55cf5f1b3d37aebdb4b977686693c13b03
                                                                                                                                  • Instruction Fuzzy Hash: 4941B376A40618AFDB10DF58DC55FE9B7B8EB08710F108296F6199F1D0C771AA94CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A7BC0 Relevance: 10.6, APIs: 7, Instructions: 111networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 82%
                                                                                                                                  			E032A7BC0(void* __ebx, signed int __ecx, void* __edx, intOrPtr __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a24) {
				intOrPtr _v0;
				signed int _v4;
				signed int _v12;
				char _v404;
				signed int _v408;
				intOrPtr* _v416;
				signed int _v420;
				void* _v424;
				signed int _v428;
				char _v432;
				void* __ebp;
				signed int _t30;
				intOrPtr _t32;
				signed int _t36;
				intOrPtr _t38;
				void* _t43;
				intOrPtr* _t44;
				intOrPtr _t46;
				intOrPtr _t59;
				intOrPtr _t62;
				intOrPtr _t63;
				signed int _t64;

				_t59 = __edi;
				_t49 = __ecx;
				_t64 =  &_v424;
				_t30 =  *0x32ed474; // 0x444d31ba
				_v4 = _t30 ^ _t64;
				_t32 = _a12;
				_t46 = _a4;
				_t63 = _a24;
				_t61 = __edx;
				_push( &_v404);
				_push(1);
				_v424 = _t32;
				_v408 = __ecx;
				_v420 = 0xffffffff;
				L032BD963();
				if(_t32 != 0) {
					E032A3960(_t32);
				} else {
					if( *0x32f0d00 != _t32 || __edi != 0 || _a12 != __edi) {
						_v424 = 0;
						_t36 = 0x5dc;
						if(_a12 == 0) {
							_t36 =  *0x32ed318; // 0x2710
						}
						_t49 =  &_v424;
						_v420 = _t36 * 0x3e8;
						_t38 = E032A77C0(_t46,  &_v424, _t59, _t59, _t61, _t61, _t63);
						_t64 = _t64 + 8;
					} else {
						_push(__edi);
						_push(0xa);
						_t38 = E032A7A20(_t46, __edi, __edx, _t63, __edx);
						_t64 = _t64 + 0xc;
					}
					_t62 = _t38;
					if(_t62 == 0xffffffff) {
						L17:
						L032BD90F();
					} else {
						_t39 = E032A7690(_v0, _t49, _t59, _t62, _t62, _t46);
						_t64 = _t64 + 8;
						if(_t39 != 0) {
							L15:
							E032A3960(_t39);
							goto L16;
						} else {
							_t52 = _v432;
							if(_v432 == 0) {
								L20:
								E032A3960(_t39);
								_push(_t62);
								_v428 = 0;
								L032BD945();
								L032BD90F();
							} else {
								_t39 = _a8;
								if(_t39 <= 0) {
									goto L20;
								} else {
									_push(_t63);
									_v432 = _t39;
									_v420 = 0;
									_v424 = 0x1e;
									_t43 = E032A7450(_t62,  &_v432, _t52,  &_v432,  &_v424, _t59);
									_t64 = _t64 + 0x14;
									if(_t43 != 0) {
										L16:
										_push(_t62);
										L032BD945();
										goto L17;
									} else {
										_t44 = _v416;
										if(_t44 != 0) {
											 *_t44 = _v432;
											goto L19;
										} else {
											_t39 = _a8;
											if(_v432 == _a8) {
												L19:
												_push(_t62);
												_v428 = 0;
												L032BD945();
												L032BD90F();
											} else {
												goto L15;
											}
										}
									}
								}
							}
						}
					}
				}
				return E032BD98D(_v12 ^ _t64);
			}

























                                                                                                                                  0x032a7bc0
                                                                                                                                  0x032a7bc0
                                                                                                                                  0x032a7bc0
                                                                                                                                  0x032a7bc6
                                                                                                                                  0x032a7bcd
                                                                                                                                  0x032a7bd4
                                                                                                                                  0x032a7bdc
                                                                                                                                  0x032a7be4
                                                                                                                                  0x032a7bec
                                                                                                                                  0x032a7bf2
                                                                                                                                  0x032a7bf3
                                                                                                                                  0x032a7bf5
                                                                                                                                  0x032a7bf9
                                                                                                                                  0x032a7bfd
                                                                                                                                  0x032a7c05
                                                                                                                                  0x032a7c0c
                                                                                                                                  0x032a7d1f
                                                                                                                                  0x032a7c12
                                                                                                                                  0x032a7c18
                                                                                                                                  0x032a7c3d
                                                                                                                                  0x032a7c45
                                                                                                                                  0x032a7c4a
                                                                                                                                  0x032a7c4c
                                                                                                                                  0x032a7c4c
                                                                                                                                  0x032a7c5b
                                                                                                                                  0x032a7c5f
                                                                                                                                  0x032a7c63
                                                                                                                                  0x032a7c68
                                                                                                                                  0x032a7c27
                                                                                                                                  0x032a7c27
                                                                                                                                  0x032a7c28
                                                                                                                                  0x032a7c2b
                                                                                                                                  0x032a7c30
                                                                                                                                  0x032a7c30
                                                                                                                                  0x032a7c6b
                                                                                                                                  0x032a7c70
                                                                                                                                  0x032a7ce7
                                                                                                                                  0x032a7ce7
                                                                                                                                  0x032a7c72
                                                                                                                                  0x032a7c7b
                                                                                                                                  0x032a7c80
                                                                                                                                  0x032a7c85
                                                                                                                                  0x032a7cdc
                                                                                                                                  0x032a7cdc
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7c87
                                                                                                                                  0x032a7c87
                                                                                                                                  0x032a7c8f
                                                                                                                                  0x032a7d09
                                                                                                                                  0x032a7d09
                                                                                                                                  0x032a7d0e
                                                                                                                                  0x032a7d0f
                                                                                                                                  0x032a7d13
                                                                                                                                  0x032a7d18
                                                                                                                                  0x032a7c91
                                                                                                                                  0x032a7c91
                                                                                                                                  0x032a7c9a
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7c9c
                                                                                                                                  0x032a7c9c
                                                                                                                                  0x032a7c9d
                                                                                                                                  0x032a7ca6
                                                                                                                                  0x032a7cb3
                                                                                                                                  0x032a7cbb
                                                                                                                                  0x032a7cc0
                                                                                                                                  0x032a7cc5
                                                                                                                                  0x032a7ce1
                                                                                                                                  0x032a7ce1
                                                                                                                                  0x032a7ce2
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7cc7
                                                                                                                                  0x032a7cc7
                                                                                                                                  0x032a7ccd
                                                                                                                                  0x032a7cf2
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7ccf
                                                                                                                                  0x032a7ccf
                                                                                                                                  0x032a7cda
                                                                                                                                  0x032a7cf4
                                                                                                                                  0x032a7cf4
                                                                                                                                  0x032a7cf5
                                                                                                                                  0x032a7cfd
                                                                                                                                  0x032a7d02
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032a7cda
                                                                                                                                  0x032a7ccd
                                                                                                                                  0x032a7cc5
                                                                                                                                  0x032a7c9a
                                                                                                                                  0x032a7c8f
                                                                                                                                  0x032a7c85
                                                                                                                                  0x032a7c70
                                                                                                                                  0x032a7d3f

                                                                                                                                  APIs
                                                                                                                                  • WSAStartup.WS2_32 ref: 032A7C05
                                                                                                                                  • closesocket.WS2_32(00000000), ref: 032A7CE2
                                                                                                                                  • WSACleanup.WS2_32 ref: 032A7CE7
                                                                                                                                  • closesocket.WS2_32 ref: 032A7CFD
                                                                                                                                  • WSACleanup.WS2_32 ref: 032A7D02
                                                                                                                                  • closesocket.WS2_32(00000000), ref: 032A7D13
                                                                                                                                  • WSACleanup.WS2_32 ref: 032A7D18
                                                                                                                                    • Part of subcall function 032A7A20: socket.WS2_32(00000002,00000001,00000006), ref: 032A7A3D
                                                                                                                                    • Part of subcall function 032A7A20: bind.WS2_32(00000000,?,00000010), ref: 032A7A68
                                                                                                                                    • Part of subcall function 032A7A20: WSAGetLastError.WS2_32(00000000,?,00000010,?,?,?,?,?,?,?,?,?,?,?,032A7C30,?), ref: 032A7A78
                                                                                                                                    • Part of subcall function 032A7A20: connect.WS2_32(00000000,?,00000010), ref: 032A7ADA
                                                                                                                                    • Part of subcall function 032A7A20: Sleep.KERNEL32(00000064,00000000,?,00000010,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 032A7AEB
                                                                                                                                    • Part of subcall function 032A7A20: WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 032A7B09
                                                                                                                                    • Part of subcall function 032A7A20: getsockname.WS2_32 ref: 032A7B23
                                                                                                                                    • Part of subcall function 032A7A20: htons.WS2_32(?), ref: 032A7B2D
                                                                                                                                    • Part of subcall function 032A7A20: closesocket.WS2_32(00000000), ref: 032A7B40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: closesocket$Cleanup$ErrorLast$SleepStartupbindconnectgetsocknamehtonssocket
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3096062870-0
                                                                                                                                  • Opcode ID: a61355b22cc61b9b1afd1469f96aa81b353695081bee35fab0a1428707dda5e2
                                                                                                                                  • Instruction ID: 95c0e1d50853b8d3e91fa7cf6405b195450d0e316d9f7d19b9a4e4f2f8ac74bb
                                                                                                                                  • Opcode Fuzzy Hash: a61355b22cc61b9b1afd1469f96aa81b353695081bee35fab0a1428707dda5e2
                                                                                                                                  • Instruction Fuzzy Hash: 2241B675529B429FD320EFACD880BEBF7E9AFC8300F04455DE4959B240E77095848BA7
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0040267C Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                  			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004056C6(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E0040581E(_t52);
				_t27 = E0040583D(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4; // 0xdc00
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031F1(_t47);
						E004031BF(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F18(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E004057FE( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F18(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                                                                  0x0040267c
                                                                                                                                  0x0040267e
                                                                                                                                  0x0040268a
                                                                                                                                  0x0040268d
                                                                                                                                  0x00402697
                                                                                                                                  0x0040269b
                                                                                                                                  0x0040269b
                                                                                                                                  0x004026a1
                                                                                                                                  0x004026ae
                                                                                                                                  0x004026b6
                                                                                                                                  0x004026b9
                                                                                                                                  0x004026bf
                                                                                                                                  0x004026cd
                                                                                                                                  0x004026d2
                                                                                                                                  0x004026d6
                                                                                                                                  0x004026d9
                                                                                                                                  0x004026e2
                                                                                                                                  0x004026ee
                                                                                                                                  0x004026f2
                                                                                                                                  0x004026f5
                                                                                                                                  0x004026ff
                                                                                                                                  0x0040271e
                                                                                                                                  0x00402706
                                                                                                                                  0x0040270b
                                                                                                                                  0x00402713
                                                                                                                                  0x00402716
                                                                                                                                  0x0040271b
                                                                                                                                  0x0040271b
                                                                                                                                  0x00402725
                                                                                                                                  0x00402725
                                                                                                                                  0x00402737
                                                                                                                                  0x0040273e
                                                                                                                                  0x00402750
                                                                                                                                  0x00402750
                                                                                                                                  0x00402756
                                                                                                                                  0x00402756
                                                                                                                                  0x00402761
                                                                                                                                  0x00402762
                                                                                                                                  0x00402766
                                                                                                                                  0x0040276a
                                                                                                                                  0x00402770
                                                                                                                                  0x00402770
                                                                                                                                  0x00402777
                                                                                                                                  0x00402164
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000DC00,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                                                                  • GlobalFree.KERNEL32 ref: 00402725
                                                                                                                                  • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                                                                  • GlobalFree.KERNEL32 ref: 0040273E
                                                                                                                                  • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                                                                  • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3294113728-0
                                                                                                                                  • Opcode ID: b8defe13902d58a52973a2e3f60156d7c1400e5746f24ef4cd0721e59596b3c4
                                                                                                                                  • Instruction ID: 719c612f4f238206e278f6e296a81204df483451b361404a9b6a09c3536a307a
                                                                                                                                  • Opcode Fuzzy Hash: b8defe13902d58a52973a2e3f60156d7c1400e5746f24ef4cd0721e59596b3c4
                                                                                                                                  • Instruction Fuzzy Hash: F831AD71C00128BBDF216FA4CD89DAE7E79EF08364F10423AF920772E0C6795D419BA8
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032CD37A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032CD37A(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x32f3c48 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x32e1778 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E032C95E4(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E032C95E4(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}













                                                                                                                                  0x032cd383
                                                                                                                                  0x032cd42d
                                                                                                                                  0x032cd38b
                                                                                                                                  0x032cd38d
                                                                                                                                  0x032cd394
                                                                                                                                  0x032cd396
                                                                                                                                  0x032cd39c
                                                                                                                                  0x032cd3a9
                                                                                                                                  0x032cd3be
                                                                                                                                  0x032cd3c2
                                                                                                                                  0x032cd414
                                                                                                                                  0x032cd414
                                                                                                                                  0x032cd419
                                                                                                                                  0x032cd41d
                                                                                                                                  0x032cd420
                                                                                                                                  0x032cd420
                                                                                                                                  0x032cd426
                                                                                                                                  0x032cd428
                                                                                                                                  0x032cd43f
                                                                                                                                  0x032cd438
                                                                                                                                  0x032cd43e
                                                                                                                                  0x032cd43e
                                                                                                                                  0x032cd42a
                                                                                                                                  0x032cd42a
                                                                                                                                  0x00000000
                                                                                                                                  0x032cd42a
                                                                                                                                  0x032cd3c4
                                                                                                                                  0x032cd3cd
                                                                                                                                  0x032cd404
                                                                                                                                  0x032cd404
                                                                                                                                  0x032cd406
                                                                                                                                  0x032cd408
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032cd410
                                                                                                                                  0x00000000
                                                                                                                                  0x032cd410
                                                                                                                                  0x032cd3d7
                                                                                                                                  0x032cd3dc
                                                                                                                                  0x032cd3e1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032cd3eb
                                                                                                                                  0x032cd3f0
                                                                                                                                  0x032cd3f5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032cd3fa
                                                                                                                                  0x032cd400
                                                                                                                                  0x00000000
                                                                                                                                  0x032cd400
                                                                                                                                  0x032cd3a1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032cd3a7
                                                                                                                                  0x032cd436
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                  • API String ID: 0-537541572
                                                                                                                                  • Opcode ID: 00ffaad83051a0830e79661c6c71908e94be16bb30ceca818bd4e760c52613a4
                                                                                                                                  • Instruction ID: 9a53e003071c12973d8f7402ba7dd6965bf17bb43e22a1ae45f8d3ee6cb363ee
                                                                                                                                  • Opcode Fuzzy Hash: 00ffaad83051a0830e79661c6c71908e94be16bb30ceca818bd4e760c52613a4
                                                                                                                                  • Instruction Fuzzy Hash: 0321C931A75262ABC731DA24EC45BAAB7589F01660F15437DEE19A7181D670F881C6E0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B5BF0 Relevance: 10.6, APIs: 7, Instructions: 75windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 92%
                                                                                                                                  			E032B5BF0(intOrPtr _a4, int _a8, int _a12, long _a16) {
				void* _t13;
				int _t22;

				_t22 = _a8;
				_t13 = _t22 - 0x111;
				if(_t13 > 0x27) {
					L11:
					return 0;
				} else {
					switch( *((intOrPtr*)(( *(_t13 + 0x32b5ce4) & 0x000000ff) * 4 +  &M032B5CD4))) {
						case 0:
							__eax = _a16;
							__ecx =  *0x32eff10;
							if(__eax ==  *0x32eff14 || __eax == __ecx) {
								_t12 = SendMessageA(__ecx, 0xf0, 0, 0) - 1; // -1
								_t12 =  ~_t12;
								asm("sbb edi, edi");
								__edi =  ~_t12 + 1;
								if(__edi !=  *0x32eff34) {
									 *0x32eff34 = __edi;
									EnableWindow( *0x32eff28, __edi) = EnableWindow( *0x32eff24, __edi);
									__eax = EnableWindow( *0x32eff2c, __edi);
								}
							}
							goto L11;
						case 1:
							return SendMessageA( *0x32eff74, __ecx, _a12, _a16);
							goto L12;
						case 2:
							_t24 = _a16;
							_t25 = _a12;
							_push(_t19);
							_t20 = SendMessageA( *0x32eff74, _t22, _t25, _t24);
							if(_a4 ==  *0x32eff00 && _t24 ==  *0x32eff30) {
								SetTextColor(_t25, 0xff);
							}
							return _t20;
							goto L12;
						case 3:
							goto L11;
					}
				}
				L12:
			}





                                                                                                                                  0x032b5bf3
                                                                                                                                  0x032b5bf8
                                                                                                                                  0x032b5c01
                                                                                                                                  0x032b5ccb
                                                                                                                                  0x032b5ccf
                                                                                                                                  0x032b5c07
                                                                                                                                  0x032b5c0e
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5c6e
                                                                                                                                  0x032b5c71
                                                                                                                                  0x032b5c7d
                                                                                                                                  0x032b5c93
                                                                                                                                  0x032b5c96
                                                                                                                                  0x032b5c98
                                                                                                                                  0x032b5c9a
                                                                                                                                  0x032b5ca1
                                                                                                                                  0x032b5cb0
                                                                                                                                  0x032b5cbf
                                                                                                                                  0x032b5cc8
                                                                                                                                  0x032b5cc8
                                                                                                                                  0x032b5ca1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5c6b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5c15
                                                                                                                                  0x032b5c18
                                                                                                                                  0x032b5c1b
                                                                                                                                  0x032b5c2e
                                                                                                                                  0x032b5c36
                                                                                                                                  0x032b5c46
                                                                                                                                  0x032b5c46
                                                                                                                                  0x032b5c52
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x032b5c0e
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnableMessageSendWindow$ColorText
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4106368931-0
                                                                                                                                  • Opcode ID: 36821b7b41e6f29509325af5fe6fa0bd338fe9c6d01e8c19de98c719ab60e892
                                                                                                                                  • Instruction ID: 13bc25e56c0c9d7710219ddfc706de639437a82e60755bbd61e73969c25dbc47
                                                                                                                                  • Opcode Fuzzy Hash: 36821b7b41e6f29509325af5fe6fa0bd338fe9c6d01e8c19de98c719ab60e892
                                                                                                                                  • Instruction Fuzzy Hash: CE21B332211119BFCB10BF50FD8EEAA7B76F78A361F158026F5059F198C6316865DBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032ACD24 Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 66memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                  			E032ACD24(CHAR* __ebx, void* __edx, void** __esi) {
				void* _t29;
				signed int _t39;
				void* _t53;
				void* _t54;
				void* _t55;
				signed int _t56;
				signed int _t57;
				void* _t61;
				void _t63;
				void _t64;
				signed int _t67;
				void* _t70;

				_t53 = __edx;
				_t40 = __ebx;
				_t61 =  *__esi;
				if(_t61 != 0) {
					lstrcpyA(__ebx, _t61 + 4);
					 *( *0x32ee1c4) =  *_t61;
					GlobalFree(_t61);
					_t39 = E032AD1A0(__ebx);
					_t70 = _t70 + 4;
					_t56 = _t39;
				}
				if( *0x32edf08 == 0) {
					L032ACB80(_t53);
				}
				if( *0x32edf09 != 0) {
					if(_t56 > 0xf) {
						L11:
						_t57 = 0xfffffffe;
						goto L12;
					} else {
						_t65 =  *(0x32ee156 + _t56 * 2) & 0x0000ffff;
						if(( *(0x32ee156 + _t56 * 2) & 0x0000ffff) >= 0xffff) {
							_t57 = _t56 | 0xffffffff;
							goto L12;
						} else {
							 *((intOrPtr*)(_t67 - 0x50)) = 0;
							 *((intOrPtr*)(_t67 - 0x4c)) = 0;
							 *((intOrPtr*)(_t67 - 0x48)) = 0;
							_t29 = E032AC990(_t40, _t53, _t56, _t65, _t65, _t67 - 0x50, _t67 - 0x4c, _t67 - 0x48, _t67 - 0x44, 0x40);
							_t70 = _t70 + 0x18;
							if(_t29 == 0) {
								goto L11;
							} else {
								E032AD260(_t65);
								E032AD2B0(_t67 - 0x44);
								return E032BD98D( *(_t67 - 4) ^ _t67);
							}
						}
					}
				} else {
					_t57 = 0xfffffffd;
					L12:
					if( *0x32ee1c4 != 0) {
						_t63 = GlobalAlloc(0x40,  *0x32ee1c0 + 8);
						_t13 = _t63 + 4; // 0x4
						wsprintfA(_t13, 0x32dc480, _t57);
						_t54 =  *0x32ee1c4;
						 *_t63 =  *_t54;
						 *_t54 = _t63;
						_t64 = GlobalAlloc(0x40,  *0x32ee1c0 + 8);
						_t14 = _t64 + 4; // 0x4
						lstrcpynA(_t14, "error",  *0x32ee1c0);
						_t55 =  *0x32ee1c4;
						 *_t64 =  *_t55;
						 *_t55 = _t64;
					}
					return E032BD98D( *(_t67 - 4) ^ _t67);
				}
			}















                                                                                                                                  0x032acd24
                                                                                                                                  0x032acd24
                                                                                                                                  0x032acd24
                                                                                                                                  0x032acd28
                                                                                                                                  0x032acd2f
                                                                                                                                  0x032acd3d
                                                                                                                                  0x032acd3f
                                                                                                                                  0x032acd46
                                                                                                                                  0x032acd4b
                                                                                                                                  0x032acd4e
                                                                                                                                  0x032acd4e
                                                                                                                                  0x032acd57
                                                                                                                                  0x032acd59
                                                                                                                                  0x032acd59
                                                                                                                                  0x032acd65
                                                                                                                                  0x032acd71
                                                                                                                                  0x032acddf
                                                                                                                                  0x032acddf
                                                                                                                                  0x00000000
                                                                                                                                  0x032acd73
                                                                                                                                  0x032acd73
                                                                                                                                  0x032acd81
                                                                                                                                  0x032acdda
                                                                                                                                  0x00000000
                                                                                                                                  0x032acd83
                                                                                                                                  0x032acd88
                                                                                                                                  0x032acd93
                                                                                                                                  0x032acd9e
                                                                                                                                  0x032acdab
                                                                                                                                  0x032acdb0
                                                                                                                                  0x032acdb5
                                                                                                                                  0x00000000
                                                                                                                                  0x032acdb7
                                                                                                                                  0x032acdb8
                                                                                                                                  0x032acdc1
                                                                                                                                  0x032acdd9
                                                                                                                                  0x032acdd9
                                                                                                                                  0x032acdb5
                                                                                                                                  0x032acd81
                                                                                                                                  0x032acd67
                                                                                                                                  0x032acd67
                                                                                                                                  0x032acde4
                                                                                                                                  0x032acdeb
                                                                                                                                  0x032ace00
                                                                                                                                  0x032ace08
                                                                                                                                  0x032ace0c
                                                                                                                                  0x032ace12
                                                                                                                                  0x032ace26
                                                                                                                                  0x032ace2a
                                                                                                                                  0x032ace34
                                                                                                                                  0x032ace3b
                                                                                                                                  0x032ace3f
                                                                                                                                  0x032ace45
                                                                                                                                  0x032ace4d
                                                                                                                                  0x032ace4f
                                                                                                                                  0x032ace4f
                                                                                                                                  0x032ace61
                                                                                                                                  0x032ace61

                                                                                                                                  APIs
                                                                                                                                  • lstrcpyA.KERNEL32(?,?), ref: 032ACD2F
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032ACD3F
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032ACDFE
                                                                                                                                  • wsprintfA.USER32 ref: 032ACE0C
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032ACE2C
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032ACE3F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloc$Freelstrcpylstrcpynwsprintf
                                                                                                                                  • String ID: error
                                                                                                                                  • API String ID: 1175590954-1574812785
                                                                                                                                  • Opcode ID: 276d8d079dbb70e778c8ef368fae801ddcf09a2749e270880d0f123e2a662051
                                                                                                                                  • Instruction ID: c4414da70fa88a45e2593fa15d4dec2eb4be327ed1d09fba6cac5663bb1d393e
                                                                                                                                  • Opcode Fuzzy Hash: 276d8d079dbb70e778c8ef368fae801ddcf09a2749e270880d0f123e2a662051
                                                                                                                                  • Instruction Fuzzy Hash: B421D2795106209FD324FF28F889A65B7A8FF48B10B048559E856CF388D735AC80CB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D400F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E032D400F(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E032D3D59(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x32ed84c
					E032D3D59(_t2, 7);
					_t3 = _t45 + 0x38; // 0x32ed868
					E032D3D59(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x32ed898
					E032D3D59(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x32ed8c8
					E032D3D59(_t5, 2);
					_t6 = _t45 + 0xa0; // 0x0
					E032C9EFA( *_t6);
					_t7 = _t45 + 0xa4; // 0x0
					E032C9EFA( *_t7);
					_t8 = _t45 + 0xa8; // 0x0
					E032C9EFA( *_t8);
					_t9 = _t45 + 0xb4; // 0x32ed8e4
					E032D3D59(_t9, 7);
					_t10 = _t45 + 0xd0; // 0x32ed900
					E032D3D59(_t10, 7);
					_t11 = _t45 + 0xec; // 0x32ed91c
					E032D3D59(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x32ed94c
					E032D3D59(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x32ed97c
					E032D3D59(_t13, 2);
					_t14 = _t45 + 0x154; // 0x0
					E032C9EFA( *_t14);
					_t15 = _t45 + 0x158; // 0x62610000
					E032C9EFA( *_t15);
					_t16 = _t45 + 0x15c; // 0x66656463
					E032C9EFA( *_t16);
					_t17 = _t45 + 0x160; // 0x6a696867
					return E032C9EFA( *_t17);
				}
				return _t18;
			}





                                                                                                                                  0x032d4015
                                                                                                                                  0x032d401a
                                                                                                                                  0x032d4023
                                                                                                                                  0x032d4028
                                                                                                                                  0x032d402e
                                                                                                                                  0x032d4033
                                                                                                                                  0x032d4039
                                                                                                                                  0x032d403e
                                                                                                                                  0x032d4044
                                                                                                                                  0x032d4049
                                                                                                                                  0x032d4052
                                                                                                                                  0x032d4057
                                                                                                                                  0x032d405d
                                                                                                                                  0x032d4062
                                                                                                                                  0x032d4068
                                                                                                                                  0x032d406d
                                                                                                                                  0x032d4073
                                                                                                                                  0x032d4078
                                                                                                                                  0x032d4081
                                                                                                                                  0x032d4086
                                                                                                                                  0x032d408f
                                                                                                                                  0x032d4097
                                                                                                                                  0x032d40a0
                                                                                                                                  0x032d40a5
                                                                                                                                  0x032d40ae
                                                                                                                                  0x032d40b3
                                                                                                                                  0x032d40bc
                                                                                                                                  0x032d40c1
                                                                                                                                  0x032d40c7
                                                                                                                                  0x032d40cc
                                                                                                                                  0x032d40d2
                                                                                                                                  0x032d40d7
                                                                                                                                  0x032d40dd
                                                                                                                                  0x032d40e2
                                                                                                                                  0x00000000
                                                                                                                                  0x032d40ed
                                                                                                                                  0x032d40f2

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032D3D59: _free.LIBCMT ref: 032D3D7E
                                                                                                                                  • _free.LIBCMT ref: 032D405D
                                                                                                                                    • Part of subcall function 032C9EFA: HeapFree.KERNEL32(00000000,00000000,?,032D3D83,032ED830,00000000,032ED830,?,?,032D4028,032ED830,00000007,032ED830,?,032D3341,032ED830), ref: 032C9F10
                                                                                                                                    • Part of subcall function 032C9EFA: GetLastError.KERNEL32(032ED830,?,032D3D83,032ED830,00000000,032ED830,?,?,032D4028,032ED830,00000007,032ED830,?,032D3341,032ED830,032ED830), ref: 032C9F22
                                                                                                                                  • _free.LIBCMT ref: 032D4068
                                                                                                                                  • _free.LIBCMT ref: 032D4073
                                                                                                                                  • _free.LIBCMT ref: 032D40C7
                                                                                                                                  • _free.LIBCMT ref: 032D40D2
                                                                                                                                  • _free.LIBCMT ref: 032D40DD
                                                                                                                                  • _free.LIBCMT ref: 032D40E8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 29d479d747cefe6ca4c00fcb6c387f464527607ab4350e1750d7f3cb15385822
                                                                                                                                  • Instruction ID: 1e335a777b21155ed81a84a4a58d16e18ff5391620e7b3d0ed98806e1218d5a6
                                                                                                                                  • Opcode Fuzzy Hash: 29d479d747cefe6ca4c00fcb6c387f464527607ab4350e1750d7f3cb15385822
                                                                                                                                  • Instruction Fuzzy Hash: 2211517E560B54AAD620FBB0CC45FCB7BAC6F12700F40491AA39A6E060DBB9B5C45A91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 004047D3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E004047D3(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                                  0x004047e1
                                                                                                                                  0x004047ee
                                                                                                                                  0x004047f4
                                                                                                                                  0x00404832
                                                                                                                                  0x00404832
                                                                                                                                  0x00404841
                                                                                                                                  0x00404848
                                                                                                                                  0x00000000
                                                                                                                                  0x0040484a
                                                                                                                                  0x004047f6
                                                                                                                                  0x00404805
                                                                                                                                  0x0040480d
                                                                                                                                  0x00404810
                                                                                                                                  0x00404822
                                                                                                                                  0x00404828
                                                                                                                                  0x0040482f
                                                                                                                                  0x00000000
                                                                                                                                  0x0040482f
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                  • String ID: f
                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                  • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                                  • Instruction ID: 01d6173a61c3c3b4b037133c9a52f1e04ee3049876a8ff08b59bebc5d15cf036
                                                                                                                                  • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                                  • Instruction Fuzzy Hash: BA018075D40218BADB00DB94CC41BFEBBBCAB55711F10412ABB00B61C0C3B46501CB95
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00402B3B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BB7();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                                  0x00402b48
                                                                                                                                  0x00402b56
                                                                                                                                  0x00402b5c
                                                                                                                                  0x00402b5c
                                                                                                                                  0x00402b6a
                                                                                                                                  0x00402b6c
                                                                                                                                  0x00402b78
                                                                                                                                  0x00402b7d
                                                                                                                                  0x00402b7f
                                                                                                                                  0x00402b7f
                                                                                                                                  0x00402b8a
                                                                                                                                  0x00402b9a
                                                                                                                                  0x00402bac
                                                                                                                                  0x00402bac
                                                                                                                                  0x00402bb4

                                                                                                                                  APIs
                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                                                                  • wsprintfA.USER32 ref: 00402B8A
                                                                                                                                  • SetWindowTextA.USER32(?,?), ref: 00402B9A
                                                                                                                                  • SetDlgItemTextA.USER32 ref: 00402BAC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                  • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                  • API String ID: 1451636040-1158693248
                                                                                                                                  • Opcode ID: d73ae3a0f00aa1d98c74df1646c5debd1ec4fea942ce3fc9f3adcea593d945d2
                                                                                                                                  • Instruction ID: 39266fd7d8b3d51d4259f470751267aa52f8e49dbca779dff7f29341b6a717b4
                                                                                                                                  • Opcode Fuzzy Hash: d73ae3a0f00aa1d98c74df1646c5debd1ec4fea942ce3fc9f3adcea593d945d2
                                                                                                                                  • Instruction Fuzzy Hash: AFF03671900109ABEF255F51DD0ABEE3779FB00305F008036FA05B51D1D7F9AA559F99
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D07B0 Relevance: 9.3, APIs: 6, Instructions: 319fileCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetConsoleCP.KERNEL32(?,00000000,00000000), ref: 032D07F8
                                                                                                                                  • __fassign.LIBCMT ref: 032D09D7
                                                                                                                                  • __fassign.LIBCMT ref: 032D09F4
                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 032D0A3C
                                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 032D0A7C
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 032D0B28
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4031098158-0
                                                                                                                                  • Opcode ID: bbfb256effc974912cf745d96b9f471fc9ec52c6819536aa020fc6a2745f78a7
                                                                                                                                  • Instruction ID: 30bc0924f3ae41bdb696be6337bce780dbfba19755fee647e717c0b9a3b0e552
                                                                                                                                  • Opcode Fuzzy Hash: bbfb256effc974912cf745d96b9f471fc9ec52c6819536aa020fc6a2745f78a7
                                                                                                                                  • Instruction Fuzzy Hash: D7D1DB75D102989FCF10CFA8D8809EDFBB9FF48314F28816AE855BB251D631A986CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C6792 Relevance: 9.3, APIs: 6, Instructions: 265COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __allrem.LIBCMT ref: 032C691C
                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 032C6938
                                                                                                                                  • __allrem.LIBCMT ref: 032C694F
                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 032C696D
                                                                                                                                  • __allrem.LIBCMT ref: 032C6984
                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 032C69A2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1992179935-0
                                                                                                                                  • Opcode ID: 8c2509c323e6a4682ede6f0e13740c3ec0bad98f9770f9130ca5350ce1fd5e0f
                                                                                                                                  • Instruction ID: cce067257910c3a3614136debd545b337d8f8488bee9aef55f680af15d1a4f9b
                                                                                                                                  • Opcode Fuzzy Hash: 8c2509c323e6a4682ede6f0e13740c3ec0bad98f9770f9130ca5350ce1fd5e0f
                                                                                                                                  • Instruction Fuzzy Hash: 4781C675A307869BD724DF69DC40B6AB3E9AF44360F1C872EE551DB280E7B0E9C48790
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AA370 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 201sleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Sleep.KERNEL32(00000032,?,?,?,?,?,00285F40,?,00004F00,00000000,00005960,00004F00,00285F40), ref: 032AA46A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Sleep
                                                                                                                                  • String ID: $0002
                                                                                                                                  • API String ID: 3472027048-1107187475
                                                                                                                                  • Opcode ID: 88243c8e37ecf8556752c78cb231958c7674dad33f2014c234e876513e796c7e
                                                                                                                                  • Instruction ID: 83b5eddab966e9c3db53eae160cd4f3b452b6be718a67bdf051fe79fe07834a8
                                                                                                                                  • Opcode Fuzzy Hash: 88243c8e37ecf8556752c78cb231958c7674dad33f2014c234e876513e796c7e
                                                                                                                                  • Instruction Fuzzy Hash: CB711A35920F01ABC320EB28E888777B3E5AF88718F58C51DE54657285E670E5C8CB95
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BA420 Relevance: 9.2, APIs: 6, Instructions: 176COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA5B9
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA5CE
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA5E3
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA5F8
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA60D
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA622
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2005118841-0
                                                                                                                                  • Opcode ID: 2b4a53552f1676f59e7c3e0d19357c553b1d4d5ae1fa9ddf4873f935431fbc17
                                                                                                                                  • Instruction ID: ac25be0584c0b25a9aec4779968e2ab554f0edd960ccaaf7a595c61c8a20718f
                                                                                                                                  • Opcode Fuzzy Hash: 2b4a53552f1676f59e7c3e0d19357c553b1d4d5ae1fa9ddf4873f935431fbc17
                                                                                                                                  • Instruction Fuzzy Hash: 1B515AB0A1020ADFCB14CFA4C884EEEB7B9FF48714F14855DE425AB250D771E984CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BA630 Relevance: 9.2, APIs: 6, Instructions: 174COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA7CC
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA7E1
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA7F6
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA80B
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA820
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA835
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2005118841-0
                                                                                                                                  • Opcode ID: 0692035a3a5ca1b4a697d8f16843943b17deb1f82a477bc827803eac8d73eb14
                                                                                                                                  • Instruction ID: 3651f8cc23fab91c40b7574fe80a3561ddf433fa1adf61a0e4a990a16a9de2e2
                                                                                                                                  • Opcode Fuzzy Hash: 0692035a3a5ca1b4a697d8f16843943b17deb1f82a477bc827803eac8d73eb14
                                                                                                                                  • Instruction Fuzzy Hash: 3E517AB4A1030AAFCB10CFA8C984EEEB7B9FF88714F10851DE515AB251D771E985CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C1B09 Relevance: 9.1, APIs: 6, Instructions: 114windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 78%
                                                                                                                                  			E031C1B09(void* __edi, void* __esi, intOrPtr _a4, int _a8, unsigned int _a12, long _a16) {
				struct tagRECT _v20;
				int _t48;
				signed int _t49;
				CHAR** _t52;
				intOrPtr _t55;
				signed int _t59;
				signed int _t60;
				int _t63;
				long _t74;
				intOrPtr _t76;

				_t48 = _a8;
				if(_t48 == 0x2b) {
					_t74 = _a16;
					_t49 = E031C103E( *((intOrPtr*)(_t74 + 4)));
					__eflags = _t49;
					if(_t49 < 0) {
						L21:
						__eflags = 0;
						return 0;
					}
					_push(__esi);
					_push(__edi);
					asm("movsd");
					_t52 = _t49 * 0x54 +  *0x31c6804;
					asm("movsd");
					asm("movsd");
					_a12 = _t52;
					asm("movsd");
					DrawTextA( *(_t74 + 0x18),  *_t52, 0xffffffff,  &_v20, 0x414);
					_t76 = _v20.right + 2;
					_t55 =  *((intOrPtr*)(_t74 + 0x24));
					__eflags = _t76 - _t55;
					_v20.right = _t76;
					if(_t76 >= _t55) {
						_v20.right = _t55;
					}
					__eflags =  *0x31c6800;
					if( *0x31c6800 != 0) {
						_v20.right = _t55;
						_t22 =  &_v20;
						 *_t22 = _v20.left + _t55 - _v20.right;
						__eflags =  *_t22;
					}
					__eflags =  *(_t74 + 0xc) & 0x00000001;
					if(( *(_t74 + 0xc) & 0x00000001) != 0) {
						_t59 = GetWindowLongA( *(_t74 + 0x14), 0xffffffeb);
						__eflags = _t59;
						if(_t59 == 0) {
							SetTextColor( *(_t74 + 0x18),  *(_a12 + 0x44));
						}
						_t60 =  *0x31c6800; // 0x0
						asm("sbb eax, eax");
						_t63 =  ~_t60 & 0x00020000 | 0x00000015;
						__eflags = _t63;
						DrawTextA( *(_t74 + 0x18),  *_a12, 0xffffffff,  &_v20, _t63);
					}
					__eflags =  *(_t74 + 0x10) & 0x00000010;
					if(( *(_t74 + 0x10) & 0x00000010) == 0) {
						L18:
						__eflags =  *(_t74 + 0xc) & 0x00000004;
						if(( *(_t74 + 0xc) & 0x00000004) == 0) {
							goto L20;
						}
						goto L19;
					} else {
						__eflags =  *(_t74 + 0xc) & 0x00000001;
						if(( *(_t74 + 0xc) & 0x00000001) != 0) {
							L19:
							DrawFocusRect( *(_t74 + 0x18),  &_v20);
							L20:
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							goto L21;
						}
						goto L18;
					}
				}
				if(_t48 == 0x111) {
					E031C176B(__edi, __esi, __eflags, _a4, _a12 & 0x0000ffff, _a16, _a12 >> 0x10);
					goto L21;
				}
				if(_t48 <= 0x132 || _t48 > 0x136 && _t48 != 0x138) {
					goto L21;
				} else {
					return SendMessageA( *0x31c67c8, _t48, _a12, _a16);
				}
			}













                                                                                                                                  0x031c1b0f
                                                                                                                                  0x031c1b16
                                                                                                                                  0x031c1b6f
                                                                                                                                  0x031c1b75
                                                                                                                                  0x031c1b7a
                                                                                                                                  0x031c1b7c
                                                                                                                                  0x031c1c4c
                                                                                                                                  0x031c1c4c
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1c4c
                                                                                                                                  0x031c1b82
                                                                                                                                  0x031c1b83
                                                                                                                                  0x031c1b8a
                                                                                                                                  0x031c1b8e
                                                                                                                                  0x031c1b97
                                                                                                                                  0x031c1b98
                                                                                                                                  0x031c1ba1
                                                                                                                                  0x031c1ba4
                                                                                                                                  0x031c1bb0
                                                                                                                                  0x031c1bb5
                                                                                                                                  0x031c1bb8
                                                                                                                                  0x031c1bbb
                                                                                                                                  0x031c1bbd
                                                                                                                                  0x031c1bc0
                                                                                                                                  0x031c1bc2
                                                                                                                                  0x031c1bc2
                                                                                                                                  0x031c1bc5
                                                                                                                                  0x031c1bcc
                                                                                                                                  0x031c1bd3
                                                                                                                                  0x031c1bd6
                                                                                                                                  0x031c1bd6
                                                                                                                                  0x031c1bd6
                                                                                                                                  0x031c1bd6
                                                                                                                                  0x031c1bd9
                                                                                                                                  0x031c1bdd
                                                                                                                                  0x031c1be4
                                                                                                                                  0x031c1bea
                                                                                                                                  0x031c1bec
                                                                                                                                  0x031c1bf7
                                                                                                                                  0x031c1bf7
                                                                                                                                  0x031c1bfd
                                                                                                                                  0x031c1c04
                                                                                                                                  0x031c1c0b
                                                                                                                                  0x031c1c0b
                                                                                                                                  0x031c1c1c
                                                                                                                                  0x031c1c1c
                                                                                                                                  0x031c1c1e
                                                                                                                                  0x031c1c22
                                                                                                                                  0x031c1c2a
                                                                                                                                  0x031c1c2a
                                                                                                                                  0x031c1c2e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1c24
                                                                                                                                  0x031c1c24
                                                                                                                                  0x031c1c28
                                                                                                                                  0x031c1c30
                                                                                                                                  0x031c1c37
                                                                                                                                  0x031c1c3d
                                                                                                                                  0x031c1c46
                                                                                                                                  0x031c1c47
                                                                                                                                  0x031c1c48
                                                                                                                                  0x031c1c49
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1c4b
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1c28
                                                                                                                                  0x031c1c22
                                                                                                                                  0x031c1b1d
                                                                                                                                  0x031c1b65
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1b65
                                                                                                                                  0x031c1b24
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1b3c
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1b49

                                                                                                                                  APIs
                                                                                                                                  • SendMessageA.USER32 ref: 031C1B49
                                                                                                                                  • DrawTextA.USER32(?,-031C6804,000000FF,?,00000414), ref: 031C1BB0
                                                                                                                                  • GetWindowLongA.USER32 ref: 031C1BE4
                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 031C1BF7
                                                                                                                                  • DrawTextA.USER32(?,?,000000FF,?,00000000), ref: 031C1C1C
                                                                                                                                  • DrawFocusRect.USER32 ref: 031C1C37
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748522491.00000000031C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 031C0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748395968.00000000031C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748634965.00000000031C3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748656419.00000000031C4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748694802.00000000031C6000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748715226.00000000031C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_31c0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DrawText$ColorFocusLongMessageRectSendWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 491839470-0
                                                                                                                                  • Opcode ID: baf19b0b5ad887eecced78ce0da532394a72c94176041eac28276c5d28817d5f
                                                                                                                                  • Instruction ID: 727f2e7f6ae7108b147e848a7c118020b6f41417a82a23d8693595250bc72076
                                                                                                                                  • Opcode Fuzzy Hash: baf19b0b5ad887eecced78ce0da532394a72c94176041eac28276c5d28817d5f
                                                                                                                                  • Instruction Fuzzy Hash: C8419B3655028AAFCF09DF58CC81AAE7FB5FF18300F084969FD109A1A6D375D9A0CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BA2E0 Relevance: 9.1, APIs: 6, Instructions: 99comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CoCreateInstance.OLE32(032DCF88,00000000,00000001,032DCF98,?,444D31BA,?,?), ref: 032BA339
                                                                                                                                  • CoCreateInstance.OLE32(032DCFA8,00000000,00000001,032DCFB8,00000000,?,?), ref: 032BA350
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA3DB
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA3F0
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA405
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BA41A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw$CreateInstance
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 22819674-0
                                                                                                                                  • Opcode ID: 2d8449dc0145f7ab418bdbf1dc6555f012fa6182ca6359196e410ccc3ef4b1f6
                                                                                                                                  • Instruction ID: d4550416448689ecb8a23f86adae1caa81dc836c28bd4644e162a3896c910694
                                                                                                                                  • Opcode Fuzzy Hash: 2d8449dc0145f7ab418bdbf1dc6555f012fa6182ca6359196e410ccc3ef4b1f6
                                                                                                                                  • Instruction Fuzzy Hash: 813190B0A20309AFCB10DFA4C989FEEF7B8FB48714F108529E511A7640D7759985CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C1C53 Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                  			E031C1C53(void* __ecx, void* __eflags, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				struct tagPOINT _v12;
				signed int _t23;
				void* _t27;
				signed char _t28;
				struct HICON__* _t29;
				void* _t32;
				unsigned int _t33;
				signed int _t38;
				void* _t40;
				signed char _t47;
				struct HWND__* _t55;
				void* _t58;

				_t55 = _a4;
				_t23 = E031C103E(GetDlgCtrlID(_t55));
				if(_t23 >= 0) {
					_t58 = _t23 * 0x54 +  *0x31c6804;
					_t27 = _a8 - 0x20;
					if(_t27 == 0) {
						if(_a12 != _t55 || _a16 != 1) {
							L10:
							_t28 = CallWindowProcA( *(_t58 + 0x40), _t55, _a8, _a12, _a16);
							goto L11;
						} else {
							_t29 = LoadCursorA(0, 0x7f89);
							if(_t29 == 0) {
								goto L10;
							}
							SetCursor(_t29);
							_t28 = 1;
							L11:
							return _t28;
						}
					}
					_t32 = _t27 - 0x64;
					if(_t32 == 0) {
						_t33 = _a16;
						_v12.y = _t33 >> 0x10;
						_v12.x = _t33;
						MapWindowPoints(0, _t55,  &_v12, 1);
						_push(_v12.y);
						_t38 = PtInRect(_t58 + 0x24, _v12);
						asm("sbb eax, eax");
						_t28 =  ~( ~_t38);
						goto L11;
					}
					_t40 = _t32 - 3;
					if(_t40 == 0) {
						asm("sbb eax, eax");
						_t28 = ( ~( *(_t58 + 0x34) & 0x00000400) & 0x000000f0) + 0x00000020 | 0x00000020;
						goto L11;
					}
					if(_t40 == 0x6d) {
						_t47 = _a12;
						if((_t47 & 0x0000000f) != 1) {
							 *(_t58 + 0x35) =  *(_t58 + 0x35) & 0x000000fb;
						} else {
							 *(_t58 + 0x35) =  *(_t58 + 0x35) | 0x00000004;
						}
						_a12 = _t47 & 0x000000fb | 0x0000000b;
					}
					goto L10;
				}
				_t28 = 0;
				goto L11;
			}















                                                                                                                                  0x031c1c5a
                                                                                                                                  0x031c1c65
                                                                                                                                  0x031c1c6c
                                                                                                                                  0x031c1c7b
                                                                                                                                  0x031c1c80
                                                                                                                                  0x031c1c83
                                                                                                                                  0x031c1d21
                                                                                                                                  0x031c1cb6
                                                                                                                                  0x031c1cc3
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1d2a
                                                                                                                                  0x031c1d31
                                                                                                                                  0x031c1d39
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1d40
                                                                                                                                  0x031c1d48
                                                                                                                                  0x031c1cc9
                                                                                                                                  0x031c1ccc
                                                                                                                                  0x031c1ccc
                                                                                                                                  0x031c1d21
                                                                                                                                  0x031c1c89
                                                                                                                                  0x031c1c8c
                                                                                                                                  0x031c1ce5
                                                                                                                                  0x031c1cf3
                                                                                                                                  0x031c1cfd
                                                                                                                                  0x031c1d00
                                                                                                                                  0x031c1d06
                                                                                                                                  0x031c1d10
                                                                                                                                  0x031c1d18
                                                                                                                                  0x031c1d1a
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1d1a
                                                                                                                                  0x031c1c8e
                                                                                                                                  0x031c1c91
                                                                                                                                  0x031c1cd9
                                                                                                                                  0x031c1ce0
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1ce0
                                                                                                                                  0x031c1c96
                                                                                                                                  0x031c1c98
                                                                                                                                  0x031c1ca3
                                                                                                                                  0x031c1cab
                                                                                                                                  0x031c1ca5
                                                                                                                                  0x031c1ca5
                                                                                                                                  0x031c1ca5
                                                                                                                                  0x031c1cb3
                                                                                                                                  0x031c1cb3
                                                                                                                                  0x00000000
                                                                                                                                  0x031c1c96
                                                                                                                                  0x031c1c6e
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748522491.00000000031C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 031C0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748395968.00000000031C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748634965.00000000031C3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748656419.00000000031C4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748694802.00000000031C6000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.748715226.00000000031C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_31c0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CursorWindow$CallCtrlLoadPointsProcRect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3496465773-0
                                                                                                                                  • Opcode ID: eeeb140c8a5579361babcdb4e67d1b383b2c74bad904fbdceb29e869b3c9c6db
                                                                                                                                  • Instruction ID: 2cf0e12aa9f4021b2defb5198a3a99e26a1f10bc744649b0afdaa73234f30378
                                                                                                                                  • Opcode Fuzzy Hash: eeeb140c8a5579361babcdb4e67d1b383b2c74bad904fbdceb29e869b3c9c6db
                                                                                                                                  • Instruction Fuzzy Hash: F82125335A0286BBDB14CFB4CD0AAAA3FE8FB1D200F04492CF652D6181D375DD908764
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032ACA70 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 90memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032ACA9E
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,?), ref: 032ACABF
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032ACACF
                                                                                                                                    • Part of subcall function 032AD2B0: GlobalAlloc.KERNEL32(00000040,?,?,?,032ACB18,?), ref: 032AD2C8
                                                                                                                                    • Part of subcall function 032AD2B0: lstrcpynA.KERNEL32(00000004,032ACB18,?,?,032ACB18,?), ref: 032AD2DD
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032ACB40
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032ACB57
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloc$lstrcpyn$Freelstrcpy
                                                                                                                                  • String ID: error
                                                                                                                                  • API String ID: 2537661538-1574812785
                                                                                                                                  • Opcode ID: da4909945a461f7938c6d0e4807823419982b2ce152fe798d05a5c1cad7b7b35
                                                                                                                                  • Instruction ID: 28a4adc5ad5fd81ed4369f4bb0ded3f3aa0a84f632579ad547635c3f514b2780
                                                                                                                                  • Opcode Fuzzy Hash: da4909945a461f7938c6d0e4807823419982b2ce152fe798d05a5c1cad7b7b35
                                                                                                                                  • Instruction Fuzzy Hash: B73184B9911214DFCB18EFA4E859AAAB7B8FF08B00F04455DE906DB384D772A844CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AFE80 Relevance: 9.1, APIs: 6, Instructions: 89windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Enable$MessagePost$CallProc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2479530683-0
                                                                                                                                  • Opcode ID: 374192ef75ef0858cc4586294eb89735e8cf8092c6e1b140167ca4cf40e3eba5
                                                                                                                                  • Instruction ID: f18959a33d65d997776377f0211079ebcdabb14cd0ee77b86e0f8528848510d5
                                                                                                                                  • Opcode Fuzzy Hash: 374192ef75ef0858cc4586294eb89735e8cf8092c6e1b140167ca4cf40e3eba5
                                                                                                                                  • Instruction Fuzzy Hash: 7421E735A01216BFDB10AE09FD8DB597B68E745720F158526FA04CE2D8C3B59890DB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B8660 Relevance: 9.1, APIs: 6, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000000,00000000,032EF858,00000000,?), ref: 032B8691
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B86B7
                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000000,00000000,032EF858,00000000,?), ref: 032B86CF
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032B86F7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandleOpenProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 39102293-0
                                                                                                                                  • Opcode ID: d2df12a56017ef9005e3326052728873ed5a8040f805bd0ffb5c66904f7c087d
                                                                                                                                  • Instruction ID: 360ea2cc1a308622b553265594852c80ef8fd73864c76bb89dda24d7b2efff1f
                                                                                                                                  • Opcode Fuzzy Hash: d2df12a56017ef9005e3326052728873ed5a8040f805bd0ffb5c66904f7c087d
                                                                                                                                  • Instruction Fuzzy Hash: DE11E6766416307BD621AB54FC4DFEA777CEB86B96F094014FB08AA1C4C7B08581C6A1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C059F Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,?,032C0426,032BDF86,032BDA6B), ref: 032C05AD
                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 032C05BB
                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 032C05D4
                                                                                                                                  • SetLastError.KERNEL32(00000000,?,032C0426,032BDF86,032BDA6B), ref: 032C0626
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                  • Opcode ID: 4e888bcc3127effd089c99ee23c4ce4c6be87acfbcc5347738fd6fe029a94779
                                                                                                                                  • Instruction ID: f1986ed5ecd622839a3231d71fa910752585638db67873f93ba54ea4da4b04ba
                                                                                                                                  • Opcode Fuzzy Hash: 4e888bcc3127effd089c99ee23c4ce4c6be87acfbcc5347738fd6fe029a94779
                                                                                                                                  • Instruction Fuzzy Hash: FF0128375393939FEA21B9B5BCCA5266688EB42678734832DE0108D0D5FFA198919140
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D1675 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 207COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free_strpbrk
                                                                                                                                  • String ID: *?
                                                                                                                                  • API String ID: 3300345361-2564092906
                                                                                                                                  • Opcode ID: cb503c3e9cedc1fea9c4864a1f138c8bc726fdd3246d4fdda146a0e44b0d284c
                                                                                                                                  • Instruction ID: 9eb738e5265d798deb71f82c626e9ea91fa0429e8c6a781db856621820e01e42
                                                                                                                                  • Opcode Fuzzy Hash: cb503c3e9cedc1fea9c4864a1f138c8bc726fdd3246d4fdda146a0e44b0d284c
                                                                                                                                  • Instruction Fuzzy Hash: 82614175D1021A9FDB14CFA8C8805EDFBF9EF48310B2982AAD815F7700D775AE918B90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A6830 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 137threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 032A6941
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 032A69B0
                                                                                                                                    • Part of subcall function 032A1CA0: OpenMutexA.KERNEL32 ref: 032A1CA8
                                                                                                                                    • Part of subcall function 032A1CB0: WaitForSingleObject.KERNEL32(?,00030D40,032A37FB,032A6518,00000000,032AC92C,?,032BB3FE,032BAD47,?,?,00000000,?,00000000,032DBCDE,000000FF), ref: 032A1CB2
                                                                                                                                    • Part of subcall function 032A1CE0: ReleaseMutex.KERNEL32(?,032A382A,032A656B), ref: 032A1CE1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentMutexThread$ObjectOpenReleaseSingleWait
                                                                                                                                  • String ID: %s_%08X$9$Global\CBIOS_LOCK_APP_MUTEX
                                                                                                                                  • API String ID: 2989353960-2832479397
                                                                                                                                  • Opcode ID: abc23343887e9050ee9d1d51766bc06b59bade13bc5ef676071704c487de3462
                                                                                                                                  • Instruction ID: 0ad4016c046a2fb60cb8986b74cfd2f6be59a18b5a5e1ff19f98244d224e67bf
                                                                                                                                  • Opcode Fuzzy Hash: abc23343887e9050ee9d1d51766bc06b59bade13bc5ef676071704c487de3462
                                                                                                                                  • Instruction Fuzzy Hash: 1C4138B5624B028FC720EF6CD88456BF3F5EB84368F488A2DD4558B285D7B1E8C4C782
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B7830 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032B8B20: LoadLibraryA.KERNEL32(psapi.dll,76D84DE0,00000000,032B8AB4), ref: 032B8B44
                                                                                                                                    • Part of subcall function 032B8B20: GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 032B8B58
                                                                                                                                    • Part of subcall function 032B8B20: GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 032B8B65
                                                                                                                                    • Part of subcall function 032B8B20: GetProcAddress.KERNEL32(00000000,EnumProcessModulesEx), ref: 032B8B72
                                                                                                                                    • Part of subcall function 032B8B20: GetProcAddress.KERNEL32(00000000,GetModuleFileNameExA), ref: 032B8B7F
                                                                                                                                    • Part of subcall function 032B8B20: GetProcAddress.KERNEL32(00000000,GetProcessImageFileNameA), ref: 032B8B8C
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000800,?,?), ref: 032B786D
                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?), ref: 032B787B
                                                                                                                                  • GetModuleFileNameA.KERNEL32(?,?,00000104,?,?,?,?,?), ref: 032B793B
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B79D2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$Global$AllocCurrentFileFreeLibraryLoadModuleNameProcess
                                                                                                                                  • String ID: \
                                                                                                                                  • API String ID: 3738410513-2967466578
                                                                                                                                  • Opcode ID: 74bd584eb1aefb4447b8278ad3314e969130ae4b4d2af81d0339e510b01aa685
                                                                                                                                  • Instruction ID: 5e06f21e56b6e6d98b8c36c2dc83dcaf9d80bb8db3fd48a4a934b261e0a67072
                                                                                                                                  • Opcode Fuzzy Hash: 74bd584eb1aefb4447b8278ad3314e969130ae4b4d2af81d0339e510b01aa685
                                                                                                                                  • Instruction Fuzzy Hash: 8E41D27595062E9FDF20DF689C88BE9B7B8AF54740F0840E8D948A7280DB709EC4CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A7690 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windownetworkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • send.WS2_32(?,00000000,?,00000000), ref: 032A76F7
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?), ref: 032A7718
                                                                                                                                  • FormatMessageA.KERNEL32(00001000,00000000,00000000,00000409,?,00000080,00000000,?,?,?,?,?,?,?,?), ref: 032A7752
                                                                                                                                  Strings
                                                                                                                                  • sock: Can not send data (expected: %i, received: %i), xrefs: 032A7760
                                                                                                                                  • sock: Can not send data, GetLastError: %i (0x%x), xrefs: 032A7726
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFormatLastMessagesend
                                                                                                                                  • String ID: sock: Can not send data (expected: %i, received: %i)$sock: Can not send data, GetLastError: %i (0x%x)
                                                                                                                                  • API String ID: 2300574741-1776681543
                                                                                                                                  • Opcode ID: d68c3b4320764edf9058d939b61a92988f5ada0c5f15ce95384d403ea192638d
                                                                                                                                  • Instruction ID: 751e3c4b41d01c9ad290263844c81c9371f2cba3c051d1e652ba127d33e77806
                                                                                                                                  • Opcode Fuzzy Hash: d68c3b4320764edf9058d939b61a92988f5ada0c5f15ce95384d403ea192638d
                                                                                                                                  • Instruction Fuzzy Hash: B4214D795247016FD220FB6C9C81FEFB7ACAF80750F444518F5599A281EFB0A484C3A7
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00403978 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00403978(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405ADD(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4; // 0x3
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423eb0; // 0x69fab8
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E00405AC4(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420478, E00405B88(_t13, _t24, _t26, "ibaAnalyzer v7.3.6 (x64) Setup", 0xfffffffe));
						_t11 =  *0x423ecc; // 0x3
						_t27 =  *0x423ec8; // 0x69fe24
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x69fe3c
								_t11 = E00405B88(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                                                                                                                  0x0040397c
                                                                                                                                  0x00403981
                                                                                                                                  0x00403987
                                                                                                                                  0x0040398c
                                                                                                                                  0x0040398c
                                                                                                                                  0x00403994
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00403996
                                                                                                                                  0x0040399c
                                                                                                                                  0x004039a4
                                                                                                                                  0x004039a6
                                                                                                                                  0x004039ac
                                                                                                                                  0x004039ac
                                                                                                                                  0x004039ae
                                                                                                                                  0x004039ba
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004039be
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004039c0
                                                                                                                                  0x004039c5
                                                                                                                                  0x004039ce
                                                                                                                                  0x004039d4
                                                                                                                                  0x004039d9
                                                                                                                                  0x004039ed
                                                                                                                                  0x004039f8
                                                                                                                                  0x00403a10
                                                                                                                                  0x00403a16
                                                                                                                                  0x00403a1b
                                                                                                                                  0x00403a23
                                                                                                                                  0x00403a44
                                                                                                                                  0x00403a44
                                                                                                                                  0x00403a44
                                                                                                                                  0x00403a25
                                                                                                                                  0x00403a27
                                                                                                                                  0x00403a27
                                                                                                                                  0x00403a2b
                                                                                                                                  0x00403a2e
                                                                                                                                  0x00403a32
                                                                                                                                  0x00403a32
                                                                                                                                  0x00403a37
                                                                                                                                  0x00403a3d
                                                                                                                                  0x00403a3d
                                                                                                                                  0x00000000
                                                                                                                                  0x00403a27
                                                                                                                                  0x004039db
                                                                                                                                  0x004039e0
                                                                                                                                  0x004039e9
                                                                                                                                  0x004039e2
                                                                                                                                  0x004039e2
                                                                                                                                  0x004039e2
                                                                                                                                  0x004039e0

                                                                                                                                  APIs
                                                                                                                                  • SetWindowTextA.USER32(00000000,ibaAnalyzer v7.3.6 (x64) Setup), ref: 00403A10
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: TextWindow
                                                                                                                                  • String ID: #'k$1033$C:\Users\user\AppData\Local\Temp\$ibaAnalyzer v7.3.6 (x64) Setup
                                                                                                                                  • API String ID: 530164218-1058899684
                                                                                                                                  • Opcode ID: 9a42cbf8a28c659a92ce9de243ac321228f9f300189a9516546428ecdf00a219
                                                                                                                                  • Instruction ID: 09623374405f0611f065d620c03919b516a5f167df25bc0d5edc66fe9dc562c0
                                                                                                                                  • Opcode Fuzzy Hash: 9a42cbf8a28c659a92ce9de243ac321228f9f300189a9516546428ecdf00a219
                                                                                                                                  • Instruction Fuzzy Hash: F611C2B1B005109BC730DF15D880A73767DEB84716369413BE94167391C77EAE028E58
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00401D1B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 67%
                                                                                                                                  			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af74->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af84 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af8b = 1;
				 *0x40af88 = _t11 & 0x00000001;
				 *0x40af89 = _t11 & 0x00000002;
				 *0x40af8a = _t11 & 0x00000004;
				E00405B88(_t18, _t24, _t26, "MS Shell Dlg",  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af74);
				_push(_t14);
				_push(_t26);
				E00405AC4();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                                                                  0x00401d29
                                                                                                                                  0x00401d42
                                                                                                                                  0x00401d4c
                                                                                                                                  0x00401d51
                                                                                                                                  0x00401d5c
                                                                                                                                  0x00401d63
                                                                                                                                  0x00401d75
                                                                                                                                  0x00401d7b
                                                                                                                                  0x00401d80
                                                                                                                                  0x00401d8a
                                                                                                                                  0x004024b8
                                                                                                                                  0x00401561
                                                                                                                                  0x00402833
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                  • GetDC.USER32(?), ref: 00401D22
                                                                                                                                  • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                                                  • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                                  • CreateFontIndirectA.GDI32(0040AF74), ref: 00401D8A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsCreateDeviceFontIndirect
                                                                                                                                  • String ID: MS Shell Dlg
                                                                                                                                  • API String ID: 3272661963-76309092
                                                                                                                                  • Opcode ID: d8d00129a0c809e423feca600faf407eaf54c466d4b244af4f30760ff25f5d33
                                                                                                                                  • Instruction ID: d83410998d1654a5337f8c322709d39cf2ce3a8a4f0330bc6585c9693e616625
                                                                                                                                  • Opcode Fuzzy Hash: d8d00129a0c809e423feca600faf407eaf54c466d4b244af4f30760ff25f5d33
                                                                                                                                  • Instruction Fuzzy Hash: E1F044F1A45342AEE7016770AE0ABA93B649725306F100576F541BA1E2C5BC10149B7F
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C82D7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,032C8289,032C9589,?,032C8251,032C9589,?,032C9589), ref: 032C82EC
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 032C82FF
                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,032C8289,032C9589,?,032C8251,032C9589,?,032C9589), ref: 032C8322
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                  • Opcode ID: 4195c36c3e4b6cfe1cce9ddd80418c1f6331442ea3155acc5286e72ae7235b1d
                                                                                                                                  • Instruction ID: 87587c40cd1c96e4e7fbd226206550c1dfb557cc2fac24847d215946118da278
                                                                                                                                  • Opcode Fuzzy Hash: 4195c36c3e4b6cfe1cce9ddd80418c1f6331442ea3155acc5286e72ae7235b1d
                                                                                                                                  • Instruction Fuzzy Hash: 3AF08931D51239FBDB11DB91DD0EBADBB78EB04B12F548164FC04A2151CB718E50D6D0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10001ADF Relevance: 7.7, APIs: 5, Instructions: 190COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 97%
                                                                                                                                  			E10001ADF(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v148;
				void _t46;
				void _t47;
				signed int _t48;
				signed int _t49;
				signed int _t58;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				signed int _t78;
				void* _t82;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				void* _t102;

				_t86 = __edx;
				 *0x10004058 = _a8;
				_t78 = 0;
				 *0x1000405c = _a16;
				_v8 = 0;
				_a16 = E10001561();
				_a8 = E10001561();
				_t91 = E10001641(_a16);
				_t82 = _a8;
				_t88 = _t86;
				_t46 =  *_t82;
				if(_t46 != 0x7e && _t46 != 0x21) {
					_v16 = E10001561();
					_t78 = E10001641(_t75);
					_v8 = _t86;
					GlobalFree(_v16);
					_t82 = _a8;
				}
				_t47 =  *_t82;
				_t102 = _t47 - 0x2f;
				if(_t102 > 0) {
					_t48 = _t47 - 0x3c;
					__eflags = _t48;
					if(_t48 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x3c;
						if( *((char*)(_t82 + 1)) != 0x3c) {
							__eflags = _t88 - _v8;
							if(__eflags > 0) {
								L54:
								_t49 = 0;
								__eflags = 0;
								L55:
								asm("cdq");
								L56:
								_t91 = _t49;
								_t88 = _t86;
								L57:
								E1000176C(_t86, _t91, _t88,  &_v148);
								E1000159E( &_v148);
								GlobalFree(_a16);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L47:
								__eflags = 0;
								L48:
								_t49 = 1;
								goto L55;
							}
							__eflags = _t91 - _t78;
							if(_t91 < _t78) {
								goto L47;
							}
							goto L54;
						}
						_t86 = _t88;
						_t49 = E10002BF0(_t91, _t78, _t86);
						goto L56;
					}
					_t58 = _t48 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags = _t91 - _t78;
						if(_t91 != _t78) {
							goto L54;
						}
						__eflags = _t88 - _v8;
						if(_t88 != _v8) {
							goto L54;
						}
						goto L47;
					}
					_t59 = _t58 - 1;
					__eflags = _t59;
					if(_t59 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x3e;
						if( *((char*)(_t82 + 1)) != 0x3e) {
							__eflags = _t88 - _v8;
							if(__eflags < 0) {
								goto L54;
							}
							if(__eflags > 0) {
								goto L47;
							}
							__eflags = _t91 - _t78;
							if(_t91 <= _t78) {
								goto L54;
							}
							goto L47;
						}
						_t86 = _t88;
						_t49 = E10002C10(_t91, _t78, _t86);
						goto L56;
					}
					_t61 = _t59 - 0x20;
					__eflags = _t61;
					if(_t61 == 0) {
						_t91 = _t91 ^ _t78;
						_t88 = _t88 ^ _v8;
						goto L57;
					}
					_t62 = _t61 - 0x1e;
					__eflags = _t62;
					if(_t62 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x7c;
						if( *((char*)(_t82 + 1)) != 0x7c) {
							_t91 = _t91 | _t78;
							_t88 = _t88 | _v8;
							goto L57;
						}
						__eflags = _t91 | _t88;
						if((_t91 | _t88) != 0) {
							goto L47;
						}
						__eflags = _t78 | _v8;
						if((_t78 | _v8) != 0) {
							goto L47;
						}
						goto L54;
					}
					__eflags = _t62 == 0;
					if(_t62 == 0) {
						_t91 =  !_t91;
						_t88 =  !_t88;
					}
					goto L57;
				}
				if(_t102 == 0) {
					L21:
					__eflags = _t78 | _v8;
					if((_t78 | _v8) != 0) {
						_v20 = E10002A80(_t91, _t88, _t78, _v8);
						_v16 = _t86;
						_t49 = E10002B30(_t91, _t88, _t78, _v8);
						_t82 = _a8;
					} else {
						_v20 = _v20 & 0x00000000;
						_v16 = _v16 & 0x00000000;
						_t49 = _t91;
						_t86 = _t88;
					}
					__eflags =  *_t82 - 0x2f;
					if( *_t82 != 0x2f) {
						goto L56;
					} else {
						_t91 = _v20;
						_t88 = _v16;
						goto L57;
					}
				}
				_t68 = _t47 - 0x21;
				if(_t68 == 0) {
					_t49 = 0;
					__eflags = _t91 | _t88;
					if((_t91 | _t88) != 0) {
						goto L55;
					}
					goto L48;
				}
				_t69 = _t68 - 4;
				if(_t69 == 0) {
					goto L21;
				}
				_t70 = _t69 - 1;
				if(_t70 == 0) {
					__eflags =  *((char*)(_t82 + 1)) - 0x26;
					if( *((char*)(_t82 + 1)) != 0x26) {
						_t91 = _t91 & _t78;
						_t88 = _t88 & _v8;
						goto L57;
					}
					__eflags = _t91 | _t88;
					if((_t91 | _t88) == 0) {
						goto L54;
					}
					__eflags = _t78 | _v8;
					if((_t78 | _v8) == 0) {
						goto L54;
					}
					goto L47;
				}
				_t71 = _t70 - 4;
				if(_t71 == 0) {
					_t49 = E10002A40(_t91, _t88, _t78, _v8);
					goto L56;
				} else {
					_t72 = _t71 - 1;
					if(_t72 == 0) {
						_t91 = _t91 + _t78;
						asm("adc edi, [ebp-0x4]");
					} else {
						if(_t72 == 0) {
							_t91 = _t91 - _t78;
							asm("sbb edi, [ebp-0x4]");
						}
					}
					goto L57;
				}
			}


























                                                                                                                                  0x10001adf
                                                                                                                                  0x10001aec
                                                                                                                                  0x10001af5
                                                                                                                                  0x10001af8
                                                                                                                                  0x10001afd
                                                                                                                                  0x10001b05
                                                                                                                                  0x10001b10
                                                                                                                                  0x10001b19
                                                                                                                                  0x10001b1b
                                                                                                                                  0x10001b1e
                                                                                                                                  0x10001b20
                                                                                                                                  0x10001b24
                                                                                                                                  0x10001b30
                                                                                                                                  0x10001b39
                                                                                                                                  0x10001b3e
                                                                                                                                  0x10001b41
                                                                                                                                  0x10001b47
                                                                                                                                  0x10001b47
                                                                                                                                  0x10001b4a
                                                                                                                                  0x10001b4d
                                                                                                                                  0x10001b50
                                                                                                                                  0x10001c16
                                                                                                                                  0x10001c16
                                                                                                                                  0x10001c19
                                                                                                                                  0x10001c82
                                                                                                                                  0x10001c86
                                                                                                                                  0x10001c95
                                                                                                                                  0x10001c98
                                                                                                                                  0x10001ca0
                                                                                                                                  0x10001ca0
                                                                                                                                  0x10001ca0
                                                                                                                                  0x10001ca2
                                                                                                                                  0x10001ca2
                                                                                                                                  0x10001ca3
                                                                                                                                  0x10001ca3
                                                                                                                                  0x10001ca5
                                                                                                                                  0x10001ca7
                                                                                                                                  0x10001cb0
                                                                                                                                  0x10001cbc
                                                                                                                                  0x10001ccd
                                                                                                                                  0x10001cd8
                                                                                                                                  0x10001cd8
                                                                                                                                  0x10001c9a
                                                                                                                                  0x10001c7d
                                                                                                                                  0x10001c7d
                                                                                                                                  0x10001c7f
                                                                                                                                  0x10001c7f
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c7f
                                                                                                                                  0x10001c9c
                                                                                                                                  0x10001c9e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c9e
                                                                                                                                  0x10001c8a
                                                                                                                                  0x10001c8e
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c8e
                                                                                                                                  0x10001c1b
                                                                                                                                  0x10001c1b
                                                                                                                                  0x10001c1c
                                                                                                                                  0x10001c74
                                                                                                                                  0x10001c76
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c78
                                                                                                                                  0x10001c7b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c7b
                                                                                                                                  0x10001c1e
                                                                                                                                  0x10001c1e
                                                                                                                                  0x10001c1f
                                                                                                                                  0x10001c54
                                                                                                                                  0x10001c58
                                                                                                                                  0x10001c67
                                                                                                                                  0x10001c6a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c6c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c6e
                                                                                                                                  0x10001c70
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c72
                                                                                                                                  0x10001c5c
                                                                                                                                  0x10001c60
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c60
                                                                                                                                  0x10001c21
                                                                                                                                  0x10001c21
                                                                                                                                  0x10001c24
                                                                                                                                  0x10001c4d
                                                                                                                                  0x10001c4f
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c4f
                                                                                                                                  0x10001c26
                                                                                                                                  0x10001c26
                                                                                                                                  0x10001c29
                                                                                                                                  0x10001c35
                                                                                                                                  0x10001c39
                                                                                                                                  0x10001c46
                                                                                                                                  0x10001c48
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c48
                                                                                                                                  0x10001c3b
                                                                                                                                  0x10001c3d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c3f
                                                                                                                                  0x10001c42
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c44
                                                                                                                                  0x10001c2c
                                                                                                                                  0x10001c2d
                                                                                                                                  0x10001c2f
                                                                                                                                  0x10001c31
                                                                                                                                  0x10001c31
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c2d
                                                                                                                                  0x10001b56
                                                                                                                                  0x10001bce
                                                                                                                                  0x10001bd0
                                                                                                                                  0x10001bd3
                                                                                                                                  0x10001bf1
                                                                                                                                  0x10001bf4
                                                                                                                                  0x10001bfa
                                                                                                                                  0x10001bff
                                                                                                                                  0x10001bd5
                                                                                                                                  0x10001bd5
                                                                                                                                  0x10001bd9
                                                                                                                                  0x10001bdd
                                                                                                                                  0x10001bdf
                                                                                                                                  0x10001bdf
                                                                                                                                  0x10001c02
                                                                                                                                  0x10001c05
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c0b
                                                                                                                                  0x10001c0b
                                                                                                                                  0x10001c0e
                                                                                                                                  0x00000000
                                                                                                                                  0x10001c0e
                                                                                                                                  0x10001c05
                                                                                                                                  0x10001b58
                                                                                                                                  0x10001b5b
                                                                                                                                  0x10001bbf
                                                                                                                                  0x10001bc1
                                                                                                                                  0x10001bc3
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001bc9
                                                                                                                                  0x10001b5d
                                                                                                                                  0x10001b60
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001b62
                                                                                                                                  0x10001b63
                                                                                                                                  0x10001b99
                                                                                                                                  0x10001b9d
                                                                                                                                  0x10001bb5
                                                                                                                                  0x10001bb7
                                                                                                                                  0x00000000
                                                                                                                                  0x10001bb7
                                                                                                                                  0x10001b9f
                                                                                                                                  0x10001ba1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001ba7
                                                                                                                                  0x10001baa
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10001bb0
                                                                                                                                  0x10001b65
                                                                                                                                  0x10001b68
                                                                                                                                  0x10001b8f
                                                                                                                                  0x00000000
                                                                                                                                  0x10001b6a
                                                                                                                                  0x10001b6a
                                                                                                                                  0x10001b6b
                                                                                                                                  0x10001b7f
                                                                                                                                  0x10001b81
                                                                                                                                  0x10001b6d
                                                                                                                                  0x10001b6f
                                                                                                                                  0x10001b75
                                                                                                                                  0x10001b77
                                                                                                                                  0x10001b77
                                                                                                                                  0x10001b6f
                                                                                                                                  0x00000000
                                                                                                                                  0x10001b6b

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                                    • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                                  • GlobalFree.KERNEL32 ref: 10001B41
                                                                                                                                  • GlobalFree.KERNEL32 ref: 10001CCD
                                                                                                                                  • GlobalFree.KERNEL32 ref: 10001CD2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.749338517.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.749309117.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749363604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749383020.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeGlobal$lstrcpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 176019282-0
                                                                                                                                  • Opcode ID: 16e7fc8dfb2109add019363551953530b2221b6c08ce197826e595f4a50a0593
                                                                                                                                  • Instruction ID: ec181f717125864b891e508b79773b0a6be540bcfc5555760108aa08b7b6b632
                                                                                                                                  • Opcode Fuzzy Hash: 16e7fc8dfb2109add019363551953530b2221b6c08ce197826e595f4a50a0593
                                                                                                                                  • Instruction Fuzzy Hash: DD510332D84159EBFB22CFA48880EEDB7E5EF812C4FA24159E801A311DD771EE009B52
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032CC242 Relevance: 7.7, APIs: 5, Instructions: 188COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032C9F34: HeapAlloc.KERNEL32(00000000,032B2244,00000000,?,032BD9B8,032B2244,?,032B2244,00010000), ref: 032C9F66
                                                                                                                                  • _free.LIBCMT ref: 032CC351
                                                                                                                                  • _free.LIBCMT ref: 032CC368
                                                                                                                                  • _free.LIBCMT ref: 032CC387
                                                                                                                                  • _free.LIBCMT ref: 032CC3A2
                                                                                                                                  • _free.LIBCMT ref: 032CC3B9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$AllocHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1835388192-0
                                                                                                                                  • Opcode ID: 6d001f362b59ba521e78b0c153e758acb1546f5642447c23b2b685ee303fdded
                                                                                                                                  • Instruction ID: 37966fc76b94efc97f5681cc02497023369d972baf047291d366c48de32f7c95
                                                                                                                                  • Opcode Fuzzy Hash: 6d001f362b59ba521e78b0c153e758acb1546f5642447c23b2b685ee303fdded
                                                                                                                                  • Instruction Fuzzy Hash: 8551A075A303559FDB20DF69DC81AAAB3F4EF49710B04066EE809DB650E771A982CB80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C89D6 Relevance: 7.6, APIs: 5, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 032C8A44
                                                                                                                                  • _free.LIBCMT ref: 032C8A64
                                                                                                                                  • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 032C8AC5
                                                                                                                                  • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 032C8AD7
                                                                                                                                  • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 032C8AE4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __crt_fast_encode_pointer$_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 366466260-0
                                                                                                                                  • Opcode ID: 2afc67b30fba7300b17986bee04c13229430bab9834c00fd4d8e266354c05d49
                                                                                                                                  • Instruction ID: 3bbfbd0aee6a88238daa294e9e2d3e8e118079c09d3e0f22374969a65f6d48b9
                                                                                                                                  • Opcode Fuzzy Hash: 2afc67b30fba7300b17986bee04c13229430bab9834c00fd4d8e266354c05d49
                                                                                                                                  • Instruction Fuzzy Hash: B341B236A202549FCB14DF68C880AA9B3F5EF89714F1986ADD515EF340D771AD82CB80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B91A0 Relevance: 7.6, APIs: 6, Instructions: 86memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B443B,?,?,?,?,?), ref: 032B91FB
                                                                                                                                  • wsprintfA.USER32 ref: 032B9212
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?), ref: 032B922E
                                                                                                                                  • wsprintfA.USER32 ref: 032B9245
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B9261
                                                                                                                                  • wsprintfA.USER32 ref: 032B9275
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocGlobalwsprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3342130106-0
                                                                                                                                  • Opcode ID: fe060a660c1e35f496ebbc6ad6d504f0139bec072c618923ec2a50f9ecbb858d
                                                                                                                                  • Instruction ID: bb200905620309bfba8a8c4795b734e9e7435a5bb743b0759b1fa20d54dc4c51
                                                                                                                                  • Opcode Fuzzy Hash: fe060a660c1e35f496ebbc6ad6d504f0139bec072c618923ec2a50f9ecbb858d
                                                                                                                                  • Instruction Fuzzy Hash: D63180B1610221AFC314EF6DEC86EA677E8FF49604B05452EF64ACB381D774A850CB64
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A19C0 Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032A1590: CreateFileA.KERNELBASE(C0000000,C0000000,00000002,00000000,00000003,00000000,00000000,?,?,?,032A19D7,00000000,00005960,032AA3A6,00000000,00285F40), ref: 032A1614
                                                                                                                                  • DeviceIoControl.KERNEL32 ref: 032A1A09
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032A1A10
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032A1A18
                                                                                                                                  • DeviceIoControl.KERNEL32 ref: 032A1A47
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032A1A52
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandle$ControlDevice$CreateFile
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3303726863-0
                                                                                                                                  • Opcode ID: 5a3bae33de8ada58ba53a41423ec896eb679ed39002fe857d82af734d9027c7e
                                                                                                                                  • Instruction ID: 65f6d2887df8b2e4b38cb43b475a61c65e789a292624108d5475b22fd6294e4d
                                                                                                                                  • Opcode Fuzzy Hash: 5a3bae33de8ada58ba53a41423ec896eb679ed39002fe857d82af734d9027c7e
                                                                                                                                  • Instruction Fuzzy Hash: A5119371554312ABD320DF49EC85EABB7ECEBC5B60F04042DF95592240E271EA5CC6B7
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00402A36 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                  			E00402A36(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423f50; // 0x100
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A36(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405E88(2);
					if(_t27 == 0) {
						__eflags =  *0x423f50; // 0x100
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}










                                                                                                                                  0x00402a46
                                                                                                                                  0x00402a57
                                                                                                                                  0x00402a5f
                                                                                                                                  0x00402a87
                                                                                                                                  0x00402a6e
                                                                                                                                  0x00402a71
                                                                                                                                  0x00402ac1
                                                                                                                                  0x00402ac7
                                                                                                                                  0x00402ac9
                                                                                                                                  0x00000000
                                                                                                                                  0x00402ac9
                                                                                                                                  0x00402a7e
                                                                                                                                  0x00402a83
                                                                                                                                  0x00402a85
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402a85
                                                                                                                                  0x00402a9c
                                                                                                                                  0x00402aa4
                                                                                                                                  0x00402aab
                                                                                                                                  0x00402ad1
                                                                                                                                  0x00402ad7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402adf
                                                                                                                                  0x00402ae5
                                                                                                                                  0x00402ae7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00402ae7
                                                                                                                                  0x00000000
                                                                                                                                  0x00402aba
                                                                                                                                  0x00402ace

                                                                                                                                  APIs
                                                                                                                                  • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000100,?), ref: 00402A57
                                                                                                                                  • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                                                                  • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Close$DeleteEnumOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1912718029-0
                                                                                                                                  • Opcode ID: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                                                  • Instruction ID: 3ec7b1818cbfc33efeafaf7017db19c7c479205e5d6f4ff66fb244667a93d6f3
                                                                                                                                  • Opcode Fuzzy Hash: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                                                  • Instruction Fuzzy Hash: 93112971A00009FFDF319F90DE49EAF7B7DEB44385B104436F905A10A0DBB59E51AE69
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B7550 Relevance: 7.6, APIs: 5, Instructions: 54sleepserviceCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ControlService.ADVAPI32(032B7483,00000001,?,?,?,?,?,?,?,?,?,?,?,032B7483,00000000), ref: 032B756C
                                                                                                                                  • GetTickCount.KERNEL32 ref: 032B757E
                                                                                                                                  • Sleep.KERNEL32(?), ref: 032B7593
                                                                                                                                  • QueryServiceStatusEx.ADVAPI32(032B7483,00000000,?,00000024,?), ref: 032B75A7
                                                                                                                                  • GetTickCount.KERNEL32 ref: 032B75B7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountServiceTick$ControlQuerySleepStatus
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 565626883-0
                                                                                                                                  • Opcode ID: ee9418e2a1b1e9bd0a1c42a3569da614e49dc0406af28d1ca8122d0fc4218581
                                                                                                                                  • Instruction ID: 17f5edc95ebba3d3bf36dd9d3464bceb05227b6e599e94a985a4ec3b31bc39b4
                                                                                                                                  • Opcode Fuzzy Hash: ee9418e2a1b1e9bd0a1c42a3569da614e49dc0406af28d1ca8122d0fc4218581
                                                                                                                                  • Instruction Fuzzy Hash: 1A118E31911219AFDF10EF78ED48BEDB7F8EF49751F484065E904AA080D671A988DB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B1C90 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 48memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • wsprintfA.USER32 ref: 032B1CC6
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B1CE3
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B1D01
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B1D18
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocGlobal$lstrcpynwsprintf
                                                                                                                                  • String ID: error
                                                                                                                                  • API String ID: 2406901223-1574812785
                                                                                                                                  • Opcode ID: dc95a607a3e4e05f5a2f4d6ac0fb7e373d12f57a5e0e4139db1695b9cb43a076
                                                                                                                                  • Instruction ID: 02c35eb1c3c4cf4f7a2799228323570cc7f01d3aaec5b21327c7513c129a4d3a
                                                                                                                                  • Opcode Fuzzy Hash: dc95a607a3e4e05f5a2f4d6ac0fb7e373d12f57a5e0e4139db1695b9cb43a076
                                                                                                                                  • Instruction Fuzzy Hash: D911A176500226FFC704EF58FA4EAA977B8FB49340F25D125FE059B248DB31A460CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D3ADF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 032D3AF7
                                                                                                                                    • Part of subcall function 032C9EFA: HeapFree.KERNEL32(00000000,00000000,?,032D3D83,032ED830,00000000,032ED830,?,?,032D4028,032ED830,00000007,032ED830,?,032D3341,032ED830), ref: 032C9F10
                                                                                                                                    • Part of subcall function 032C9EFA: GetLastError.KERNEL32(032ED830,?,032D3D83,032ED830,00000000,032ED830,?,?,032D4028,032ED830,00000007,032ED830,?,032D3341,032ED830,032ED830), ref: 032C9F22
                                                                                                                                  • _free.LIBCMT ref: 032D3B09
                                                                                                                                  • _free.LIBCMT ref: 032D3B1B
                                                                                                                                  • _free.LIBCMT ref: 032D3B2D
                                                                                                                                  • _free.LIBCMT ref: 032D3B3F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 1977b4b74c39ad43a0abe9c75bb0b7f4f3e54cf3808534344a773baa0ad5d772
                                                                                                                                  • Instruction ID: c1a63795d3d827751f515656d6073bbb768ea37f25834ec0d73171e2326ad856
                                                                                                                                  • Opcode Fuzzy Hash: 1977b4b74c39ad43a0abe9c75bb0b7f4f3e54cf3808534344a773baa0ad5d772
                                                                                                                                  • Instruction Fuzzy Hash: ADF0493B520251EFC621EA9CF4CAC1AB7D9BA11720B69480BF109DF904DB71F8C08AA5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100022D9 Relevance: 7.5, APIs: 5, Instructions: 34libraryloaderstringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E100022D9(void* __ebx, void* __esi) {
				struct HINSTANCE__* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t14;
				struct HINSTANCE__* _t15;
				CHAR* _t17;
				CHAR* _t19;
				void* _t22;
				_Unknown_base(*)()* _t30;

				_t22 = __esi;
				_t10 = GetModuleHandleA(_t19);
				 *(__esi + 0x808) = _t10;
				if(_t10 != __ebx) {
					L2:
					_t17 = _t22 + 0x408;
					_t11 = GetProcAddress( *(_t22 + 0x808), _t17);
					 *(_t22 + 0x80c) = _t11;
					if(_t11 == 0) {
						lstrcatA(_t17, 0x10004024);
						_t14 = GetProcAddress( *(_t22 + 0x808), _t17);
						_t30 = _t14;
						 *(_t22 + 0x80c) = _t14;
						if(_t30 == 0) {
							goto L5;
						}
					}
				} else {
					_t15 = LoadLibraryA(_t19);
					 *(__esi + 0x808) = _t15;
					if(_t15 == __ebx) {
						L5:
						 *(_t22 + 4) =  *(_t22 + 4) | 0xffffffff;
					} else {
						goto L2;
					}
				}
				return _t22;
			}











                                                                                                                                  0x100022d9
                                                                                                                                  0x100022da
                                                                                                                                  0x100022e2
                                                                                                                                  0x100022e8
                                                                                                                                  0x100022fb
                                                                                                                                  0x10002301
                                                                                                                                  0x1000230e
                                                                                                                                  0x10002312
                                                                                                                                  0x10002318
                                                                                                                                  0x10002320
                                                                                                                                  0x1000232d
                                                                                                                                  0x1000232f
                                                                                                                                  0x10002331
                                                                                                                                  0x10002337
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002337
                                                                                                                                  0x100022ea
                                                                                                                                  0x100022eb
                                                                                                                                  0x100022f3
                                                                                                                                  0x100022f9
                                                                                                                                  0x10002339
                                                                                                                                  0x10002339
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x100022f9
                                                                                                                                  0x10002343

                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32 ref: 100022DA
                                                                                                                                  • LoadLibraryA.KERNEL32 ref: 100022EB
                                                                                                                                  • GetProcAddress.KERNEL32(?,?), ref: 1000230E
                                                                                                                                  • lstrcatA.KERNEL32(?,10004024), ref: 10002320
                                                                                                                                  • GetProcAddress.KERNEL32(?,?), ref: 1000232D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.749338517.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.749309117.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749363604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749383020.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$HandleLibraryLoadModulelstrcat
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3292988275-0
                                                                                                                                  • Opcode ID: cf03c9334428b1a449e60c2478b219d8c6ba13a6661d5fcc9210c97574c30e1d
                                                                                                                                  • Instruction ID: a16e665d85e8bf87652d8e7a136e9f33af8df523cd023001e60b55c705b6074c
                                                                                                                                  • Opcode Fuzzy Hash: cf03c9334428b1a449e60c2478b219d8c6ba13a6661d5fcc9210c97574c30e1d
                                                                                                                                  • Instruction Fuzzy Hash: 1EF06D71100716DAE3A1DF398C84A87B7E8FB442D4B11C929E1EAC2054DF34998A8B60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032CB2F1 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 376COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __freea$_free
                                                                                                                                  • String ID: a/p$am/pm
                                                                                                                                  • API String ID: 3432400110-3206640213
                                                                                                                                  • Opcode ID: 98efdcd7c883fad6d5f1e3ea0808495986cb9b2f2b376a2b81a18d5861c12b4b
                                                                                                                                  • Instruction ID: 97b611b053e412cd0d3afb9639ae791bb546db373b12f4976660e78f698ca370
                                                                                                                                  • Opcode Fuzzy Hash: 98efdcd7c883fad6d5f1e3ea0808495986cb9b2f2b376a2b81a18d5861c12b4b
                                                                                                                                  • Instruction Fuzzy Hash: 54C1CF35934296DBCF24CF68C89ABBAB7B0FF05700F28425DE805AB654D3B599C1CB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BB520 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BB584
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BB615
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BB644
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw
                                                                                                                                  • String ID: 61hYg
                                                                                                                                  • API String ID: 2005118841-1589620097
                                                                                                                                  • Opcode ID: d9f26dd79f9c0f57259a479120e924b394a2c95faee1d90bdb79f5de5985c882
                                                                                                                                  • Instruction ID: 44ded732084623dc9d4fd21cb925f608c9acb01334a99e531a7867ce8d321f55
                                                                                                                                  • Opcode Fuzzy Hash: d9f26dd79f9c0f57259a479120e924b394a2c95faee1d90bdb79f5de5985c882
                                                                                                                                  • Instruction Fuzzy Hash: E851E675924708AFDF20EF788849BFEB7B89F05740F04011EE4259B240DBB5A9C0CB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AA050 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,00000000), ref: 032AA11A
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 032AA12B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                  • String ID: #$%
                                                                                                                                  • API String ID: 2063062207-2141590602
                                                                                                                                  • Opcode ID: ca56829a396679ba563852e4748b02ef9e98346e9d73b6c2ed7c29f0a151b604
                                                                                                                                  • Instruction ID: 2b54e6b0701604d903cf6dce2fa03dd727c0c526fb3fc243fe94b5b9e3174b93
                                                                                                                                  • Opcode Fuzzy Hash: ca56829a396679ba563852e4748b02ef9e98346e9d73b6c2ed7c29f0a151b604
                                                                                                                                  • Instruction Fuzzy Hash: B4518D79614B019FC324DF18E880A66F7F1FF48314F48896ED8898B751E375E949CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00405659 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00405659(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                                                                  0x0040565a
                                                                                                                                  0x00405671
                                                                                                                                  0x00405679
                                                                                                                                  0x00405679
                                                                                                                                  0x00405681

                                                                                                                                  APIs
                                                                                                                                  • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 0040565F
                                                                                                                                  • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405668
                                                                                                                                  • lstrcatA.KERNEL32(?,00409010), ref: 00405679
                                                                                                                                  Strings
                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405659
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                  • API String ID: 2659869361-823278215
                                                                                                                                  • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                  • Instruction ID: d5422d5486d5b384c4dcc02911800b35c31fcf4388d9dde419d5dff5703c7688
                                                                                                                                  • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                  • Instruction Fuzzy Hash: 8BD05272605A202ED2022A258C05E9B7A28CF06311B044866B540B2292C6386D818AEE
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032ACFE0 Relevance: 6.3, APIs: 5, Instructions: 74memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032AD008
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,76D85484), ref: 032AD024
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032AD034
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032AD09A
                                                                                                                                  • wsprintfA.USER32 ref: 032AD0A8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloc$Freelstrcpywsprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3894215656-0
                                                                                                                                  • Opcode ID: cb2f1b914e5f97bba6b129b847d53cef8e10f4ebd69f34175613f802c85da5a4
                                                                                                                                  • Instruction ID: 3ae20472fc3f2a9e49070c17ebf055b099c0ba1d8c7f8881e7ed50792c4c9a62
                                                                                                                                  • Opcode Fuzzy Hash: cb2f1b914e5f97bba6b129b847d53cef8e10f4ebd69f34175613f802c85da5a4
                                                                                                                                  • Instruction Fuzzy Hash: 352197759156209FD708EF2CF86DA66B7A8FB49B20B094129E911CF3C4C331AC80CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032CDE6C Relevance: 6.3, APIs: 4, Instructions: 321COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _strrchr
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3213747228-0
                                                                                                                                  • Opcode ID: 0e3b29e0d4233917ccc99332fdddff6a7ca0fff448ff0ace9f23a1c77f4265b2
                                                                                                                                  • Instruction ID: ba52880969ce4f787ee4b328ade20e761fe9b4282f16825d3f3f5f56d2ab6c81
                                                                                                                                  • Opcode Fuzzy Hash: 0e3b29e0d4233917ccc99332fdddff6a7ca0fff448ff0ace9f23a1c77f4265b2
                                                                                                                                  • Instruction Fuzzy Hash: 52B116329302C69FDB11CF28C8907EEFBE5EF45340F1A42AED855AB241D6759981CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C6580 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 04acc8c4dbba45622df950cd630efe67f92ac4796afc9a703e730680e02a67cf
                                                                                                                                  • Instruction ID: 3146c6dfc652f30ce7dd70fa41e881d6865793c73ca8d1dddbe5eb9577ddf4b6
                                                                                                                                  • Opcode Fuzzy Hash: 04acc8c4dbba45622df950cd630efe67f92ac4796afc9a703e730680e02a67cf
                                                                                                                                  • Instruction Fuzzy Hash: 98411EB5A30785BFD724DF78DC41B9ABBA9EB44710F24472EE155DB280D3B5A5C08780
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D15A6 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032C216F: _free.LIBCMT ref: 032C217D
                                                                                                                                    • Part of subcall function 032C9FFE: WideCharToMultiByte.KERNEL32(000000FF,00000000,00000000,00000000,032C9D05,?,00000000,00000000,00000000,00000000,00000000,?,032C9D05,00000000,00000000,032F3A3C), ref: 032CA0A0
                                                                                                                                  • GetLastError.KERNEL32 ref: 032D160E
                                                                                                                                  • __dosmaperr.LIBCMT ref: 032D1615
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 032D1654
                                                                                                                                  • __dosmaperr.LIBCMT ref: 032D165B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 167067550-0
                                                                                                                                  • Opcode ID: 1dce850fc870cdd6e08a6f0c29fcbfc105f6bcce974f22a87f6158c3662968fd
                                                                                                                                  • Instruction ID: 297cc5087cfcab6709f5a42cf9d7c235bddc4557a493c89cd0c1bde718d93053
                                                                                                                                  • Opcode Fuzzy Hash: 1dce850fc870cdd6e08a6f0c29fcbfc105f6bcce974f22a87f6158c3662968fd
                                                                                                                                  • Instruction Fuzzy Hash: F021B675624316AFDB60EF65888096BB79CEF003647088659F9269BA40E771FCE0C7A0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C1FD7 Relevance: 6.1, APIs: 4, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 801d88ee113d71b075ec1ee2c54080667065b2c5813b1a93b87fbd1e7c2b2722
                                                                                                                                  • Instruction ID: 18333cda1f1e0f1c6d33e6c362967a04b768837b11df74799edbca5fcc9ac2c8
                                                                                                                                  • Opcode Fuzzy Hash: 801d88ee113d71b075ec1ee2c54080667065b2c5813b1a93b87fbd1e7c2b2722
                                                                                                                                  • Instruction Fuzzy Hash: 22218375634356FFDF20EB759C8096A779CAF202647048B1DF51A9A150DBB1DCD0C7A0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B18E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 80memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B1958
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,error), ref: 032B196F
                                                                                                                                    • Part of subcall function 032AF900: GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AF93C
                                                                                                                                    • Part of subcall function 032AF900: lstrcpyA.KERNEL32(00000000,-00000004,?,?,?,?,?,032B199F,?), ref: 032AF970
                                                                                                                                    • Part of subcall function 032AF900: GlobalFree.KERNEL32 ref: 032AF983
                                                                                                                                    • Part of subcall function 032AF900: lstrcmpiA.KERNEL32(00000000,/cbaddress,?,?,?,?,?,032B199F,?), ref: 032AF98F
                                                                                                                                    • Part of subcall function 032AF900: GlobalAlloc.KERNEL32(00000040), ref: 032AF9A7
                                                                                                                                    • Part of subcall function 032AF900: GlobalFree.KERNEL32 ref: 032AF9DC
                                                                                                                                    • Part of subcall function 032AF900: lstrcmpiA.KERNEL32(00000000,/progress,?,?,?,?,?,032B199F,?), ref: 032AFA05
                                                                                                                                    • Part of subcall function 032AF900: GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,032B199F,?), ref: 032AFA21
                                                                                                                                  • wsprintfA.USER32 ref: 032B19AE
                                                                                                                                    • Part of subcall function 032B1000: GlobalAlloc.KERNEL32(00000040,?,?,?,032B18CA,error), ref: 032B1018
                                                                                                                                    • Part of subcall function 032B1000: lstrcpynA.KERNEL32(00000004,?,?,032B18CA,error), ref: 032B102D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Alloc$Freelstrcmpilstrcpyn$lstrcpywsprintf
                                                                                                                                  • String ID: error
                                                                                                                                  • API String ID: 3590522825-1574812785
                                                                                                                                  • Opcode ID: b13129da898f632eb142cd2bc6cc8ebf5d8ec5c4664ef0806b9d0980135ab755
                                                                                                                                  • Instruction ID: 3b2ec999dde6e2c91c4c069afb9f0f472d484e4586a6c54c68356887eccde88c
                                                                                                                                  • Opcode Fuzzy Hash: b13129da898f632eb142cd2bc6cc8ebf5d8ec5c4664ef0806b9d0980135ab755
                                                                                                                                  • Instruction Fuzzy Hash: CE31D275910218AFCB00FF68FA5AAED73B4EB09341F118459EC0A8B344DB72A990CB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032CA3F1 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,032D2CCB,00000000,?,032C9CEC,?), ref: 032CA3F6
                                                                                                                                  • _free.LIBCMT ref: 032CA453
                                                                                                                                  • _free.LIBCMT ref: 032CA489
                                                                                                                                  • SetLastError.KERNEL32(00000000,00000008,000000FF,?,032C9CEC,?), ref: 032CA494
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2283115069-0
                                                                                                                                  • Opcode ID: eebd172e462af3eccaad70377d5b4173d3453799289776948e158abfd8abe43d
                                                                                                                                  • Instruction ID: f24fda39451bbee13890ee4cfb5d3232a1c275ec2e491aee81896eb6a5377122
                                                                                                                                  • Opcode Fuzzy Hash: eebd172e462af3eccaad70377d5b4173d3453799289776948e158abfd8abe43d
                                                                                                                                  • Instruction Fuzzy Hash: DB11CA356313D56FD621F5797C8DE6A235E9BC2674728433CF62D9E5C0EEA188C1C160
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032CA548 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(76D81D30,032B2244,?,032C94CB,032C9F77,00000000,?,032BD9B8,032B2244,?,032B2244,00010000), ref: 032CA54D
                                                                                                                                  • _free.LIBCMT ref: 032CA5AA
                                                                                                                                  • _free.LIBCMT ref: 032CA5E0
                                                                                                                                  • SetLastError.KERNEL32(00000000,00000008,000000FF,?,032BD9B8,032B2244,?,032B2244,00010000), ref: 032CA5EB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2283115069-0
                                                                                                                                  • Opcode ID: 21d5fb8992924b99c22123816e222f778f2ccb750299801b0a29ef8d27479c71
                                                                                                                                  • Instruction ID: 32bf3264e4d5d11eb5a9b545374f1b312e540846b2e7de6144d344e519b04687
                                                                                                                                  • Opcode Fuzzy Hash: 21d5fb8992924b99c22123816e222f778f2ccb750299801b0a29ef8d27479c71
                                                                                                                                  • Instruction Fuzzy Hash: 3811E335E313852EC611F5797C89E2A26699BC12B5724833CE11DDE1C5EEA18CC18160
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A16C0 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 032A16CE
                                                                                                                                    • Part of subcall function 032A1660: DeviceIoControl.KERNEL32 ref: 032A1691
                                                                                                                                    • Part of subcall function 032A1660: CloseHandle.KERNEL32(00000000), ref: 032A169C
                                                                                                                                  • DeviceIoControl.KERNEL32 ref: 032A1750
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032A175B
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 032A1768
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandle$ControlDevice$CountTick
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3938725483-0
                                                                                                                                  • Opcode ID: 744bfd2152010dfc357a1d6a22c38a112a4b97b7f133aeb7ba2364ebe6ec96c7
                                                                                                                                  • Instruction ID: 38b54baf5fca12e09f21082d8932e68a9bd72ba7a14c6da65568563f22202fe7
                                                                                                                                  • Opcode Fuzzy Hash: 744bfd2152010dfc357a1d6a22c38a112a4b97b7f133aeb7ba2364ebe6ec96c7
                                                                                                                                  • Instruction Fuzzy Hash: 6D11E9309147315BD724EE2CD9097AB73D4AF84B61F444958F945D1140E370D6A8CAD3
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A55A0 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseControlCountDeviceHandleTick
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3153040113-0
                                                                                                                                  • Opcode ID: bb89782747167343f4b51d20daa8580d7a1b3be8d621fa729e9ec611eb870351
                                                                                                                                  • Instruction ID: d5cfc73a0c6342ac70e2d632922de4c4f3a576281f014862a60b54deb5d2432a
                                                                                                                                  • Opcode Fuzzy Hash: bb89782747167343f4b51d20daa8580d7a1b3be8d621fa729e9ec611eb870351
                                                                                                                                  • Instruction Fuzzy Hash: 1E11A5B5900621AFE344EF28F84DBB73BE4FB84710F40C66DF98686344E6749594CBA2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C0857 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___BuildCatchObject.LIBVCRUNTIME ref: 032C0871
                                                                                                                                    • Part of subcall function 032C07BE: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 032C07ED
                                                                                                                                    • Part of subcall function 032C07BE: ___AdjustPointer.LIBCMT ref: 032C0808
                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 032C0886
                                                                                                                                  • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 032C0897
                                                                                                                                  • CallCatchBlock.LIBVCRUNTIME ref: 032C08BF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 737400349-0
                                                                                                                                  • Opcode ID: 5b9d42108137b376d4b57c657ec21b4f1f4b1fdf3932b98e70d5fbae86c454d6
                                                                                                                                  • Instruction ID: 3ac83a97242cea6155270c6973e4aaa5d764216ca0d7e88b2cf3b8593f47f505
                                                                                                                                  • Opcode Fuzzy Hash: 5b9d42108137b376d4b57c657ec21b4f1f4b1fdf3932b98e70d5fbae86c454d6
                                                                                                                                  • Instruction Fuzzy Hash: 2D015B32110249BBDF119E95DC40DEB7B79FF48744F048618FA086A121C772E8A19BA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B7FA0 Relevance: 6.0, APIs: 4, Instructions: 49threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindowThreadProcessId.USER32(?,?), ref: 032B7FB5
                                                                                                                                  • GetWindowLongA.USER32 ref: 032B7FC8
                                                                                                                                  • GetWindow.USER32(?,00000004), ref: 032B7FE4
                                                                                                                                  • GetWindowTextA.USER32 ref: 032B8001
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$LongProcessTextThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4064226584-0
                                                                                                                                  • Opcode ID: c86b978fa5f246adfad6b44cf21186e7efdcc085bcd82b66889d7d99a270a09b
                                                                                                                                  • Instruction ID: 46f2f0cb5ebb915ca7618acedf3aae798cfc81b7287714a32059a0d6e03bdafc
                                                                                                                                  • Opcode Fuzzy Hash: c86b978fa5f246adfad6b44cf21186e7efdcc085bcd82b66889d7d99a270a09b
                                                                                                                                  • Instruction Fuzzy Hash: 9601D4729152196BD720EE59EC48BEAB7BCEB417B0F14415AF854A7280C770A9D0D650
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B4FD0 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B5002
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 032B501B
                                                                                                                                  • lstrcpynA.KERNEL32(00000004,success), ref: 032B5032
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFreelstrcpyn
                                                                                                                                  • String ID: success
                                                                                                                                  • API String ID: 792936691-1862328242
                                                                                                                                  • Opcode ID: 00a22fbac5866dd52e646ed4bce86a57157863a7d8cbc5ef3a02e957d20cef96
                                                                                                                                  • Instruction ID: 74bb2d115b936af6730662e62bb0e525bc4f5e9acd5a21a78f4361adcb56761e
                                                                                                                                  • Opcode Fuzzy Hash: 00a22fbac5866dd52e646ed4bce86a57157863a7d8cbc5ef3a02e957d20cef96
                                                                                                                                  • Instruction Fuzzy Hash: C9017C76600312AFC714EF59F54A955B7B8FB49750B2A8069E914CB705D770B840CFD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A3AA0 Relevance: 6.0, APIs: 4, Instructions: 39synchronizationthreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000C8,00000000,00000BB8,032A3B61,00000BB8,?,00000000,?,00000000,032AA2E2), ref: 032A3AC8
                                                                                                                                  • InterlockedCompareExchange.KERNEL32(032F0BE8,00000001,00000000), ref: 032A3ADA
                                                                                                                                  • TerminateThread.KERNEL32(?,?,032A3B61,00000BB8,?,00000000,?,00000000,032AA2E2), ref: 032A3AF0
                                                                                                                                  • CloseHandle.KERNEL32(?,032A3B61,00000BB8,?,00000000,?,00000000,032AA2E2), ref: 032A3AF7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCompareExchangeHandleInterlockedObjectSingleTerminateThreadWait
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1228318664-0
                                                                                                                                  • Opcode ID: fcded35d7a79219dfb65978ce9ca47047aa4adf29885a2d918d6e4108cabfe4e
                                                                                                                                  • Instruction ID: 97341549e3ca9c51e1e1d1300ab0a8b8e71b0766705c661fd032602c2994595f
                                                                                                                                  • Opcode Fuzzy Hash: fcded35d7a79219dfb65978ce9ca47047aa4adf29885a2d918d6e4108cabfe4e
                                                                                                                                  • Instruction Fuzzy Hash: 05F096346556326BEB74DF19E885B37B7ECAF40B01F24841DFB91C6181DF25E0808A15
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A3600 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000000,?,00000000,?,?,032A36D5,032A67E8,?), ref: 032A3618
                                                                                                                                  • GetLastError.KERNEL32(?,032A36D5,032A67E8,?), ref: 032A3624
                                                                                                                                  • GetExitCodeProcess.KERNEL32 ref: 032A363E
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,032A36D5,032A67E8,?), ref: 032A3655
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CloseCodeErrorExitHandleLastOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2487237104-0
                                                                                                                                  • Opcode ID: 7060e53a6be58d7147e686dc40ca145a9cb0aa4e328a57ca308ede8dfb99a7c9
                                                                                                                                  • Instruction ID: df1377321c86b0fb22fbd09538cb1b4f4795b647d6524a99289bf6c9d8c0d97f
                                                                                                                                  • Opcode Fuzzy Hash: 7060e53a6be58d7147e686dc40ca145a9cb0aa4e328a57ca308ede8dfb99a7c9
                                                                                                                                  • Instruction Fuzzy Hash: A6F0E9773052316BD2149618FC0C7AB6BA8DBC0F52F18402DF205C1180CB70C444C662
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A3670 Relevance: 6.0, APIs: 4, Instructions: 37threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • OpenThread.KERNEL32(00000040,00000000,032AA0EE,00000000,?,?,032A36E2,032A67E8,?), ref: 032A3685
                                                                                                                                  • GetLastError.KERNEL32(?,032A36E2,032A67E8,?), ref: 032A3691
                                                                                                                                  • GetExitCodeThread.KERNEL32(00000000,?,?,032A36E2,032A67E8,?), ref: 032A36AB
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,032A36E2,032A67E8,?), ref: 032A36C2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Thread$CloseCodeErrorExitHandleLastOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1391977547-0
                                                                                                                                  • Opcode ID: 6ffd167295de8e4feb123ac4278cb6f8cd4324def867d2ce7085cfe47fc1bee3
                                                                                                                                  • Instruction ID: bd84e76efa6bed522b3a834efe03e924a04f1b6849fe13971037f7631f6e428d
                                                                                                                                  • Opcode Fuzzy Hash: 6ffd167295de8e4feb123ac4278cb6f8cd4324def867d2ce7085cfe47fc1bee3
                                                                                                                                  • Instruction Fuzzy Hash: 85F089776052316BE2149619FC0CBAB6BA8DBC4F66F14802DF605C6190DB74C894D665
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032D998B Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,032D79DB,00000000,00000001,00000000,00000000,?,032D0B87,00000000,?,00000000), ref: 032D99A2
                                                                                                                                  • GetLastError.KERNEL32(?,032D79DB,00000000,00000001,00000000,00000000,?,032D0B87,00000000,?,00000000,00000000,00000000,?,032D10DB,?), ref: 032D99AE
                                                                                                                                    • Part of subcall function 032D9974: CloseHandle.KERNEL32(FFFFFFFE,032D99BE,?,032D79DB,00000000,00000001,00000000,00000000,?,032D0B87,00000000,?,00000000,00000000,00000000), ref: 032D9984
                                                                                                                                  • ___initconout.LIBCMT ref: 032D99BE
                                                                                                                                    • Part of subcall function 032D9936: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,032D9965,032D79C8,00000000,?,032D0B87,00000000,?,00000000,00000000), ref: 032D9949
                                                                                                                                  • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,032D79DB,00000000,00000001,00000000,00000000,?,032D0B87,00000000,?,00000000,00000000), ref: 032D99D3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2744216297-0
                                                                                                                                  • Opcode ID: 4ecc5ca62de21ca26497baff7c5ef70d75e0bb2fd52423b4bcc23aa96232383a
                                                                                                                                  • Instruction ID: ca59e1baa319096e2841fcaae6fe802946916207921f46023809116a0857a4a2
                                                                                                                                  • Opcode Fuzzy Hash: 4ecc5ca62de21ca26497baff7c5ef70d75e0bb2fd52423b4bcc23aa96232383a
                                                                                                                                  • Instruction Fuzzy Hash: FDF0303A451129BFCF226FD5EC0CAD97F66FB092A1F058011FE0A99124C73288A0DB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AF880 Relevance: 6.0, APIs: 4, Instructions: 21synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • OpenProcess.KERNEL32(00100001,00000000,?,?,?,032B1C32,00000000,00000000), ref: 032AF88E
                                                                                                                                  • TerminateProcess.KERNEL32(00000000,000000FF,?,032B1C32,00000000,00000000), ref: 032AF89D
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000003E8,?,032B1C32,00000000,00000000), ref: 032AF8A9
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,032B1C32,00000000,00000000), ref: 032AF8B0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CloseHandleObjectOpenSingleTerminateWait
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 820190330-0
                                                                                                                                  • Opcode ID: 523f80fb712bcff5a05f67cf1a20598879f7a8849e2d5fb02b2ce3bb52e02e30
                                                                                                                                  • Instruction ID: 81838ecb7341be0c2c5e1d023a326d04fb532652005f68f6c7066599e9f5bd06
                                                                                                                                  • Opcode Fuzzy Hash: 523f80fb712bcff5a05f67cf1a20598879f7a8849e2d5fb02b2ce3bb52e02e30
                                                                                                                                  • Instruction Fuzzy Hash: 96D0C2328436307BC6123B94BD0CFCE3E189F05BA3F004300FB18951C88B504120C6D5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C8D02 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 032C8D0B
                                                                                                                                    • Part of subcall function 032C9EFA: HeapFree.KERNEL32(00000000,00000000,?,032D3D83,032ED830,00000000,032ED830,?,?,032D4028,032ED830,00000007,032ED830,?,032D3341,032ED830), ref: 032C9F10
                                                                                                                                    • Part of subcall function 032C9EFA: GetLastError.KERNEL32(032ED830,?,032D3D83,032ED830,00000000,032ED830,?,?,032D4028,032ED830,00000007,032ED830,?,032D3341,032ED830,032ED830), ref: 032C9F22
                                                                                                                                  • _free.LIBCMT ref: 032C8D1E
                                                                                                                                  • _free.LIBCMT ref: 032C8D2F
                                                                                                                                  • _free.LIBCMT ref: 032C8D40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: c9c9b7a390c1df204217d1cf89f4f1f5f46ec21c795665c8cee25f436aa59050
                                                                                                                                  • Instruction ID: 20c71ae380fc8d4d7eb5947221abfdd5ba6498b61579c84d7781d67d34897a37
                                                                                                                                  • Opcode Fuzzy Hash: c9c9b7a390c1df204217d1cf89f4f1f5f46ec21c795665c8cee25f436aa59050
                                                                                                                                  • Instruction Fuzzy Hash: D1E0BF7D4313B1DE8601FF1CB94894A7A75FB69720701872BE6025A618DB760991DEC1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032AF3F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CharLowerA.USER32(?,?), ref: 032AF433
                                                                                                                                    • Part of subcall function 032B7620: lstrlenA.KERNEL32(00000000,00000000,76D81D30,?,032B1475,00000000,.ico), ref: 032B7636
                                                                                                                                    • Part of subcall function 032B7620: lstrlenA.KERNEL32(032B1475,?,032B1475,00000000,.ico), ref: 032B7641
                                                                                                                                  • wsprintfA.USER32 ref: 032AF539
                                                                                                                                    • Part of subcall function 032B1000: GlobalAlloc.KERNEL32(00000040,?,?,?,032B18CA,error), ref: 032B1018
                                                                                                                                    • Part of subcall function 032B1000: lstrcpynA.KERNEL32(00000004,?,?,032B18CA,error), ref: 032B102D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$AllocCharGlobalLowerlstrcpynwsprintf
                                                                                                                                  • String ID: yes
                                                                                                                                  • API String ID: 1434610483-1978086825
                                                                                                                                  • Opcode ID: 6bc153247444068714dff8efd835f5c8841973a39ccade5fe7745bc53f5138d0
                                                                                                                                  • Instruction ID: 713c70c5e52f5030fc489722840d93ce22ac7c7bd5686abc265162ac11c4bc27
                                                                                                                                  • Opcode Fuzzy Hash: 6bc153247444068714dff8efd835f5c8841973a39ccade5fe7745bc53f5138d0
                                                                                                                                  • Instruction Fuzzy Hash: 56416A76A10704AFCB10EF65DC44BD9F7B4EF04391F048535EC159A280EBB6A4E0CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032C8367 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe
                                                                                                                                  • API String ID: 0-3562633696
                                                                                                                                  • Opcode ID: 64512f7917281c6ec48910e393355a2f4de38f2faf64372921488f5bcc68cff9
                                                                                                                                  • Instruction ID: 316944148fb5b5b34e517871140997a117adfd842b3cdcead6cc6a488a4075a6
                                                                                                                                  • Opcode Fuzzy Hash: 64512f7917281c6ec48910e393355a2f4de38f2faf64372921488f5bcc68cff9
                                                                                                                                  • Instruction Fuzzy Hash: F8416775A30395AFCB31DF99D8849DEB7BCEB85710F14826EE5099B240D7B19AC0CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A5430 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032A1780: DeviceIoControl.KERNEL32 ref: 032A17FA
                                                                                                                                    • Part of subcall function 032A1780: CloseHandle.KERNEL32(00000000,?,?), ref: 032A1863
                                                                                                                                    • Part of subcall function 032A1780: DeviceIoControl.KERNEL32 ref: 032A18B2
                                                                                                                                  • CreateFileA.KERNEL32(?,C0000000,00000002,00000000,00000003,00000000,00000000,?,?,?), ref: 032A555E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ControlDevice$CloseCreateFileHandle
                                                                                                                                  • String ID: \\.\CBUSB-$\\.\CBUSB2-
                                                                                                                                  • API String ID: 1375849437-4234361732
                                                                                                                                  • Opcode ID: 18e21cc0f9d2fb527c1e5a542300d04d0f7d7082cbe70ac5c66a89fb45c92ea5
                                                                                                                                  • Instruction ID: a1ad2af7da66bf97d3ed668803a14c7cd4360ea7d86317df3e8498d915b35a7a
                                                                                                                                  • Opcode Fuzzy Hash: 18e21cc0f9d2fb527c1e5a542300d04d0f7d7082cbe70ac5c66a89fb45c92ea5
                                                                                                                                  • Instruction Fuzzy Hash: 7F41C331A197009FD714DF3898517ABB7E5BF89710FA58A6DF8D9CB380E670A904C782
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00404E54 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00404E54(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420488 != _t22) {
							 *0x420488 = _t22;
							E00405B66(0x4204a0, 0x424000);
							E00405AC4(0x424000, _t22);
							E0040140B(6);
							E00405B66(0x424000, 0x4204a0);
						}
						L11:
						return CallWindowProcA( *0x420490, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004047D3(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403F64(0x413);
				return 0;
			}




                                                                                                                                  0x00404e60
                                                                                                                                  0x00404e85
                                                                                                                                  0x00404ea5
                                                                                                                                  0x00404ea8
                                                                                                                                  0x00404eab
                                                                                                                                  0x00404ec2
                                                                                                                                  0x00404ec8
                                                                                                                                  0x00404ecf
                                                                                                                                  0x00404ed6
                                                                                                                                  0x00404edd
                                                                                                                                  0x00404ee2
                                                                                                                                  0x00404ee8
                                                                                                                                  0x00000000
                                                                                                                                  0x00404ef8
                                                                                                                                  0x00404e92
                                                                                                                                  0x00404ee5
                                                                                                                                  0x00404ee5
                                                                                                                                  0x00000000
                                                                                                                                  0x00404ee5
                                                                                                                                  0x00404e9e
                                                                                                                                  0x00404ea0
                                                                                                                                  0x00000000
                                                                                                                                  0x00404ea0
                                                                                                                                  0x00404e66
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00404e6d
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00404E8A
                                                                                                                                  • CallWindowProcA.USER32 ref: 00404EF8
                                                                                                                                    • Part of subcall function 00403F64: SendMessageA.USER32 ref: 00403F76
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                  • Opcode ID: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                                                  • Instruction ID: 62f3a1a08e098275047049d4f9968a6b4933f6b7f921e7009373277d82a30415
                                                                                                                                  • Opcode Fuzzy Hash: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                                                  • Instruction Fuzzy Hash: D1116D71900208BBDB21AF52DC4499B3669FB84369F00803BF6047A2E2C37C5A519BAD
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032A39D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000001,00000000,?,00000000,?,00000000,032DBCDE,000000FF,?,032ACBE6,00000000,00000000), ref: 032A39F0
                                                                                                                                    • Part of subcall function 032A1C40: InitializeSecurityDescriptor.ADVAPI32(?,00000001,00000000,?,032ABDD4,Global\CBIOS_MUTEX_SHARED_MEM,00000000,032F0808,00000000,00000080,76D86490), ref: 032A1C4D
                                                                                                                                    • Part of subcall function 032A1C40: SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000,?,032ABDD4,Global\CBIOS_MUTEX_SHARED_MEM,00000000,032F0808,00000000,00000080,76D86490), ref: 032A1C60
                                                                                                                                    • Part of subcall function 032A1C40: CreateMutexA.KERNELBASE ref: 032A1C8D
                                                                                                                                    • Part of subcall function 032A1CB0: WaitForSingleObject.KERNEL32(?,00030D40,032A37FB,032A6518,00000000,032AC92C,?,032BB3FE,032BAD47,?,?,00000000,?,00000000,032DBCDE,000000FF), ref: 032A1CB2
                                                                                                                                    • Part of subcall function 032A1D00: CloseHandle.KERNELBASE(00000000,032A3983,032A3998,00000000,032AC923,?,032BB3FE,032BAD47,?,?,00000000,?,00000000,032DBCDE,000000FF), ref: 032A1D01
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DescriptorSecurity$CloseCreateCurrentDaclHandleInitializeMutexObjectProcessSingleWait
                                                                                                                                  • String ID: %08X$MUTEX_NCBIOSCLI_CONNECTION_NAMEFFFFFFFF
                                                                                                                                  • API String ID: 116272902-3076848967
                                                                                                                                  • Opcode ID: 0f971b8a16cb60b2e00ad733e9b66488906b14c592eb751b636c4274b936e815
                                                                                                                                  • Instruction ID: 8aa43e1788d7bf586276c2235eea590512c583505c0aadef6e403cc4650e9326
                                                                                                                                  • Opcode Fuzzy Hash: 0f971b8a16cb60b2e00ad733e9b66488906b14c592eb751b636c4274b936e815
                                                                                                                                  • Instruction Fuzzy Hash: 7701A7796247005FDB04EB38C8527AFB7E49F487A0F440969E4099F181EAB5F5D08753
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BD99E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BE616
                                                                                                                                    • Part of subcall function 032C00D4: RaiseException.KERNEL32(?,?,?,032BE638,76D81D30,00000000,?,?,?,?,?,?,032BE638,?,032E9250), ref: 032C0134
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 032BE633
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                  • String ID: Unknown exception
                                                                                                                                  • API String ID: 3476068407-410509341
                                                                                                                                  • Opcode ID: ddac70636546137f318e7da02ede8d34724c17c94a3617d6bd2d205c5e0458e9
                                                                                                                                  • Instruction ID: b25e326936470232b5e2ece26ea40647bfced4d8d1f14f97ba3d0e69d0ee009a
                                                                                                                                  • Opcode Fuzzy Hash: ddac70636546137f318e7da02ede8d34724c17c94a3617d6bd2d205c5e0458e9
                                                                                                                                  • Instruction Fuzzy Hash: 8AF0223883030EBBCB10FEA9EC459DC737C5E00780B988224A8289A480FBB1D6C582D1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B85F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnumWindowswsprintf
                                                                                                                                  • String ID: Process ID: %u
                                                                                                                                  • API String ID: 427314367-1175013698
                                                                                                                                  • Opcode ID: efcda3aca5f909c118010b88723a587864ddb17971dca2a6969502633f79a0ee
                                                                                                                                  • Instruction ID: 11ce8b20fc0807e88c207f0552359fd21dac9e12bc644b8334888fee9d7c4ece
                                                                                                                                  • Opcode Fuzzy Hash: efcda3aca5f909c118010b88723a587864ddb17971dca2a6969502633f79a0ee
                                                                                                                                  • Instruction Fuzzy Hash: 80F024728103487BC710DA51AC09BD73BBCAF81795F084458F65D45042E3B020D8CBA2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 004024BE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029F6(0x11));
				} else {
					E004029D9(1);
					 *0x409f70 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405ADD(_t17 + 8, _t15), "C:\Program Files\iba\ibaAnalyzer\Plugins", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                                                                  0x004024be
                                                                                                                                  0x004024be
                                                                                                                                  0x004024c1
                                                                                                                                  0x004024dc
                                                                                                                                  0x004024c3
                                                                                                                                  0x004024c5
                                                                                                                                  0x004024ca
                                                                                                                                  0x004024d1
                                                                                                                                  0x004024e3
                                                                                                                                  0x0040265c
                                                                                                                                  0x0040265c
                                                                                                                                  0x004024e9
                                                                                                                                  0x004024fb
                                                                                                                                  0x004015a6
                                                                                                                                  0x004015a8
                                                                                                                                  0x00000000
                                                                                                                                  0x004015ae
                                                                                                                                  0x004015a8
                                                                                                                                  0x0040288e
                                                                                                                                  0x0040289a

                                                                                                                                  APIs
                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                                                                  • WriteFile.KERNEL32(00000000,?,C:\Program Files\iba\ibaAnalyzer\Plugins,00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileWritelstrlen
                                                                                                                                  • String ID: C:\Program Files\iba\ibaAnalyzer\Plugins
                                                                                                                                  • API String ID: 427699356-3951075876
                                                                                                                                  • Opcode ID: aeb33319f1ae75ac5a293ebd3faabad394e91247697e6cefe37e7ee81cc22ed1
                                                                                                                                  • Instruction ID: 2c1f07a632d72534084a5ac00d75746702f795d1104bf50e8da4b719a2e94720
                                                                                                                                  • Opcode Fuzzy Hash: aeb33319f1ae75ac5a293ebd3faabad394e91247697e6cefe37e7ee81cc22ed1
                                                                                                                                  • Instruction Fuzzy Hash: BCF08972A44245FFD710EBB19E49EAF7668DB00348F14443BB142F51C2D6FC5982976D
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032BEAA2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032BEB2E: GetLastError.KERNEL32 ref: 032BEB40
                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,032AC94A), ref: 032BEAD5
                                                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,032AC94A), ref: 032BEAE4
                                                                                                                                  Strings
                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 032BEADF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                  • API String ID: 389471666-631824599
                                                                                                                                  • Opcode ID: 656812f2cf773c9b1f3b256b176f2c42d0aa2c0cfd72ad25a94bd3f631a293d6
                                                                                                                                  • Instruction ID: 4cdde86279992d5def71d815fa69aae0debaf9a180c37db4dfacdfc3aa7df397
                                                                                                                                  • Opcode Fuzzy Hash: 656812f2cf773c9b1f3b256b176f2c42d0aa2c0cfd72ad25a94bd3f631a293d6
                                                                                                                                  • Instruction Fuzzy Hash: 4DE039716117219BD320EF68F1087C2BAE8BF05744B01C81DE493C6640DBB0E4848B92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0040361A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E0040361A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f45c; // 0x69cd98
				_t3 = E004035FF(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f45c =  *0x41f45c & 0x00000000;
				return _t3;
			}







                                                                                                                                  0x0040361b
                                                                                                                                  0x00403623
                                                                                                                                  0x0040362a
                                                                                                                                  0x0040362d
                                                                                                                                  0x0040362d
                                                                                                                                  0x0040362f
                                                                                                                                  0x00403634
                                                                                                                                  0x0040363b
                                                                                                                                  0x00403641
                                                                                                                                  0x00403645
                                                                                                                                  0x00403646
                                                                                                                                  0x0040364e

                                                                                                                                  APIs
                                                                                                                                  • FreeLibrary.KERNEL32(?,"C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" ,00000000,76DDF560,004035F1,00000000,0040342D,00000000), ref: 00403634
                                                                                                                                  • GlobalFree.KERNEL32 ref: 0040363B
                                                                                                                                  Strings
                                                                                                                                  • "C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe" , xrefs: 0040362C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Free$GlobalLibrary
                                                                                                                                  • String ID: "C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe"
                                                                                                                                  • API String ID: 1100898210-3398361200
                                                                                                                                  • Opcode ID: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                                                  • Instruction ID: 07f203a12dc211ea1540440f4769086933c1ddaa55d0411da1bb29b7fd771b51
                                                                                                                                  • Opcode Fuzzy Hash: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                                                  • Instruction Fuzzy Hash: 8FE08C32804420ABC6216F55EC0579A7768AB48B22F028536E900BB3A083743C464BDC
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B90D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CharLowerA.USER32(?,wibucm32), ref: 032B90E0
                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 032B90F5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharFreeLibraryLower
                                                                                                                                  • String ID: wibucm32
                                                                                                                                  • API String ID: 3497680385-4239899414
                                                                                                                                  • Opcode ID: 72787004aa79482462441248862038a009a4e5d4637e5d1979efa8de1c503668
                                                                                                                                  • Instruction ID: 209b82df3548b01ca34602a40e9b223d9acf571fd8095e99f057868bc051babf
                                                                                                                                  • Opcode Fuzzy Hash: 72787004aa79482462441248862038a009a4e5d4637e5d1979efa8de1c503668
                                                                                                                                  • Instruction Fuzzy Hash: 70D02B36810324ABDB10AAA4FC08AC6B76CBB04391B044831FA04C3104DA72E490C7A0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 004056A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E004056A0(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                                  0x004056a1
                                                                                                                                  0x004056ab
                                                                                                                                  0x004056ad
                                                                                                                                  0x004056b4
                                                                                                                                  0x004056bc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x004056bc
                                                                                                                                  0x004056be
                                                                                                                                  0x004056c3

                                                                                                                                  APIs
                                                                                                                                  • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe,C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe,80000000,00000003), ref: 004056A6
                                                                                                                                  • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe,C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe,80000000,00000003), ref: 004056B4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharPrevlstrlen
                                                                                                                                  • String ID: C:\Users\user\Desktop
                                                                                                                                  • API String ID: 2709904686-1246513382
                                                                                                                                  • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                  • Instruction ID: 6658d1b0ab05e5211e75f0b74aef41c49d7b43cb9628f8e009f88ad9fa15a52a
                                                                                                                                  • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                  • Instruction Fuzzy Hash: C5D0A772409DB02EF30352108C04B8F7A98CF17300F0948A2E440E21D0C27C5C818FFD
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100010D6 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E100010D6(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x10004058 = _a8;
				 *0x1000405c = _a16;
				 *0x10004060 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004038, E1000189E, _t52);
				_t43 =  *0x10004058 +  *0x10004058 * 4 << 2;
				_t17 = E10001561();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E1000159E(E100015E5( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E1000160E( *_t55 - 0x30, E10001561());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x10004030;
								 *0x10004030 = _t31;
								E10001854(_t31 + 4,  *0x10004060, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x10004030;
							if( *0x10004030 != 0) {
								E10001854( *0x10004060, _t34 + 4, _t43);
								_t37 =  *0x10004030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x10004030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                                                                  0x100010dd
                                                                                                                                  0x100010e5
                                                                                                                                  0x100010f9
                                                                                                                                  0x10001101
                                                                                                                                  0x1000110c
                                                                                                                                  0x1000110f
                                                                                                                                  0x10001117
                                                                                                                                  0x1000111a
                                                                                                                                  0x1000111c
                                                                                                                                  0x100011ba
                                                                                                                                  0x100011c6
                                                                                                                                  0x10001122
                                                                                                                                  0x10001123
                                                                                                                                  0x10001123
                                                                                                                                  0x10001126
                                                                                                                                  0x10001127
                                                                                                                                  0x1000112a
                                                                                                                                  0x100011f9
                                                                                                                                  0x100011fc
                                                                                                                                  0x10001194
                                                                                                                                  0x1000119a
                                                                                                                                  0x100011a2
                                                                                                                                  0x100011a7
                                                                                                                                  0x100011aa
                                                                                                                                  0x00000000
                                                                                                                                  0x100011aa
                                                                                                                                  0x100011ff
                                                                                                                                  0x10001200
                                                                                                                                  0x1000117c
                                                                                                                                  0x10001182
                                                                                                                                  0x1000118a
                                                                                                                                  0x00000000
                                                                                                                                  0x1000118a
                                                                                                                                  0x10001148
                                                                                                                                  0x10001149
                                                                                                                                  0x10001151
                                                                                                                                  0x1000115e
                                                                                                                                  0x10001166
                                                                                                                                  0x1000116f
                                                                                                                                  0x10001174
                                                                                                                                  0x10001174
                                                                                                                                  0x00000000
                                                                                                                                  0x10001149
                                                                                                                                  0x10001130
                                                                                                                                  0x100011c7
                                                                                                                                  0x100011c7
                                                                                                                                  0x100011ce
                                                                                                                                  0x100011db
                                                                                                                                  0x100011e0
                                                                                                                                  0x100011e5
                                                                                                                                  0x100011eb
                                                                                                                                  0x100011f1
                                                                                                                                  0x100011f1
                                                                                                                                  0x00000000
                                                                                                                                  0x100011ce
                                                                                                                                  0x10001136
                                                                                                                                  0x10001139
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1000113f
                                                                                                                                  0x10001142
                                                                                                                                  0x10001191
                                                                                                                                  0x00000000
                                                                                                                                  0x10001191
                                                                                                                                  0x10001145
                                                                                                                                  0x10001146
                                                                                                                                  0x10001179
                                                                                                                                  0x00000000
                                                                                                                                  0x10001179
                                                                                                                                  0x00000000
                                                                                                                                  0x100011b0
                                                                                                                                  0x100011b0
                                                                                                                                  0x00000000
                                                                                                                                  0x100011b9

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                                    • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 10001151
                                                                                                                                  • GlobalFree.KERNEL32 ref: 100011AA
                                                                                                                                  • GlobalFree.KERNEL32 ref: 100011BD
                                                                                                                                  • GlobalFree.KERNEL32 ref: 100011EB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.749338517.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.749309117.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749363604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749383020.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloclstrcpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 852173138-0
                                                                                                                                  • Opcode ID: 63b0637edc7530645d46bec010932f639f2f746b6ed29226dfb72de0ebfb049a
                                                                                                                                  • Instruction ID: ed341c900a7ce6bdf815d06216e218db22d2bbb6d3afa64795f6a6593979f754
                                                                                                                                  • Opcode Fuzzy Hash: 63b0637edc7530645d46bec010932f639f2f746b6ed29226dfb72de0ebfb049a
                                                                                                                                  • Instruction Fuzzy Hash: D031BCB5404655AFF705CF64DCC9BEA7FFCEB092D1B164029FA45D626CEB3099008B64
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B8730 Relevance: 5.1, APIs: 4, Instructions: 67memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 032B89E0: CreateEventA.KERNEL32(?,?,?,?,032B7C15,?), ref: 032B89ED
                                                                                                                                    • Part of subcall function 032B89E0: GetModuleHandleA.KERNEL32(ntdll.dll,00000000,?), ref: 032B8A4E
                                                                                                                                    • Part of subcall function 032B89E0: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 032B8A5E
                                                                                                                                    • Part of subcall function 032B89E0: GetProcAddress.KERNEL32(00000000,NtQueryObject), ref: 032B8A6B
                                                                                                                                    • Part of subcall function 032B89E0: GetProcAddress.KERNEL32(00000000,NtQueryInformationFile), ref: 032B8A78
                                                                                                                                    • Part of subcall function 032B89E0: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 032B8A84
                                                                                                                                    • Part of subcall function 032B89E0: GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameA), ref: 032B8A8E
                                                                                                                                    • Part of subcall function 032B89E0: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 032B8A9B
                                                                                                                                    • Part of subcall function 032B89E0: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 032B8AA8
                                                                                                                                    • Part of subcall function 032B89E0: GetVersion.KERNEL32 ref: 032B8AB4
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000014,00000000,?,?,?,?,032B87E5), ref: 032B8755
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B876D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,?,032B87E5), ref: 032B8783
                                                                                                                                  • GlobalFree.KERNEL32 ref: 032B87A0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$Global$AllocFreeHandleModule$CreateEventVersion
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3725925995-0
                                                                                                                                  • Opcode ID: 2f99056554518395890e70423d40ffe7f6ea79a9e8086611b28d1b01673ef8a1
                                                                                                                                  • Instruction ID: 1ea877ccc4fe051c8a769703bb6a00e8dc0d7e91959aab01e0d54ee4ba9fbaab
                                                                                                                                  • Opcode Fuzzy Hash: 2f99056554518395890e70423d40ffe7f6ea79a9e8086611b28d1b01673ef8a1
                                                                                                                                  • Instruction Fuzzy Hash: 6E11C636A01134BBE711D6A9AC49BDEF7BCEF45B95F5400A0FB0CD7280D6708940A6E4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 004057B2 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E004057B2(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                                                                  0x004057be
                                                                                                                                  0x004057c0
                                                                                                                                  0x004057e8
                                                                                                                                  0x004057cd
                                                                                                                                  0x004057d2
                                                                                                                                  0x004057dd
                                                                                                                                  0x00000000
                                                                                                                                  0x004057fa
                                                                                                                                  0x004057e6
                                                                                                                                  0x004057e6
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057D2
                                                                                                                                  • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004057E0
                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.716004496.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.715994543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716024569.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716121153.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716140606.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716167362.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.716181565.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                  • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                                  • Instruction ID: 042c172281cf084eebf1820456e7eb749b121a10276c912c68532230cfd8689c
                                                                                                                                  • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                                  • Instruction Fuzzy Hash: BBF0A736249D51DBC2029B295C44E6FBEA4EF95355F14057EF440F3180D335AC11ABBB
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032B53F1 Relevance: 5.0, APIs: 4, Instructions: 18memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,032B53D1), ref: 032B53F4
                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 032B53F7
                                                                                                                                  • GetProcessHeap.KERNEL32(?,00000000), ref: 032B540C
                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 032B540F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.748760865.00000000032A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.748733931.00000000032A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749128241.00000000032EC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749144252.00000000032F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_32a0000_ibaAnalyzerSetup_x64_v7.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$FreeProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3859560861-0
                                                                                                                                  • Opcode ID: 0f6db24ab14e36ab9a4a59c51cf4b3a82f0eaea9e80ba18cd5410193a7bdd12c
                                                                                                                                  • Instruction ID: 2e813755f6c13591a4cf54c0b24304f2552363571bdbc61ca337b56bb9b11744
                                                                                                                                  • Opcode Fuzzy Hash: 0f6db24ab14e36ab9a4a59c51cf4b3a82f0eaea9e80ba18cd5410193a7bdd12c
                                                                                                                                  • Instruction Fuzzy Hash: B8D05EB0D112325BEB106FA1AC4CEAA7B3CEF01BD1F180400F800A7200C724CC90CAB0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:10.3%
                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                  Signature Coverage:0.1%
                                                                                                                                  Total number of Nodes:935
                                                                                                                                  Total number of Limit Nodes:48
                                                                                                                                  execution_graph 32543 7ff9ee5e2b21 32544 7ff9ee5e2b3f 32543->32544 32545 7ff9ee5e2bb7 RtlEncodePointer 32544->32545 32546 7ff9ee5e2be6 32544->32546 32545->32546 32547 1b254b80 32552 1b2312d0 32547->32552 32549 1b254bac 32554 1b2447c0 32549->32554 32551 1b254bc0 Concurrency::event::wait 32553 1b231309 GetCurrentProcess 32552->32553 32553->32549 32554->32551 32555 1b395bb6 32554->32555 32556 1b2312d0 GetCurrentProcess 32555->32556 32557 1b395c7b VirtualQuery 32556->32557 32559 1b395d50 VirtualQuery 32557->32559 32576 1b395d37 Concurrency::event::wait 32557->32576 32561 1b395ddc 32559->32561 32562 1b396023 32561->32562 32565 1b396191 32561->32565 32561->32576 32563 1b396135 32562->32563 32568 1b39613a 32562->32568 32577 1b259280 9 API calls 2 library calls 32563->32577 32564 1b396293 32579 1b259280 9 API calls 2 library calls 32564->32579 32565->32564 32569 1b396298 32565->32569 32568->32576 32578 1b232240 66 API calls Concurrency::details::SchedulingRing::SchedulingRing 32568->32578 32569->32576 32580 1b232240 66 API calls Concurrency::details::SchedulingRing::SchedulingRing 32569->32580 32572 1b396169 32573 1b3963ac VirtualQuery 32572->32573 32574 1b3963d2 VirtualQuery 32573->32574 32574->32576 32576->32551 32577->32568 32578->32572 32579->32569 32580->32572 32581 1b25b880 32582 1b25b8a9 32581->32582 32583 1b25b8e6 32582->32583 32590 1b25b8b1 32582->32590 32593 1b25b620 32582->32593 32583->32590 32643 1b235260 32583->32643 32587 1b25b928 32588 1b25b620 145 API calls 32587->32588 32587->32590 32588->32590 32589 1b235260 140 API calls 32591 1b25b91b 32589->32591 32592 1b25b620 145 API calls 32591->32592 32592->32587 32594 1b25b635 GetProcessHeap HeapAlloc 32593->32594 32595 1b25b796 32593->32595 32596 1b25b654 GetVersionExA 32594->32596 32602 1b25b67b 32594->32602 32597 1b25b7e3 32595->32597 32604 1b25b79a 32595->32604 32598 1b25b687 GetProcessHeap HeapFree 32596->32598 32599 1b25b667 GetProcessHeap HeapFree 32596->32599 32600 1b25b858 32597->32600 32601 1b25b7e8 Concurrency::details::WorkSearchContext::SearchCacheLocal 32597->32601 32603 1b25b6c8 32598->32603 32599->32602 32600->32602 32768 1b25e6a0 57 API calls 32600->32768 32608 1b261130 _CreateFrameInfo 54 API calls 32601->32608 32602->32583 32659 1b262dd0 HeapCreate 32603->32659 32604->32602 32764 1b261d70 55 API calls __initmbctable 32604->32764 32611 1b25b7fc 32608->32611 32609 1b25b6fc 32609->32602 32662 1b25e700 32609->32662 32610 1b25b7cc 32765 1b25e280 58 API calls __initmbctable 32610->32765 32611->32602 32614 1b25b808 FlsSetValue 32611->32614 32617 1b25b844 32614->32617 32618 1b25b81b 32614->32618 32615 1b25b71d 32620 1b25b785 32615->32620 32627 1b25b726 GetCommandLineA 32615->32627 32616 1b25b7d1 32766 1b262e30 HeapDestroy 32616->32766 32767 1b25a880 54 API calls __initmbctable 32617->32767 32619 1b25e2d0 _CreateFrameInfo 54 API calls 32618->32619 32623 1b25b825 GetCurrentThreadId 32619->32623 32763 1b262e30 HeapDestroy 32620->32763 32623->32583 32624 1b25b84c 32624->32583 32625 1b25b7d6 32625->32583 32682 1b264900 32627->32682 32628 1b25b78a 32628->32583 32630 1b25b738 32708 1b261a20 GetStartupInfoA 32630->32708 32632 1b25b780 32762 1b25e280 58 API calls __initmbctable 32632->32762 32636 1b25b74d 32637 1b25b761 32636->32637 32736 1b264430 32636->32736 32642 1b25b765 32637->32642 32761 1b261d70 55 API calls __initmbctable 32637->32761 32640 1b25b756 32640->32637 32753 1b259800 32640->32753 32642->32583 32644 1b23527b shared_ptr 32643->32644 32645 1b235378 32643->32645 32647 1b235296 GetModuleFileNameA lstrcatA DisableThreadLibraryCalls 32644->32647 32646 1b23537c CloseHandle 32645->32646 32650 1b235371 32645->32650 32648 1b2353a9 32646->32648 32649 1b23539c FreeLibrary 32646->32649 32651 1b2595e0 Concurrency::details::SchedulingRing::SchedulingRing 60 API calls 32647->32651 32648->32650 32649->32650 32650->32587 32650->32589 32652 1b2352d3 32651->32652 32653 1b2352e5 CreateEventA 32652->32653 32865 1b234fe0 70 API calls shared_ptr 32652->32865 32855 1b233ca0 GetModuleHandleA 32653->32855 32657 1b235350 32658 1b259f10 126 API calls 32657->32658 32658->32650 32660 1b262df4 32659->32660 32661 1b262df9 HeapSetInformation 32659->32661 32660->32609 32661->32609 32769 1b259a40 32662->32769 32666 1b25e710 32667 1b25e714 FlsAlloc 32666->32667 32668 1b25e77b 32666->32668 32669 1b25e796 32667->32669 32671 1b25e72c 32667->32671 32668->32669 32670 1b25e786 FlsFree 32668->32670 32672 1b25e7b1 32669->32672 32673 1b25e7a1 TlsFree 32669->32673 32670->32669 32674 1b261130 _CreateFrameInfo 54 API calls 32671->32674 32777 1b260600 56 API calls __initmbctable 32672->32777 32673->32672 32676 1b25e73b 32674->32676 32676->32668 32678 1b25e743 FlsSetValue 32676->32678 32677 1b25e7b6 32677->32615 32678->32668 32679 1b25e756 32678->32679 32680 1b25e2d0 _CreateFrameInfo 54 API calls 32679->32680 32681 1b25e760 GetCurrentThreadId 32680->32681 32681->32615 32683 1b26491d GetEnvironmentStringsW 32682->32683 32688 1b264951 32682->32688 32684 1b264937 GetLastError 32683->32684 32687 1b26492b WideCharToMultiByte 32683->32687 32686 1b264942 32684->32686 32684->32688 32685 1b264960 GetEnvironmentStringsW 32685->32687 32689 1b264aa3 32685->32689 32686->32689 32690 1b264a56 GetEnvironmentStrings 32686->32690 32693 1b2649d3 32687->32693 32694 1b264a40 FreeEnvironmentStringsW 32687->32694 32688->32685 32688->32686 32689->32630 32690->32689 32692 1b264a64 32690->32692 32696 1b2610b0 __initmbctable 54 API calls 32692->32696 32784 1b2610b0 32693->32784 32697 1b264a22 32694->32697 32699 1b264a92 32696->32699 32697->32630 32701 1b264a9a FreeEnvironmentStringsA 32699->32701 32702 1b264ab9 __initmbctable 32699->32702 32700 1b2649e3 WideCharToMultiByte 32703 1b264a16 FreeEnvironmentStringsW 32700->32703 32704 1b264a0b 32700->32704 32701->32689 32706 1b264ac7 FreeEnvironmentStringsA 32702->32706 32703->32697 32790 1b25a880 54 API calls __initmbctable 32704->32790 32706->32630 32707 1b264a13 32707->32703 32709 1b261130 _CreateFrameInfo 54 API calls 32708->32709 32712 1b261a5f 32709->32712 32710 1b25b744 32710->32632 32724 1b2647f0 32710->32724 32711 1b261c32 32713 1b261c83 GetStdHandle 32711->32713 32715 1b261cfa SetHandleCount 32711->32715 32716 1b261c97 GetFileType 32711->32716 32723 1b261caf 32711->32723 32712->32710 32712->32711 32714 1b261130 _CreateFrameInfo 54 API calls 32712->32714 32717 1b261b9a 32712->32717 32713->32711 32714->32712 32715->32710 32716->32711 32717->32711 32718 1b261bd0 GetFileType 32717->32718 32719 1b261bda 32717->32719 32718->32717 32718->32719 32719->32717 32722 1b261c18 32719->32722 32791 1b260f80 54 API calls 2 library calls 32719->32791 32722->32710 32723->32711 32723->32722 32792 1b260f80 54 API calls 2 library calls 32723->32792 32725 1b264802 GetModuleFileNameA 32724->32725 32726 1b2647fd 32724->32726 32728 1b26483e 32725->32728 32793 1b262920 32726->32793 32797 1b2645b0 59 API calls 32728->32797 32730 1b264867 32731 1b2648e7 32730->32731 32732 1b2610b0 __initmbctable 54 API calls 32730->32732 32731->32636 32733 1b264894 32732->32733 32733->32731 32798 1b2645b0 59 API calls 32733->32798 32735 1b2648ba 32735->32636 32737 1b26443d 32736->32737 32741 1b264442 32736->32741 32738 1b262920 __initmbctable 96 API calls 32737->32738 32738->32741 32739 1b264459 32739->32640 32740 1b261130 _CreateFrameInfo 54 API calls 32750 1b2644aa 32740->32750 32741->32739 32741->32740 32742 1b2644b9 32742->32640 32743 1b264552 32843 1b25a880 54 API calls __initmbctable 32743->32843 32745 1b264561 32745->32640 32746 1b261130 _CreateFrameInfo 54 API calls 32746->32750 32747 1b264595 32844 1b25a880 54 API calls __initmbctable 32747->32844 32750->32742 32750->32743 32750->32746 32750->32747 32751 1b264531 32750->32751 32841 1b260120 54 API calls 2 library calls 32750->32841 32842 1b2590c0 6 API calls shared_ptr 32751->32842 32755 1b259815 32753->32755 32845 1b2608c0 32755->32845 32756 1b259867 32757 1b259c30 Concurrency::details::SchedulingRing::SchedulingRing 59 API calls 32756->32757 32759 1b259877 32756->32759 32757->32759 32758 1b259837 32758->32756 32758->32759 32849 1b261810 32758->32849 32759->32637 32761->32632 32762->32620 32763->32628 32764->32610 32765->32616 32766->32625 32767->32624 32768->32602 32778 1b25e180 32769->32778 32771 1b259a4b _initp_misc_winsig Concurrency::details::WorkSearchContext::SearchCacheLocal 32783 1b2600f0 FlsGetValue GetModuleHandleA GetProcAddress __initmbctable 32771->32783 32773 1b259a8e 32774 1b25e110 __initmbctable 3 API calls 32773->32774 32775 1b259a9a 32774->32775 32776 1b260550 54 API calls __initmbctable 32775->32776 32776->32666 32777->32677 32779 1b25e1a3 GetModuleHandleA 32778->32779 32780 1b25e18f FlsGetValue 32778->32780 32781 1b25e19a 32779->32781 32782 1b25e1b5 GetProcAddress 32779->32782 32780->32779 32780->32781 32781->32771 32782->32781 32783->32773 32785 1b2610d2 32784->32785 32786 1b25a7b0 __initmbctable 53 API calls 32785->32786 32787 1b26110d 32785->32787 32788 1b2610ea Sleep 32785->32788 32786->32785 32787->32694 32787->32700 32788->32785 32789 1b26110a 32788->32789 32789->32787 32790->32707 32791->32719 32792->32723 32794 1b262937 32793->32794 32795 1b26292d 32793->32795 32794->32725 32799 1b2626e0 32795->32799 32797->32730 32798->32735 32800 1b25e480 _CreateFrameInfo 59 API calls 32799->32800 32801 1b26270f 32800->32801 32802 1b2620b0 __initmbctable 59 API calls 32801->32802 32803 1b262717 32802->32803 32823 1b2621a0 32803->32823 32806 1b2628a7 32806->32794 32807 1b2610b0 __initmbctable 54 API calls 32808 1b26273b __initmbctable 32807->32808 32808->32806 32834 1b2622b0 96 API calls 2 library calls 32808->32834 32810 1b26276b 32811 1b262776 32810->32811 32812 1b2628a9 32810->32812 32817 1b26279b 32811->32817 32835 1b25a880 54 API calls __initmbctable 32811->32835 32812->32806 32813 1b2628c2 32812->32813 32838 1b25a880 54 API calls __initmbctable 32812->32838 32839 1b25bc90 54 API calls __initmbctable 32813->32839 32817->32806 32818 1b2607d0 __initmbctable 54 API calls 32817->32818 32819 1b2627d3 32818->32819 32820 1b262892 32819->32820 32836 1b25a880 54 API calls __initmbctable 32819->32836 32837 1b2606a0 LeaveCriticalSection 32820->32837 32824 1b25e480 _CreateFrameInfo 59 API calls 32823->32824 32825 1b2621c7 32824->32825 32826 1b2621f4 32825->32826 32840 1b262c90 59 API calls 2 library calls 32825->32840 32827 1b262218 32826->32827 32831 1b2620b0 __initmbctable 59 API calls 32826->32831 32829 1b26223e GetOEMCP 32827->32829 32830 1b26225c 32827->32830 32833 1b26224e 32829->32833 32832 1b262261 GetACP 32830->32832 32830->32833 32831->32827 32832->32833 32833->32806 32833->32807 32834->32810 32835->32817 32836->32820 32838->32813 32839->32806 32840->32826 32841->32750 32842->32750 32843->32745 32844->32745 32846 1b2608e0 32845->32846 32847 1b25e110 __initmbctable 3 API calls 32846->32847 32848 1b2608f6 32846->32848 32847->32846 32848->32758 32850 1b261825 32849->32850 32851 1b261130 _CreateFrameInfo 54 API calls 32850->32851 32852 1b261844 32851->32852 32853 1b261861 32852->32853 32854 1b261130 _CreateFrameInfo 54 API calls 32852->32854 32853->32758 32854->32853 32856 1b233cf4 GetModuleHandleA 32855->32856 32857 1b233ccd GetModuleHandleA 32855->32857 32858 1b233db5 32856->32858 32859 1b233d0a GetProcAddress 32856->32859 32857->32856 32857->32858 32860 1b258680 shared_ptr 8 API calls 32858->32860 32859->32858 32861 1b233d26 shared_ptr 32859->32861 32862 1b233dc5 32860->32862 32863 1b233d51 GetModuleHandleA 32861->32863 32862->32657 32864 1b233d63 32863->32864 32864->32858 32865->32653 32874 1b2598e0 32875 1b2607d0 __initmbctable 54 API calls 32874->32875 32876 1b25990f 32875->32876 32878 1b25e1e0 _CreateFrameInfo 3 API calls 32876->32878 32888 1b25994d 32876->32888 32877 1b2599af 32880 1b2599b3 32877->32880 32881 1b2599ce 32877->32881 32882 1b25993e 32878->32882 32890 1b2606a0 LeaveCriticalSection 32880->32890 32884 1b25e1e0 _CreateFrameInfo 3 API calls 32882->32884 32884->32888 32888->32877 32889 1b2606a0 LeaveCriticalSection 32888->32889 32910 7ff9ee5e335d 32911 7ff9ee5e336f RtlDecodePointer 32910->32911 32913 7ff9ee5e33eb 32911->32913 32866 7ff9ee5f239d 32867 7ff9ee5f23ab RegCreateKeyExW 32866->32867 32869 7ff9ee5f2486 32867->32869 32891 7ff9ee5f467d 32892 7ff9ee5f469f LoadTypeLib 32891->32892 32894 7ff9ee5f4721 32892->32894 32870 7ff9ee5efc99 32871 7ff9ee5efcab LoadLibraryW 32870->32871 32873 7ff9ee5efdd9 32871->32873 32895 7ff9ee5f207a 32896 7ff9ee5f209f RegOpenKeyExW 32895->32896 32898 7ff9ee5f213b 32896->32898 32899 7ff9ee5f5395 32900 7ff9ee5f539b 32899->32900 32901 7ff9ee5f543e RtlDecodePointer 32900->32901 32902 7ff9ee5f5479 32900->32902 32901->32902 32914 7ff9ee5f56f5 32915 7ff9ee5f570f 32914->32915 32916 7ff9ee5f5766 RtlDecodePointer 32915->32916 32918 7ff9ee5f59dd 32915->32918 32917 7ff9ee5f5795 32916->32917 32917->32918 32919 7ff9ee5f592e RtlDecodePointer 32917->32919 32919->32917 32903 7ff9ee5e3512 32906 7ff9ee5e2ff0 32903->32906 32905 7ff9ee5e3517 32907 7ff9ee5e3017 RtlEncodePointer 32906->32907 32909 7ff9ee5e3066 32907->32909 32909->32905 31713 1b256e30 31716 1b256af0 31713->31716 31715 1b256e4d 31716->31715 31717 1b3998f7 31716->31717 31726 1b2552b0 31717->31726 31719 1b399a2a 31745 1b2314e0 31719->31745 31723 1b399bde Concurrency::details::WorkSearchContext::SearchCacheLocal 31775 1b255080 66 API calls Concurrency::details::TransmogrifiedPrimary::TransmogrifiedPrimary 31723->31775 31725 1b399c82 31725->31715 31776 1b244650 31726->31776 31729 1b244650 60 API calls 31730 1b255331 31729->31730 31731 1b244650 60 API calls 31730->31731 31732 1b255369 31731->31732 31733 1b244650 60 API calls 31732->31733 31734 1b2553a1 31733->31734 31735 1b244650 60 API calls 31734->31735 31736 1b2553d9 31735->31736 31737 1b244650 60 API calls 31736->31737 31738 1b255411 31737->31738 31739 1b244650 60 API calls 31738->31739 31740 1b255449 31739->31740 31741 1b244650 60 API calls 31740->31741 31742 1b255481 31741->31742 31743 1b244650 60 API calls 31742->31743 31744 1b2554b9 31743->31744 31744->31719 31746 1b231512 31745->31746 31747 1b23151c 31745->31747 31862 1b231010 RaiseException Concurrency::details::SchedulingRing::SchedulingRing 31746->31862 31863 1b258520 98 API calls 2 library calls 31747->31863 31750 1b23152d 31864 1b258490 96 API calls 2 library calls 31750->31864 31752 1b231562 31753 1b23156e 31752->31753 31865 1b231010 RaiseException Concurrency::details::SchedulingRing::SchedulingRing 31752->31865 31758 1b23afc0 31753->31758 31759 1b23b031 31758->31759 31760 1b23b16a 31758->31760 31759->31760 31764 1b23b076 31759->31764 31761 1b2314e0 99 API calls 31760->31761 31762 1b23b19c 31761->31762 31990 1b23ae40 EnterCriticalSection 31762->31990 31866 1b238ff0 31764->31866 31765 1b23b0bd 32068 1b258680 31765->32068 31770 1b23b2b6 31770->31723 31771 1b23b206 31771->31765 32010 1b233420 31771->32010 31773 1b23b0b3 31773->31765 32047 1b259f10 31773->32047 31775->31725 31777 1b244691 31776->31777 31780 1b242710 31777->31780 31783 1b2595e0 31780->31783 31796 1b25a7b0 31783->31796 31785 1b242727 31785->31729 31787 1b2595ee 31787->31785 31788 1b25a7b0 __initmbctable 54 API calls 31787->31788 31792 1b259612 Concurrency::details::SchedulingRing::SchedulingRing 31787->31792 31814 1b2601e0 FlsGetValue GetModuleHandleA GetProcAddress _CreateFrameInfo 31787->31814 31788->31787 31789 1b259658 31818 1b259430 54 API calls 2 library calls 31789->31818 31791 1b259669 31819 1b2580b0 31791->31819 31792->31789 31815 1b259c30 31792->31815 31795 1b25967f 31797 1b25a862 31796->31797 31803 1b25a7c6 31796->31803 31828 1b2601e0 FlsGetValue GetModuleHandleA GetProcAddress _CreateFrameInfo 31797->31828 31799 1b25a80c RtlAllocateHeap 31799->31803 31813 1b25a845 31799->31813 31800 1b25a867 31829 1b25bc90 54 API calls __initmbctable 31800->31829 31803->31799 31805 1b25a835 31803->31805 31809 1b25a833 31803->31809 31812 1b25a7ec 31803->31812 31825 1b2601e0 FlsGetValue GetModuleHandleA GetProcAddress _CreateFrameInfo 31803->31825 31804 1b25a86c 31804->31787 31826 1b25bc90 54 API calls __initmbctable 31805->31826 31827 1b25bc90 54 API calls __initmbctable 31809->31827 31812->31799 31822 1b260460 54 API calls _CreateFrameInfo 31812->31822 31823 1b260220 54 API calls _CreateFrameInfo 31812->31823 31824 1b2596b0 GetModuleHandleA GetProcAddress ExitProcess 31812->31824 31813->31787 31814->31787 31830 1b259b00 31815->31830 31817 1b259c39 31817->31789 31818->31791 31821 1b25812c 31819->31821 31820 1b25815c RaiseException 31820->31795 31821->31820 31822->31812 31823->31812 31825->31803 31826->31809 31827->31813 31828->31800 31829->31804 31831 1b259b2a Concurrency::details::SchedulingRing::SchedulingRing 31830->31831 31849 1b25e1e0 31831->31849 31834 1b25e1e0 _CreateFrameInfo 3 API calls 31835 1b259b46 31834->31835 31838 1b259bc3 Concurrency::details::SchedulingRing::SchedulingRing 31835->31838 31854 1b25b590 55 API calls 2 library calls 31835->31854 31837 1b259b6a 31839 1b259b86 31837->31839 31840 1b259b93 31837->31840 31848 1b259bba 31837->31848 31838->31817 31855 1b2611d0 58 API calls Concurrency::details::SchedulingRing::SchedulingRing 31839->31855 31840->31838 31843 1b259b8e 31840->31843 31841 1b25e110 __initmbctable 3 API calls 31841->31838 31843->31840 31845 1b259baa 31843->31845 31856 1b2611d0 58 API calls Concurrency::details::SchedulingRing::SchedulingRing 31843->31856 31857 1b25e110 31845->31857 31846 1b259ba5 31846->31838 31846->31845 31848->31841 31850 1b25e1f4 FlsGetValue 31849->31850 31851 1b25e208 GetModuleHandleA 31849->31851 31850->31851 31853 1b259b37 31850->31853 31852 1b25e21a GetProcAddress 31851->31852 31851->31853 31852->31853 31853->31834 31854->31837 31855->31843 31856->31846 31858 1b25e124 FlsGetValue 31857->31858 31859 1b25e138 GetModuleHandleA 31857->31859 31858->31859 31860 1b25e12f 31858->31860 31859->31860 31861 1b25e14a GetProcAddress 31859->31861 31860->31848 31861->31860 31863->31750 31864->31752 31866->31773 31867 1b38f048 EnterCriticalSection 31866->31867 31870 1b38f1ad 31867->31870 31869 1b38f2d5 32144 1b259280 9 API calls 2 library calls 31869->32144 31870->31869 31872 1b38f2da 31870->31872 31873 1b38f313 31872->31873 31874 1b38f2fa 31872->31874 31875 1b38f2ff 31872->31875 32079 1b238a70 31873->32079 32145 1b259280 9 API calls 2 library calls 31874->32145 31875->31873 31878 1b38f309 31875->31878 32146 1b259280 9 API calls 2 library calls 31878->32146 31880 1b38f30e 31880->31873 31881 1b38f398 shared_ptr 31882 1b38f407 GetModuleFileNameA 31881->31882 31883 1b38f432 GetFileVersionInfoSizeA 31882->31883 31884 1b38f452 31883->31884 31885 1b38f4b5 31884->31885 31886 1b38f4a9 GetFileVersionInfoA 31884->31886 32089 1b26c490 31885->32089 31886->31885 31888 1b38f63f 32105 1b38d750 31888->32105 31890 1b38f536 31890->31888 31891 1b38f5c8 31890->31891 31893 1b38f5fe LeaveCriticalSection 31891->31893 31926 1b38f604 31891->31926 31893->31926 31894 1b38d750 4 API calls 31896 1b38f7b3 31894->31896 31895 1b38f82c 31898 1b38f9d8 31895->31898 31901 1b38f8c2 31895->31901 31902 1b38f895 VerQueryValueA 31895->31902 31896->31895 31900 1b38f7e5 31896->31900 31897 1b258680 shared_ptr 8 API calls 31899 1b391685 31897->31899 31906 1b3915bd 31898->31906 32115 1b23b900 31898->32115 31899->31773 31903 1b38f816 LeaveCriticalSection 31900->31903 31900->31926 31901->31898 31905 1b26c490 86 API calls 31901->31905 31902->31901 31903->31926 31909 1b38f8f3 31905->31909 31908 1b39165b LeaveCriticalSection 31906->31908 31906->31926 31907 1b2595e0 Concurrency::details::SchedulingRing::SchedulingRing 60 API calls 31911 1b39018d 31907->31911 31908->31926 31909->31898 31919 1b38f973 31909->31919 31910 1b390214 31914 1b238a70 66 API calls 31910->31914 31911->31910 32126 1b23b9e0 31911->32126 31912 1b38ff61 31915 1b38ff8d 31912->31915 31916 1b38ffd4 31912->31916 31918 1b390263 31914->31918 31924 1b38ffc9 MessageBoxA 31915->31924 31927 1b38ff9b 31915->31927 31921 1b390008 31916->31921 31922 1b38ffe2 31916->31922 32152 1b259590 GetSystemTimeAsFileTime 31918->32152 31919->31926 31929 1b38f99b LeaveCriticalSection 31919->31929 32151 1b231380 55 API calls Concurrency::details::SchedulingRing::SchedulingRing 31921->32151 32150 1b236af0 55 API calls Concurrency::details::SchedulingRing::SchedulingRing 31922->32150 31924->31927 31926->31897 31927->31907 31929->31926 31930 1b390003 31930->31927 31941 1b390087 31930->31941 31931 1b390278 31932 1b3902e3 31931->31932 31934 1b39030e 31931->31934 31959 1b3903ce 31931->31959 31932->31926 31937 1b3902fd LeaveCriticalSection 31932->31937 31933 1b38fb94 31933->31912 31933->31927 32147 1b231380 55 API calls Concurrency::details::SchedulingRing::SchedulingRing 31933->32147 31949 1b390378 31934->31949 31934->31959 31936 1b390ff3 31936->31906 31939 1b39109f VirtualQuery 31936->31939 31937->31926 31938 1b3909bb 32158 1b259280 9 API calls 2 library calls 31938->32158 31946 1b391164 VirtualProtect 31939->31946 31940 1b390640 31940->31938 31944 1b3909ce 31940->31944 31974 1b3909fb 31940->31974 31941->31926 31947 1b39015c LeaveCriticalSection 31941->31947 31950 1b390a80 31944->31950 31951 1b3909e5 31944->31951 31945 1b3909c0 31945->31944 31957 1b3911a4 VirtualProtect 31946->31957 31988 1b3911eb 31946->31988 31947->31926 31948 1b38fef7 32148 1b236ec0 56 API calls Concurrency::details::SchedulingRing::SchedulingRing 31948->32148 31949->31926 31952 1b3903b7 LeaveCriticalSection 31949->31952 31955 1b390a8e 31950->31955 31956 1b390a93 31950->31956 32159 1b238b50 66 API calls Concurrency::details::SchedulingRing::SchedulingRing 31951->32159 31952->31926 32160 1b259280 9 API calls 2 library calls 31955->32160 31966 1b390aa3 31956->31966 31972 1b390aa8 31956->31972 31957->31988 31958 1b390600 32153 1b259280 9 API calls 2 library calls 31958->32153 31959->31940 31959->31958 31967 1b390612 31959->31967 31961 1b38ff2f 32149 1b236700 55 API calls Concurrency::details::SchedulingRing::SchedulingRing 31961->32149 32161 1b259280 9 API calls 2 library calls 31966->32161 31970 1b390629 31967->31970 31971 1b3906c5 31967->31971 31968 1b390605 31968->31967 32154 1b238b50 66 API calls Concurrency::details::SchedulingRing::SchedulingRing 31970->32154 31975 1b3906ce 31971->31975 31976 1b3906d3 31971->31976 31972->31974 32162 1b238b50 66 API calls Concurrency::details::SchedulingRing::SchedulingRing 31972->32162 31974->31936 31989 1b390cf8 31974->31989 32155 1b259280 9 API calls 2 library calls 31975->32155 31979 1b3906e2 31976->31979 31985 1b3906e7 31976->31985 32156 1b259280 9 API calls 2 library calls 31979->32156 31981 1b390d9a VirtualQuery 31981->31989 31983 1b3915b1 VirtualProtect 31983->31906 31984 1b390e31 VirtualProtect 31984->31989 31985->31940 32157 1b238b50 66 API calls Concurrency::details::SchedulingRing::SchedulingRing 31985->32157 31986 1b390e74 VirtualProtect 31986->31989 31987 1b390f96 VirtualProtect 31987->31989 31988->31983 31989->31974 31989->31981 31989->31984 31989->31986 31989->31987 31991 1b23ae9a 31990->31991 31992 1b23af0d 31991->31992 31993 1b23af12 31991->31993 32382 1b259280 9 API calls 2 library calls 31992->32382 31995 1b23af31 31993->31995 31996 1b23af1c LeaveCriticalSection 31993->31996 31998 1b23af36 31995->31998 31999 1b23af3b 31995->31999 31997 1b23af74 31996->31997 31997->31765 32006 1b23a710 31997->32006 32383 1b259280 9 API calls 2 library calls 31998->32383 32001 1b23af41 31999->32001 32002 1b23af46 31999->32002 32384 1b259280 9 API calls 2 library calls 32001->32384 32004 1b23af60 LeaveCriticalSection 32002->32004 32005 1b23af4f LeaveCriticalSection 32002->32005 32004->31997 32005->31997 32007 1b23a726 32006->32007 32008 1b23a838 ExitProcess 32006->32008 32007->32008 32009 1b23a730 32007->32009 32009->31771 32010->31765 32011 1b38ba94 32010->32011 32012 1b38bc29 32011->32012 32023 1b38bee0 32011->32023 32044 1b38bbe0 32011->32044 32013 1b38bd4c 32012->32013 32395 1b2331f0 66 API calls Concurrency::details::SchedulingRing::SchedulingRing 32012->32395 32015 1b38bd8c 32013->32015 32016 1b38bd91 32013->32016 32396 1b259280 9 API calls 2 library calls 32015->32396 32019 1b38bda0 32016->32019 32016->32044 32018 1b38c4ba MessageBoxA 32039 1b38c4f3 32018->32039 32397 1b259280 9 API calls 2 library calls 32019->32397 32022 1b38c01a 32398 1b259280 9 API calls 2 library calls 32022->32398 32023->32022 32025 1b38c032 32023->32025 32027 1b38c01f 32023->32027 32025->32018 32028 1b38c1a1 32025->32028 32402 1b38c811 68 API calls 3 library calls 32025->32402 32027->32025 32030 1b38c07d 32027->32030 32031 1b38c082 32027->32031 32028->32018 32045 1b38c20a 32028->32045 32029 1b38c6a5 ExitProcess 32399 1b259280 9 API calls 2 library calls 32030->32399 32034 1b38c08d 32031->32034 32035 1b38c092 32031->32035 32400 1b259280 9 API calls 2 library calls 32034->32400 32035->32025 32037 1b38c0ad 32035->32037 32401 1b259280 9 API calls 2 library calls 32037->32401 32039->32029 32040 1b2314e0 99 API calls 32039->32040 32041 1b38c638 MessageBoxA 32040->32041 32043 1b38c688 32041->32043 32043->32029 32044->31765 32045->32044 32385 1b257350 32045->32385 32048 1b259f60 Concurrency::details::WorkSearchContext::SearchCacheLocal 32047->32048 32049 1b259f38 32047->32049 32053 1b261130 _CreateFrameInfo 54 API calls 32048->32053 32412 1b25bc90 54 API calls __initmbctable 32049->32412 32051 1b259f3d 32413 1b259160 9 API calls 2 library calls 32051->32413 32055 1b259f79 32053->32055 32054 1b259f57 32061 1b259fec 32054->32061 32056 1b259fd9 32055->32056 32058 1b25e480 _CreateFrameInfo 59 API calls 32055->32058 32414 1b25a880 54 API calls __initmbctable 32056->32414 32060 1b259f86 32058->32060 32059 1b259fe1 32059->32061 32415 1b25bcf0 54 API calls __initmbctable 32059->32415 32062 1b25e2d0 _CreateFrameInfo 54 API calls 32060->32062 32061->31765 32064 1b259f95 CreateThread 32062->32064 32065 1b25a011 ResumeThread 32064->32065 32066 1b259fd1 GetLastError 32064->32066 32416 1b259e70 32064->32416 32065->32061 32067 1b25a01f GetLastError 32065->32067 32066->32056 32067->32056 32069 1b258689 32068->32069 32070 1b258694 32069->32070 32071 1b25dd40 RtlCaptureContext RtlLookupFunctionEntry 32069->32071 32070->31770 32072 1b25ddc5 32071->32072 32073 1b25dd84 RtlVirtualUnwind 32071->32073 32074 1b25dde7 IsDebuggerPresent 32072->32074 32073->32074 32530 1b260110 32074->32530 32076 1b25de46 SetUnhandledExceptionFilter UnhandledExceptionFilter 32077 1b25de64 shared_ptr 32076->32077 32078 1b25de6e GetCurrentProcess TerminateProcess 32076->32078 32077->32078 32078->31770 32080 1b238a90 32079->32080 32081 1b238af7 32080->32081 32163 1b238550 66 API calls Concurrency::details::SchedulingRing::SchedulingRing 32080->32163 32083 1b238b19 32081->32083 32084 1b238b1e 32081->32084 32164 1b259280 9 API calls 2 library calls 32083->32164 32086 1b238b31 32084->32086 32087 1b238b2c 32084->32087 32086->31881 32165 1b259280 9 API calls 2 library calls 32087->32165 32090 1b26c504 32089->32090 32091 1b26c4a2 32089->32091 32168 1b25e480 GetLastError FlsGetValue 32090->32168 32093 1b26c4a7 32091->32093 32100 1b26c4ce 32091->32100 32166 1b25bc90 54 API calls __initmbctable 32093->32166 32096 1b26c54b 32099 1b26c577 32096->32099 32184 1b2620b0 32096->32184 32097 1b26c4ac 32167 1b259160 9 API calls 2 library calls 32097->32167 32195 1b26c240 86 API calls 3 library calls 32099->32195 32100->31890 32101 1b26c4c6 32101->31890 32106 1b38d770 IsBadReadPtr 32105->32106 32108 1b38d7de 32106->32108 32109 1b38d83c IsBadReadPtr 32108->32109 32113 1b38d7e4 32108->32113 32111 1b38d849 32109->32111 32110 1b38d9a6 IsBadReadPtr 32114 1b38d9b3 32110->32114 32111->32110 32111->32113 32112 1b38da43 IsBadReadPtr 32112->32113 32113->31894 32113->31895 32114->32112 32114->32113 32116 1b23b93a 32115->32116 32117 1b23b92b 32115->32117 32118 1b23b953 32116->32118 32237 1b23b740 22 API calls shared_ptr 32116->32237 32236 1b23b580 21 API calls shared_ptr 32117->32236 32122 1b23b970 32118->32122 32238 1b25a760 GetSystemTimeAsFileTime 32118->32238 32123 1b23b99c 32122->32123 32124 1b23b9c5 SetEnvironmentVariableA 32122->32124 32125 1b23b988 SetEnvironmentVariableA 32122->32125 32123->31933 32124->32123 32125->32123 32127 1b23ba02 32126->32127 32130 1b23ba0f 32126->32130 32239 1b23b580 21 API calls shared_ptr 32127->32239 32129 1b23ba24 32132 1b23ba3d 32129->32132 32241 1b25a760 GetSystemTimeAsFileTime 32129->32241 32130->32129 32240 1b23b740 22 API calls shared_ptr 32130->32240 32134 1b38e9f0 32132->32134 32135 1b38eaab 32134->32135 32242 1b236830 32135->32242 32138 1b242710 60 API calls 32139 1b38eb53 shared_ptr 32138->32139 32140 1b38efd3 32139->32140 32245 1b38dd2c 32139->32245 32142 1b258680 shared_ptr 8 API calls 32140->32142 32143 1b38f003 32142->32143 32143->31910 32144->31872 32145->31875 32146->31880 32147->31948 32148->31961 32149->31912 32150->31930 32151->31930 32152->31931 32153->31968 32154->31940 32155->31976 32156->31985 32157->31940 32158->31945 32159->31974 32160->31956 32161->31972 32162->31974 32163->32081 32164->32084 32165->32086 32166->32097 32167->32101 32169 1b25e4f8 SetLastError 32168->32169 32170 1b25e4aa 32168->32170 32171 1b25e512 32169->32171 32172 1b25e50a 32169->32172 32196 1b261130 32170->32196 32171->32096 32183 1b262c90 59 API calls 2 library calls 32171->32183 32210 1b259680 54 API calls _CreateFrameInfo 32172->32210 32176 1b25e4bf FlsSetValue 32177 1b25e4d2 32176->32177 32178 1b25e4ee 32176->32178 32202 1b25e2d0 GetModuleHandleA 32177->32202 32209 1b25a880 54 API calls __initmbctable 32178->32209 32181 1b25e4f6 32181->32169 32183->32096 32185 1b25e480 _CreateFrameInfo 59 API calls 32184->32185 32186 1b2620c3 32185->32186 32187 1b2620de 32186->32187 32188 1b2607d0 __initmbctable 54 API calls 32186->32188 32190 1b262162 32187->32190 32235 1b259680 54 API calls _CreateFrameInfo 32187->32235 32193 1b2620f1 32188->32193 32189 1b262128 32234 1b2606a0 LeaveCriticalSection 32189->32234 32190->32099 32193->32189 32233 1b25a880 54 API calls __initmbctable 32193->32233 32195->32100 32197 1b261160 32196->32197 32199 1b25e4b7 32197->32199 32200 1b26117e Sleep 32197->32200 32211 1b25a8c0 32197->32211 32199->32169 32199->32176 32200->32197 32201 1b2611a0 32200->32201 32201->32199 32203 1b25e341 32202->32203 32204 1b25e313 GetProcAddress GetProcAddress 32202->32204 32225 1b2607d0 32203->32225 32204->32203 32206 1b25e379 _CreateFrameInfo 32207 1b2606a0 __initmbctable LeaveCriticalSection 32206->32207 32208 1b25e3ab GetCurrentThreadId 32207->32208 32208->32169 32209->32181 32212 1b25a8d9 32211->32212 32217 1b25a91e 32211->32217 32213 1b25a8ea 32212->32213 32212->32217 32222 1b25bc90 54 API calls __initmbctable 32213->32222 32215 1b25a938 RtlAllocateHeap 32215->32217 32221 1b25a965 32215->32221 32216 1b25a8ef 32223 1b259160 9 API calls 2 library calls 32216->32223 32217->32215 32217->32221 32224 1b2601e0 FlsGetValue GetModuleHandleA GetProcAddress _CreateFrameInfo 32217->32224 32220 1b25a90d 32220->32197 32221->32197 32222->32216 32223->32220 32224->32217 32226 1b2607f2 32225->32226 32227 1b260803 EnterCriticalSection 32225->32227 32231 1b2606c0 54 API calls 2 library calls 32226->32231 32229 1b2607f7 32229->32227 32232 1b259680 54 API calls _CreateFrameInfo 32229->32232 32231->32229 32233->32189 32236->32116 32237->32118 32238->32122 32239->32130 32240->32129 32241->32132 32243 1b2595e0 Concurrency::details::SchedulingRing::SchedulingRing 60 API calls 32242->32243 32244 1b236847 32243->32244 32244->32138 32249 1b38dd74 __initmbctable 32245->32249 32246 1b38df53 32247 1b258680 shared_ptr 8 API calls 32246->32247 32248 1b38e96a 32247->32248 32248->32140 32249->32246 32251 1b38e36b 32249->32251 32258 1b39287b 32249->32258 32252 1b38e6fe 32251->32252 32255 1b38e402 32251->32255 32257 1b38e5a5 32252->32257 32297 1b394a2e 54 API calls 2 library calls 32252->32297 32255->32257 32265 1b395059 32255->32265 32298 1b23ef70 60 API calls 32257->32298 32259 1b392884 32258->32259 32299 1b392072 32259->32299 32261 1b39290c 32319 1b259280 9 API calls 2 library calls 32261->32319 32264 1b392911 32264->32251 32266 1b39510f 32265->32266 32267 1b25a7b0 __initmbctable 54 API calls 32266->32267 32280 1b39511c __initmbctable 32267->32280 32268 1b395973 32269 1b3959ac 32268->32269 32275 1b3959cd 32268->32275 32364 1b259280 9 API calls 2 library calls 32269->32364 32271 1b395a60 32272 1b395a71 32271->32272 32273 1b395a83 32271->32273 32366 1b259280 9 API calls 2 library calls 32272->32366 32278 1b395a76 32273->32278 32285 1b395aa1 32273->32285 32274 1b3959b1 32274->32275 32284 1b259280 9 API calls Concurrency::details::SchedulingRing::SchedulingRing 32274->32284 32365 1b259280 9 API calls 2 library calls 32274->32365 32275->32271 32275->32274 32278->32273 32367 1b259280 9 API calls 2 library calls 32278->32367 32280->32268 32281 1b2595e0 Concurrency::details::SchedulingRing::SchedulingRing 60 API calls 32280->32281 32282 1b3952c6 32280->32282 32286 1b39596e 32280->32286 32336 1b240fc0 32280->32336 32359 1b2582e0 54 API calls 2 library calls 32280->32359 32281->32280 32282->32280 32291 1b259280 9 API calls Concurrency::details::SchedulingRing::SchedulingRing 32282->32291 32358 1b259280 9 API calls 2 library calls 32282->32358 32360 1b259280 9 API calls 2 library calls 32282->32360 32361 1b259280 9 API calls 2 library calls 32282->32361 32362 1b259280 9 API calls 2 library calls 32282->32362 32283 1b395a96 32283->32285 32284->32274 32288 1b395af1 32285->32288 32368 1b2582e0 54 API calls 2 library calls 32285->32368 32363 1b240e50 60 API calls 2 library calls 32286->32363 32288->32257 32291->32282 32297->32257 32298->32246 32300 1b392098 32299->32300 32302 1b3920cc 32300->32302 32324 1b25b490 68 API calls 32300->32324 32304 1b392806 32302->32304 32315 1b3922a7 shared_ptr 32302->32315 32325 1b25ad40 68 API calls 2 library calls 32302->32325 32304->32261 32304->32264 32307 1b25aef0 98 API calls 32307->32315 32309 1b23f200 60 API calls 32309->32315 32315->32304 32315->32307 32315->32309 32316 1b39241a 32315->32316 32320 1b3918f0 32315->32320 32330 1b391c8c 68 API calls 32315->32330 32316->32315 32326 1b259280 9 API calls 2 library calls 32316->32326 32327 1b259280 9 API calls 2 library calls 32316->32327 32328 1b259280 9 API calls 2 library calls 32316->32328 32329 1b259280 9 API calls 2 library calls 32316->32329 32331 1b259280 9 API calls 2 library calls 32316->32331 32332 1b259280 9 API calls 2 library calls 32316->32332 32333 1b259280 9 API calls 2 library calls 32316->32333 32334 1b259280 9 API calls 2 library calls 32316->32334 32319->32264 32323 1b3919a3 32320->32323 32321 1b391c3a 32321->32315 32323->32321 32335 1b25ad40 68 API calls 2 library calls 32323->32335 32324->32302 32325->32302 32326->32315 32327->32315 32328->32315 32329->32316 32330->32315 32331->32315 32332->32315 32333->32315 32334->32315 32335->32323 32337 1b241009 32336->32337 32338 1b241055 32337->32338 32357 1b2411b6 32337->32357 32369 1b23f090 60 API calls 2 library calls 32337->32369 32340 1b2411f6 32338->32340 32348 1b241078 32338->32348 32341 1b241212 32340->32341 32342 1b24129e 32340->32342 32341->32357 32378 1b2582e0 54 API calls 2 library calls 32341->32378 32343 1b2412ce 32342->32343 32379 1b2582e0 54 API calls 2 library calls 32342->32379 32343->32357 32380 1b2582e0 54 API calls 2 library calls 32343->32380 32347 1b2410ce 32350 1b2595e0 Concurrency::details::SchedulingRing::SchedulingRing 60 API calls 32347->32350 32348->32347 32370 1b259380 32348->32370 32352 1b241127 32350->32352 32355 1b24115b 32352->32355 32376 1b2582e0 54 API calls 2 library calls 32352->32376 32353 1b2580b0 Concurrency::details::SchedulingRing::SchedulingRing RaiseException 32353->32347 32355->32357 32377 1b2582e0 54 API calls 2 library calls 32355->32377 32357->32280 32358->32280 32359->32280 32360->32280 32361->32280 32362->32280 32363->32268 32364->32274 32365->32275 32366->32278 32367->32283 32368->32288 32369->32338 32371 1b2410ff 32370->32371 32372 1b2593ab 32370->32372 32371->32353 32373 1b25a7b0 __initmbctable 54 API calls 32372->32373 32374 1b2593c2 32373->32374 32374->32371 32381 1b260120 54 API calls 2 library calls 32374->32381 32376->32355 32377->32357 32378->32357 32379->32343 32380->32357 32381->32371 32382->31993 32383->31999 32384->32002 32386 1b257387 32385->32386 32387 1b257408 32386->32387 32388 1b257398 32386->32388 32389 1b257413 32387->32389 32393 1b2574c1 32387->32393 32390 1b232a20 2 API calls 32388->32390 32391 1b2573b7 32388->32391 32389->32391 32403 1b232a20 32389->32403 32390->32391 32391->32044 32393->32391 32394 1b232a20 2 API calls 32393->32394 32394->32391 32395->32013 32396->32016 32397->32044 32398->32027 32399->32031 32400->32035 32401->32025 32402->32028 32404 1b232a54 32403->32404 32407 1b255b60 32404->32407 32405 1b232a83 32405->32391 32407->32405 32409 1b3986db 32407->32409 32408 1b398a70 32408->32405 32409->32408 32411 1b246290 IsBadWritePtr GetSystemTimeAsFileTime 32409->32411 32411->32408 32412->32051 32413->32054 32414->32059 32415->32061 32417 1b259e7e Concurrency::details::WorkSearchContext::SearchCacheLocal 32416->32417 32418 1b259eb4 32417->32418 32419 1b259e92 32417->32419 32433 1b25e520 54 API calls __initmbctable 32418->32433 32421 1b259ee0 32419->32421 32424 1b259ea5 GetLastError ExitThread 32419->32424 32425 1b259e20 32421->32425 32423 1b259f05 32426 1b25e480 _CreateFrameInfo 59 API calls 32425->32426 32427 1b259e29 32426->32427 32434 1b23ab40 32427->32434 32461 1b255140 GetModuleHandleA 32427->32461 32428 1b259e37 32471 1b259dc0 32428->32471 32430 1b259e3c __GetUnwindTryBlock 32430->32423 32433->32421 32435 1b23acc1 GetModuleHandleA 32434->32435 32436 1b23ab95 32434->32436 32439 1b23acd3 32435->32439 32459 1b23acd8 32435->32459 32437 1b23acb8 32436->32437 32438 1b23ab9e GetModuleHandleA 32436->32438 32486 1b23a850 GetModuleHandleA 32437->32486 32441 1b23abc3 32438->32441 32442 1b23abb3 GetModuleHandleA 32438->32442 32443 1b23a850 118 API calls 32439->32443 32445 1b23abe0 shared_ptr 32441->32445 32446 1b23aca6 32441->32446 32442->32441 32443->32459 32444 1b23acb6 32444->32435 32444->32459 32449 1b23abf2 GetModuleFileNameA GetFileVersionInfoSizeA 32445->32449 32447 1b23acb1 32446->32447 32448 1b23acaa 32446->32448 32479 1b246dc0 CreateEventA 32447->32479 32501 1b24ac40 126 API calls Concurrency::details::SchedulingRing::SchedulingRing 32448->32501 32449->32446 32452 1b23ac1f 32449->32452 32457 1b23ac27 GetFileVersionInfoA 32452->32457 32453 1b23acaf 32453->32435 32454 1b23adde SetEvent 32455 1b258680 shared_ptr 8 API calls 32454->32455 32456 1b23ae2d 32455->32456 32456->32428 32458 1b23ac4a VerQueryValueA 32457->32458 32460 1b23ac40 32457->32460 32458->32460 32459->32454 32460->32446 32462 1b255165 32461->32462 32463 1b25518d GetModuleHandleA 32461->32463 32462->32463 32464 1b25516d Sleep GetModuleHandleA 32462->32464 32465 1b25528c SetEvent 32463->32465 32466 1b2551aa GetProcAddress 32463->32466 32464->32462 32464->32463 32465->32428 32466->32465 32467 1b2551c6 GetModuleHandleA 32466->32467 32468 1b2551dc 32467->32468 32468->32465 32469 1b2551e5 VirtualQuery VirtualProtect VirtualProtect 32468->32469 32469->32465 32470 1b255282 32469->32470 32470->32465 32472 1b259dd0 32471->32472 32516 1b25e3e0 GetLastError FlsGetValue 32472->32516 32474 1b259deb 32475 1b259e0b ExitThread 32474->32475 32476 1b259e03 32474->32476 32477 1b259dfd CloseHandle 32474->32477 32528 1b25e6a0 57 API calls 32476->32528 32477->32476 32480 1b259f10 123 API calls 32479->32480 32481 1b246e0a WaitForSingleObject 32480->32481 32482 1b259c30 Concurrency::details::SchedulingRing::SchedulingRing 59 API calls 32481->32482 32483 1b246e26 CloseHandle 32482->32483 32502 1b245b20 32483->32502 32487 1b23a8a4 shared_ptr 32486->32487 32488 1b23a88b GetModuleHandleA 32486->32488 32490 1b23a91a 32487->32490 32494 1b23a8d0 GetModuleFileNameA GetFileVersionInfoSizeA 32487->32494 32488->32487 32489 1b23a927 32488->32489 32492 1b258680 shared_ptr 8 API calls 32489->32492 32515 1b24ed90 126 API calls Concurrency::details::SchedulingRing::SchedulingRing 32490->32515 32493 1b23a95c 32492->32493 32493->32444 32494->32490 32495 1b23a8f9 32494->32495 32496 1b23a901 GetFileVersionInfoA 32495->32496 32496->32490 32497 1b23a964 VerQueryValueA 32496->32497 32497->32490 32498 1b23a981 32497->32498 32498->32490 32499 1b23aa4c 32498->32499 32510 1b256e60 CreateEventA 32499->32510 32501->32453 32503 1b245b54 shared_ptr 32502->32503 32504 1b245c65 32502->32504 32506 1b245b72 GetModuleFileNameA CreateFileA SetFilePointer ReadFile 32503->32506 32505 1b258680 shared_ptr 8 API calls 32504->32505 32507 1b245c85 32505->32507 32508 1b245c33 CloseHandle 32506->32508 32509 1b245bf8 SetFilePointer ReadFile 32506->32509 32507->32444 32508->32504 32509->32508 32511 1b259f10 123 API calls 32510->32511 32512 1b256eaf WaitForSingleObject CloseHandle 32511->32512 32513 1b245b20 15 API calls 32512->32513 32514 1b256f10 32513->32514 32514->32489 32515->32489 32517 1b25e458 SetLastError 32516->32517 32518 1b25e40a 32516->32518 32517->32474 32519 1b261130 _CreateFrameInfo 49 API calls 32518->32519 32520 1b25e417 32519->32520 32520->32517 32521 1b25e41f FlsSetValue 32520->32521 32522 1b25e432 32521->32522 32523 1b25e44e 32521->32523 32525 1b25e2d0 _CreateFrameInfo 49 API calls 32522->32525 32529 1b25a880 54 API calls __initmbctable 32523->32529 32527 1b25e43c GetCurrentThreadId 32525->32527 32526 1b25e456 32526->32517 32527->32517 32528->32475 32529->32526 32530->32076 32531 7ff9ee5f2fcd 32532 7ff9ee5f2fdf RegSetValueExW 32531->32532 32534 7ff9ee5f3086 32532->32534 32535 7ff9ee5f484c 32536 7ff9ee5f4855 RegisterTypeLib 32535->32536 32538 7ff9ee5f48f8 32536->32538

                                                                                                                                  Executed Functions

                                                                                                                                  Function 1B238FF0 Relevance: 61.6, APIs: 21, Strings: 13, Instructions: 2143COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 51%
                                                                                                                                  			E1B238FF0(void* __eax, signed short __ebx, void* __ecx, signed char __edx, signed short __ebp, signed short __esp, void* __fp0, long long __rbx, signed long long __rdx, long long __rdi, signed long long __rsi, signed long long __rbp, long long __r8, signed long long __r9, void* __r10, intOrPtr __r11, long long __r12, long long __r13, long long __r14, long long __r15, void* _a23822, signed int _a23830, intOrPtr _a24282) {
				void* _v8;
				void* _v16;
				void* _v24;
				void* _v32;
				void* _v40;
				void* _v48;
				void* _v56;
				signed int _v72;
				char _v1096;
				char _v1097;
				char _v1098;
				signed int _v1099;
				char _v1100;
				char _v1101;
				char _v1102;
				char _v1103;
				char _v1104;
				char _v1105;
				char _v1106;
				char _v1107;
				char _v1108;
				char _v1109;
				char _v1110;
				char _v1111;
				char _v1112;
				char _v1113;
				char _v1114;
				char _v1115;
				signed int _v1116;
				char _v1117;
				char _v1118;
				char _v1119;
				signed int _v1120;
				char _v1121;
				char _v1122;
				char _v1123;
				signed int _v1124;
				char _v1125;
				char _v1126;
				char _v1127;
				signed int _v1128;
				signed long long _v1136;
				long long _v1144;
				long long _v1152;
				signed long long _v1160;
				long long _v1168;
				long long _v1176;
				long long _v1184;
				long long _v1192;
				signed long long _v1208;
				signed long long _v1216;
				long long _v1224;
				signed long long _v1240;
				long long _v1248;
				long long _v1256;
				char _v1264;
				intOrPtr _v1272;
				void* _v1280;
				signed long long _v1288;
				void* _v1296;
				long long _v1304;
				char _v1312;
				signed long long _v1320;
				void* _v1328;
				signed long long _v1336;
				signed short _v1344;
				signed long long _v1352;
				signed long long _v1360;
				signed int _v1368;
				signed long long _v1376;
				signed long long _v1384;
				void* _v1392;
				signed long long _v1400;
				intOrPtr _v1404;
				signed char _v1408;
				signed char _v1412;
				signed int _v1416;
				intOrPtr _v1460;
				signed int _v1464;
				signed char _v1476;
				signed int _v1484;
				signed char _v1496;
				signed int _v1500;
				signed int _v1504;
				signed int _v1512;
				intOrPtr _v1516;
				signed int _v1520;
				signed char _v1524;
				signed int _v1528;
				signed int _v1548;
				signed long long _v1560;
				void* _v1584;
				signed int _v1596;
				long long _v1608;
				char _v1632;
				signed char _v1636;
				signed char _v1640;
				intOrPtr _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed char _v1660;
				signed char _v1664;
				intOrPtr _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				long long _v1688;
				void* _v1696;
				char _v1704;
				signed int _v1712;
				signed long long _v1720;
				signed int _v1728;
				signed long long _v1736;
				signed int _v1744;
				char _v1748;
				signed char _v1752;
				signed long long _v1760;
				signed char _v1768;
				signed long long _v1776;
				char _v1784;
				signed long long _v1792;
				signed int _v1800;
				signed long long _v1808;
				signed int _v1816;
				signed long long _v1824;
				signed int _v1832;
				signed long long _v1840;
				signed int _v1848;
				signed char _v1856;
				void* _v1864;
				void _v1872;
				signed int _v1876;
				signed char _v1880;
				signed long long _v1888;
				signed int _v1896;
				signed int _v1900;
				signed int _v1904;
				signed int _v1912;
				signed long long _v1920;
				signed int _v1924;
				signed char _v1928;
				signed long long _v1936;
				signed int _v1944;
				signed int _v1952;
				signed int _v1960;
				signed short _t814;
				void* _t823;
				signed short _t826;
				intOrPtr _t832;
				signed int _t834;
				signed int _t837;
				signed short _t838;
				void* _t840;
				signed int _t843;
				signed int _t844;
				void* _t848;
				signed char _t851;
				signed int _t852;
				signed int _t855;
				signed short _t861;
				signed int _t867;
				signed int _t868;
				intOrPtr _t876;
				signed int _t885;
				signed int _t887;
				signed char _t888;
				signed int _t898;
				signed char _t899;
				intOrPtr _t907;
				intOrPtr _t908;
				void* _t912;
				signed short _t924;
				signed int _t945;
				void* _t956;
				int _t967;
				signed short _t970;
				signed int _t990;
				signed char _t995;
				signed char _t1011;
				signed int _t1013;
				signed int _t1015;
				signed int _t1024;
				signed short _t1027;
				signed int _t1028;
				signed int _t1031;
				signed char _t1032;
				void* _t1036;
				signed int _t1040;
				void* _t1041;
				signed int _t1059;
				signed char _t1062;
				signed int _t1067;
				signed int _t1077;
				void* _t1085;
				void* _t1087;
				signed int _t1088;
				signed int _t1093;
				signed int _t1097;
				signed int _t1100;
				signed char _t1103;
				signed char _t1114;
				signed short _t1116;
				signed char _t1118;
				signed char _t1122;
				signed int _t1123;
				signed short _t1130;
				signed char _t1134;
				void* _t1138;
				signed char _t1148;
				signed short _t1156;
				signed int _t1158;
				signed char _t1159;
				signed short _t1160;
				signed int _t1184;
				signed short _t1185;
				signed short _t1186;
				void* _t1191;
				void* _t1192;
				void* _t1195;
				void* _t1197;
				intOrPtr _t1199;
				int _t1207;
				void* _t1213;
				signed long long _t1214;
				signed int _t1215;
				void* _t1218;
				void* _t1219;
				signed long long _t1224;
				intOrPtr* _t1226;
				long long _t1228;
				signed long long _t1230;
				signed long long _t1232;
				signed long long _t1233;
				void* _t1237;
				void* _t1238;
				long long _t1242;
				void* _t1243;
				long long _t1248;
				long long _t1250;
				long long _t1253;
				intOrPtr _t1254;
				void* _t1259;
				signed long long _t1260;
				long long _t1262;
				char _t1263;
				signed long long _t1264;
				signed long long _t1265;
				intOrPtr* _t1275;
				char* _t1276;
				void* _t1282;
				signed long long _t1287;
				signed long long _t1292;
				signed long long _t1295;
				signed long long _t1302;
				long long _t1308;
				void* _t1311;
				signed long long _t1312;
				intOrPtr _t1330;
				intOrPtr _t1331;
				signed long long _t1336;
				signed long long* _t1354;
				signed long long* _t1356;
				signed long long _t1360;
				signed long long _t1363;
				signed long long _t1367;
				signed long long _t1369;
				intOrPtr _t1370;
				long long _t1377;
				long long _t1380;
				signed long long _t1386;
				signed long long _t1389;
				signed long long* _t1391;
				signed int _t1392;
				long long _t1395;
				signed long long _t1399;
				intOrPtr _t1401;
				void* _t1404;
				signed long long _t1405;
				void* _t1407;
				signed long long _t1410;
				signed long long _t1411;
				signed long long _t1415;
				signed long long _t1422;
				signed long long _t1429;
				signed long long _t1432;
				void* _t1435;
				signed long long _t1436;
				signed long long _t1437;
				long long _t1439;
				long long* _t1440;
				char _t1441;
				signed long long _t1445;
				signed long long _t1447;
				signed long long _t1448;
				long long _t1449;
				long long _t1450;
				void* _t1451;
				void* _t1455;
				signed int _t1460;
				signed long long _t1462;
				signed long long _t1464;
				void* _t1465;
				signed long long _t1466;
				signed int* _t1471;
				intOrPtr _t1476;
				signed long long _t1478;
				signed long long _t1479;
				void* _t1489;
				signed int _t1490;
				intOrPtr _t1491;
				intOrPtr _t1492;
				signed long long _t1494;
				signed long long _t1495;
				signed long long _t1496;
				signed int _t1499;
				intOrPtr _t1501;
				intOrPtr _t1508;
				signed long long _t1510;
				signed char _t1519;
				signed long long _t1521;
				void* _t1523;

				_t1518 = __r15;
				_t1514 = __r14;
				_t1492 = __r11;
				_t1489 = __r10;
				_t1478 = __r9;
				_t1468 = __r8;
				_t1464 = __rbp;
				_t1462 = __rsi;
				_t1262 = __rbx;
				_t1218 = __fp0;
				_t1186 = __esp;
				_t1185 = __ebp;
				_t1103 = __edx;
				_t970 = __ebx;
				_t1219 = _t1465;
				_t1466 = _t1465 - 0x7c8;
				_v1184 = 0xfffffffe;
				 *((long long*)(_t1219 - 8)) = __rbx;
				 *((long long*)(_t1219 - 0x10)) = __rsi;
				asm("inc sp");
				 *((long long*)(_t1219 - 0x18)) = __rdi;
				 *((long long*)(_t1219 - 0x20)) = __r12;
				asm("bts ecx, esi");
				 *((long long*)(_t1219 - 0x28)) = __r13;
				asm("sbb cl, 0xce");
				 *((long long*)(_t1219 - 0x30)) = __r14;
				 *((long long*)(_t1219 - 0x38)) = __r15;
				r12b = 0x92;
				asm("dec eax");
				asm("dec eax");
				asm("inc eax");
				_v72 =  *0x1B28FD98 ^ _t1466;
				_v1848 = __r9;
				_t1439 = __r8;
				asm("clc");
				_t1494 = __rdx;
				_v1816 = __rdx;
				asm("cmc");
				_v1840 = __rdx;
				_v1824 = __r9;
				_t1224 =  *0x1B291A28 + 0x198;
				_v1920 = _t1224;
				EnterCriticalSection();
				_v1912 = 1;
				asm("dec esp");
				asm("rcl ch, cl");
				_v1704 = __r8;
				asm("ror dl, cl");
				_t1184 = 0;
				_v1808 = __rsi;
				asm("inc ecx");
				asm("inc sp");
				_t1377 =  *((intOrPtr*)(0x1b291a28)) + 0xd0;
				_t30 = _t1377 + 8; // 0x0
				_t1275 =  *_t30;
				_t814 = _t1224 >> 0xfc;
				asm("lahf");
				_t1226 =  *((intOrPtr*)(_t1275 + 8));
				asm("clc");
				asm("stc");
				_t1191 =  *((intOrPtr*)(_t1226 + 0x29)) - sil;
				if(_t1191 != 0) {
					L11:
					_v1304 = _t1275;
					_v1312 = _t1377;
					asm("lahf");
					_t48 = _t1377 + 8; // 0x0
					_t1228 =  *_t48;
					if(_t1275 == _t1228) {
						L16:
						_v1256 = _t1228;
						__eflags = _t1262 - 0xc740272;
						_v1264 = _t1377;
						r13b = dil;
						dil = r13b;
						_t1276 =  &_v1264;
						asm("dec ecx");
						asm("dec ecx");
						__eflags = r10b & _t1103;
						L17:
						_t1440 =  &_v1112;
						asm("dec eax");
						asm("clc");
						asm("inc ecx");
						r13w = _t970 & 0x000000ff;
						 *_t1440 =  *_t1276;
						r13d = (r13d << 0x00000020 | r13d) << 0xaa;
						r13w = r13w | 0x00004498;
						asm("inc esp");
						_t1230 =  *((intOrPtr*)(_t1276 + 8));
						r13w = r13w ^ 0x00000d8e;
						 *(_t1440 + 8) = _t1230;
						_t64 = _t1377 + 8; // 0x0
						_t1508 =  *_t64;
						asm("inc cx");
						asm("bswap edi");
						_t1441 = _v1112;
						if(_t1441 == 0) {
							L20:
							E1B259280(_t1230, _t1377, _t1468);
							L21:
							_t1263 = _v1104;
							asm("clc");
							if(_t1263 != _t1508) {
								_t1199 = _t1441;
								if(_t1199 == 0) {
									E1B259280(_t1230, _t1377, _t1468);
								}
								if(_t1263 ==  *((intOrPtr*)(_t1441 + 8))) {
									_t819 = E1B259280(_t1230, _t1377, _t1468) << 0xf;
								}
							}
							_v1224 = _t1494 - 8;
							asm("clc");
							_t1380 = _t1494 - _t1230 - 0x1a;
							_v1936 = _t1380;
							_v1144 = _t1380;
							asm("cwd");
							asm("bts dx, si");
							asm("rcr dx, cl");
							_v1696 = _t1494 - _t1230 - 0x1a;
							_t1282 =  *((intOrPtr*)(0x1b291a28)) + 0xd0;
							_t823 = E1B238A70(_t1263, _t1282,  &_v1704, _t1441, _t1462, _t1464, _t1494, _t1508);
							 *_t1230 = _t1462;
							asm("rcl ch, cl");
							_v1720 = _t1462;
							asm("dec esp");
							r8b = r8b | 0x0000002c;
							r8d = 0x400;
							_t990 = 0x7d00 | _t1202;
							asm("bswap ecx");
							E1B258FC0(_t823, _t990, 0,  &_v1096,  &_v1704, _t1468);
							r8d = 0x3ff;
							asm("ror edx, 0x71");
							asm("dec eax");
							asm("stc");
							asm("cmc");
							GetModuleFileNameA();
							_t1264 = _t1462;
							_v1776 = _t1462;
							asm("cwd");
							_t826 = GetFileVersionInfoSizeA(); // executed
							_t1156 = _t826;
							asm("clc");
							_v1344 = _t1156;
							goto 0x1b38f452;
							if (_t826 == 0) goto L37;
							_t1370 = _t1441;
							L1B257D70(_t1230, _t1370);
							_t1264 = _t1230;
							r8b = r8b >> 0x3f;
							r8b = r8b + 1;
							_v1776 = _t1230;
							_t1478 = _t1230;
							asm("dec eax");
							r8b = r8b & r9b;
							asm("inc cx");
							r8d = _t1156;
							asm("clc");
							asm("adc ch, 0x84");
							_t967 = GetFileVersionInfoA(); // executed
							_t1207 = _t967;
							if(_t1207 == 0) {
								L1B259C50(_t1230, _t1264);
								_t1264 = _t1462;
								r15d = _t1186 & 0x0000ffff;
								_v1776 = _t1462;
							}
							r15d = 0xf380359;
							_v1928 = r15d;
							_t1386 = _t1156 & 0x0000ffff;
							E1B258080(0x5c,  &_v1096);
							_t105 = _t1230 + 1; // 0x1
							_t1495 = _t105;
							_v1792 = _t1495;
							_t995 = r14w & 0xffffffff;
							_t1287 = _t1495;
							E1B26C490(_t1184, _t1230, _t1287, _t1386, _t1441, _t1462, _t1464, _t1468, _t1478, _t1489, _t1495, _t1508, _t1514, _t1518);
							r13w = sil;
							asm("dec ecx");
							r13w = r13w | 0x000005d9;
							asm("repne scasb");
							asm("inc eax");
							_v1768 = r13d;
							asm("dec esp");
							asm("dec eax");
							dil = dil >> _t995;
							_t1158 = _t1184;
							asm("cmc");
							_v1744 = _t1184;
							while(_t1158 < r13d) {
								r8d = 8;
								asm("rcr dl, cl");
								_t1437 = _t1495;
								_t997 = 0;
								_t1213 = E1B23AA90(0, _t1437, _t1478, _t1492) - r15d;
								if(_t1213 != 0) {
									_t1495 = _t1495 + 1;
									asm("clc");
									_v1792 = _t1495;
									_t1158 = _t1158 + 1;
									_v1744 = _t1158;
									continue;
								}
								_t1214 = _t1264;
								if(_t1214 == 0) {
									L49:
									_t1215 = _v1912;
									if(_t1215 == 0) {
										L53:
										_v1912 = _t1184;
										L428:
										_t840 = E1B258680(_t997, _v72 ^ _t1466);
										r12b = r12b + spl;
										r13b = r8b;
										asm("inc cx");
										r14b = r14b << _t997;
										asm("inc ebp");
										asm("inc ecx");
										return _t840;
									}
									LeaveCriticalSection();
									goto L53;
								}
								_t1369 = _t1264;
								L1B259C50(_t1230, _t1369);
								goto L49;
							}
							_v1760 = _t1462;
							asm("dec eax");
							_t1519 = r13d;
							asm("cdq");
							r15d = 1;
							_v1880 = 1;
							asm("bswap edx");
							_v1960 =  &_v1900;
							_t1479 =  &_v1896;
							asm("dec eax");
							_t1445 = _v1816;
							r8b = __eflags >= 0;
							asm("bswap edx");
							_t1469 = _t1445;
							_t1114 = 1;
							_t997 =  !(r10b & 0xffffffff);
							_t1292 = _v1936;
							_t831 = E1B38D750(_t970, 1, _t1158, _t1185, _t1186, __eflags, _t1230, _t1264, _t1292, _t1445, _t1462, _t1469, _t1479, _t1489, _t1492, _t1495, 0xbadba2, 0xffffffff, _t1519);
							_t1510 = _t1230;
							_v1720 = _t1230;
							r12w = sil & 0xffffffff;
							_t1232 = _v1936;
							_v1760 = _t1232;
							_t1496 = _v1696;
							__eflags = _t1510;
							if(__eflags != 0) {
								L78:
								__eflags = _t1264;
								if(__eflags == 0) {
									L107:
									r12d =  *(_t1510 + 4);
									_v1944 = r12d;
									asm("rcl dh, cl");
									_t1389 =  &_v1528;
									_v1192 = _t1389;
									_v1160 = _t1445;
									asm("adc cx, dx");
									_t1295 = _t1462;
									_v1384 = _t1462;
									__eflags = sil - (r14w & 0xffffffff);
									asm("cmc");
									asm("clc");
									r9w - _t1185 = r8w & _t970;
									__eflags = _t1114 - 0xd6;
									while(1) {
										__eflags = _t1295 - 0x80;
										if(_t1295 >= 0x80) {
											break;
										}
										_t831 =  *(_t1295 + _t1445) & 0x000000ff;
										__eflags = _t1469 & _t1232;
										asm("clc");
										 *((char*)(_t1295 + _t1389)) =  *(_t1295 + _t1445) & 0x000000ff;
										r15b & r11b = r12w - r11w;
										_t1295 = _t1295 + 1;
										_v1384 = _t1295;
									}
									_t1233 =  &_v1528;
									asm("dec eax");
									_v1840 = _t1233;
									asm("adc edx, ebx");
									asm("inc sp");
									_t1116 = _v1520;
									__eflags = _t1116;
									if(__eflags == 0) {
										L121:
										_t832 = _v1516;
										__eflags = _t832 - 0xa;
										if(__eflags < 0) {
											L417:
											asm("cmc");
											 *( *((intOrPtr*)(0x1b291a28)) + 8) = 1;
											_t1296 =  *((intOrPtr*)(0x1b291a28));
											_t834 = _v1464;
											 *( *((intOrPtr*)(0x1b291a28)) + 0x14) = _t834;
											_t837 = (_t834 & r12d ^ 0x00007e3b) & 0xffffff00 | __eflags > 0x00000000;
											_t1235 =  *((intOrPtr*)(0x1b291a28));
											asm("clc");
											__eflags =  *( *((intOrPtr*)(0x1b291a28)) + 0xcc);
											if(__eflags == 0) {
												L421:
												_t997 = 0;
												_t838 = E1B259A10(0, _t1235, _t1264, _t1445, _t1462, _t1496);
												asm("dec eax");
												_t1184 = _t1184 ^ _t1184;
												_t1265 = _v1808;
												__eflags = r8w - _t1116;
												asm("clc");
												L423:
												__eflags = _v1912;
												if(__eflags == 0) {
													L427:
													_v1912 = _t1184;
													asm("inc sp");
													asm("rcr cl, cl");
													goto L428;
												}
												LeaveCriticalSection();
												goto L427;
											}
											L1B2A0344(_t837, _t970, 0, _t1116, _t1185, _t1186, _t1218, _t1235, _t1264, _t1296, _t1389, _t1445);
											goto L421;
										}
										__eflags = _t832 - 0xc;
										if(__eflags > 0) {
											goto L417;
										}
										asm("rol cl, cl");
										_t843 = _v1528 ^ _v1408;
										_v1528 = _t843;
										asm("btr ecx, 0x1a");
										_t844 = _t843 ^ _v1524;
										_t844 & 0x00001c8b = r11w - r11w;
										_v1528 = _t844;
										_v1528 = _t844 ^ _t1116;
										_t1300 =  &_v1528;
										__eflags = E1B23B900(_t1264,  &_v1528, _t1389, _t1445, _t1462, _t1464, _t1469, _t1479, _t1496);
										if(__eflags != 0) {
											L183:
											E1B2595E0(0x398, _t1116, _t1184, __eflags, _t1233, _t1300, _t1445, _t1462, _t1469, _t1479);
											_t1447 = _t1233;
											__eflags = r8b - _t970;
											_v1216 = _t1233;
											__eflags = 0x110;
											asm("stc");
											__eflags = _t1233;
											if(__eflags == 0) {
												_t1265 = _t1462;
												r14d = _v1900;
												asm("inc ecx");
												r15d = _v1896;
												asm("btc cx, 0x91");
												L191:
												_v1808 = _t1265;
												asm("rcl dh, 0xf9");
												_t1118 = 0xa2;
												_t1302 =  *((intOrPtr*)(0x1b291a28)) + 0xd0;
												asm("dec eax");
												_t1391 =  &_v1704;
												_t848 = E1B238A70(_t1265, _t1302, _t1391, _t1447, _t1462, _t1464, _t1496, _t1510);
												 *_t1233 = _t1265;
												__eflags = r14w - 0x567e;
												_t997 = 0;
												_t838 = E1B259590(_t848, _t1302);
												_t1448 = _t1233;
												asm("cmc");
												__eflags = 0x000000a2 & r13b;
												__eflags = _v1520;
												if(__eflags != 0) {
													L227:
													_v1876 = 1;
													asm("dec eax");
													_t1159 = _v1412;
													asm("cmc");
													asm("clc");
													__eflags = _t1159;
													if(__eflags == 0) {
														L274:
														_v1832 = 1;
														asm("dec ecx");
														r13w = r13w | _t1159;
														asm("dec ecx");
														r13d = _v1496;
														__eflags = r13d;
														if(__eflags == 0) {
															L308:
															__eflags = _v1876;
															if(__eflags == 0) {
																L372:
																r13d = 1;
																_t1521 = _v1840;
																__eflags = bpl - 0xaf;
																asm("adc dx, 0x48f3");
																r12d = _v1944;
																_t1118 = _t838 - 0xff;
																_t1392 = _v1848;
																__eflags = r10d & 0x61a80f4b;
																asm("stc");
																L373:
																__eflags = _v1832;
																if(_v1832 == 0) {
																	L416:
																	goto L423;
																}
																__eflags =  *(_t1521 + 0x20);
																if(__eflags <= 0) {
																	goto L416;
																}
																asm("inc esp");
																r8w = r8w | 0x0000550d;
																asm("rcr cx, 0x47");
																asm("stc");
																__eflags = sil - r10b;
																asm("clc");
																dil = 0xd4;
																_t678 = _t1392 + 1; // 0x1
																_t1449 = _t1302 - _t1233 + _t678;
																r8b = _t1118;
																_v1688 = _t1449;
																r8w = r8b & 0xffffffff;
																asm("cdq");
																r8d = r13w;
																r8d = 0x30;
																_t1011 =  !(r10w & 0xffffffff);
																VirtualQuery();
																r8b = __eflags < 0;
																asm("stc");
																asm("inc ecx");
																asm("inc ecx");
																_t1237 =  &_v1632 - _v1632 + _t1449 + 4;
																_t1122 =  *(_t1521 + 0x54) << _t1011;
																_t1395 = _v1608;
																asm("inc ecx");
																__eflags = _t1395 - _t1237;
																r8w = r11b;
																r9d = 0x76e927a6;
																_t1396 =  <  ? _t1237 : _t1395;
																r9d = r11w & 0xffffffff;
																r9w = r12w;
																asm("dec ecx");
																_v1608 =  <  ? _t1237 : _t1395;
																_t851 = _v1596;
																_v1856 = _t851;
																r8d = _t1122;
																r8w = _t851 & 0x000000ff;
																r8d = 0x40;
																_t852 = VirtualProtect();
																__eflags = _t852;
																if(_t852 != 0) {
																	L384:
																	_v1128 = 0x8b;
																	__eflags = r11b & 0x0000006a;
																	_v1127 = 0xf8;
																	_v1126 = 0x3b;
																	r10b & r9b = r8w - r9w;
																	_v1125 = 0xfb;
																	_v1124 = 0xf;
																	__eflags = r12w & r8w;
																	asm("clc");
																	_v1123 = 0x84;
																	__eflags = r11b - 0x4c;
																	asm("stc");
																	_v1122 = 0xbf;
																	_v1121 = 0x19;
																	asm("stc");
																	asm("clc");
																	_v1120 = 0x28;
																	r14b - r13b = bpl - 0xec;
																	_v1119 = 0;
																	_v1118 = 0xc7;
																	_v1117 = 0x45;
																	asm("cmc");
																	__eflags = r14b - 0xda;
																	_v1116 = 0xe8;
																	_v1115 = 1;
																	__eflags = _t1464 & 0x42c90a05;
																	asm("clc");
																	_v1114 = 0;
																	asm("stc");
																	__eflags = r13w - 0x4e85;
																	_v1113 = 0;
																	__eflags =  *(_t1521 + 0x2c);
																	if( *(_t1521 + 0x2c) == 0) {
																		L396:
																		_v1752 = r13d;
																		_v1904 = _t1184;
																		_t1123 =  <=  ? _t1186 : _t1122;
																		_t1013 =  !=  ? _t1186 : r15b;
																		_t1308 = _t1449;
																		r11d = E1B235DD0(_t1308,  &_v1904);
																		_t1490 = r10d;
																		asm("inc ecx");
																		asm("dec ecx");
																		while(1) {
																			L398:
																			r10d = _v1904;
																			asm("stc");
																			r12b - 0xa9 = r9w & _t1013;
																			__eflags = r10d;
																			if(__eflags == 0) {
																				L413:
																				r8d = _v1596;
																				_t997 = r13w;
																				_t838 = VirtualProtect();
																				goto L416;
																			}
																			__eflags = r11d - 0xffffffff;
																			if(__eflags == 0) {
																				goto L413;
																			}
																			__eflags = r11d;
																			if(r11d == 0) {
																				goto L413;
																			}
																			__eflags = r13d -  *((intOrPtr*)(_t1521 + 0x30));
																			if(__eflags >= 0) {
																				goto L413;
																			}
																			__eflags = r13d -  *(_t1521 + 0x54);
																			if(r13d >=  *(_t1521 + 0x54)) {
																				goto L413;
																			}
																			r8w = r12b & 0xffffffff;
																			_t855 =  *(_t1521 + 8) ^ r13d;
																			asm("dec eax");
																			asm("dec eax");
																			_t1015 = _v1128 ^ _t855;
																			asm("dec eax");
																			_v1128 = _t1015;
																			asm("dec eax");
																			asm("inc ebp");
																			r8b = r8b << _t1015;
																			r8d = _v1120;
																			asm("inc sp");
																			r8d = r8d ^ _t855;
																			asm("inc ecx");
																			asm("inc ecx");
																			r9d = _v1116;
																			r9d = r9d ^ _t855;
																			asm("dec ecx");
																			_t1016 = _t1015 ^ r12d;
																			asm("cmc");
																			_v1128 = _t1016;
																			asm("clc");
																			_v1124 = _v1124 ^ _t855 ^ r12d;
																			r8d = r8d ^ r12d;
																			_v1120 = r8d;
																			r9d = r9d ^ r12d;
																			__eflags = r13b - 0x33;
																			asm("cdq");
																			_v1116 = r9d;
																			asm("lahf");
																			_t1130 = sil;
																			_t1450 = _t1449 + _t1237;
																			r8w = r8w << 0x26;
																			asm("inc cx");
																			_v1688 = _t1450;
																			__eflags = r12b & 0x000000d0;
																			r8d = _t1490 - 1;
																			__eflags = r12d - _t1016;
																			asm("rol edx, 0x4c");
																			asm("dec eax");
																			_t1399 = _t1462;
																			_v1360 = _t1462;
																			asm("btr ax, bx");
																			__eflags = r11d >> 0xea;
																			while(1) {
																				L408:
																				__eflags = _t1399 - _t1237;
																				if(__eflags >= 0) {
																					_t1449 = _t1450 + _t1490;
																					_v1688 = _t1449;
																					asm("rol dh, 0xbe");
																					_t861 = _t1492 + _t1490;
																					r13d = r13d + _t861;
																					_v1752 = r13d;
																					_t1311 =  >=  ? _t1464 : _t1308;
																					asm("dec eax");
																					_t1123 = (_t861 << 0x00000020 | _t1130) >> 0x13 & 0xffffff00 | __eflags > 0x00000000;
																					_v1904 = _t1184;
																					_t1013 = _t1185 & 0x0000ffff;
																					_t1308 = _t1449;
																					r11d = E1B235DD0(_t1308,  &_v1904);
																					goto L398;
																				}
																				_t1016 =  *(_t1466 + _t1237 + 0x360) ^  *(_t1399 + _t1450);
																				 *(_t1399 + _t1450) =  *(_t1466 + _t1237 + 0x360) ^  *(_t1399 + _t1450);
																				__eflags = r12b - spl;
																				_t1399 = _t1399 + 1;
																				_v1360 = _t1399;
																				goto L408;
																			}
																		}
																	}
																	_t1186 & r8w = r10b - 0x18;
																	asm("clc");
																	__eflags =  *((intOrPtr*)(_t1265 + 0x1c)) -  *((intOrPtr*)(_t1265 + 0x2c4));
																	if(__eflags != 0) {
																		_t1401 =  *((intOrPtr*)(_t1265 + 0x348));
																		asm("dec esp");
																		L391:
																		_t1471 =  &_v1128;
																		_t1312 = _t1462;
																		asm("stc");
																		__eflags = r11d - 0x1fe35365;
																		_v1400 = _t1462;
																		while(1) {
																			__eflags = _t1312 - 0x10;
																			if(_t1312 >= 0x10) {
																				goto L396;
																			}
																			_t867 =  *(_t1312 + _t1401) & 0x000000ff;
																			r10w - r10w = spl & 0x00000086;
																			 *(_t1312 + _t1471) = _t867;
																			__eflags = _t867;
																			_t1312 = _t1312 + 1;
																			_v1400 = _t1312;
																		}
																		goto L396;
																	}
																	_t730 = _t1265 + 0xa4; // 0x178
																	_t1401 = _t730;
																	goto L391;
																}
																asm("dec eax");
																asm("cdq");
																_t694 = _t1237 + 4; // 0x4
																r8d = _t694;
																_t868 = VirtualProtect();
																_t1024 = _v1596;
																__eflags = _t868;
																_t1025 =  ==  ? _v1856 : _t1024;
																_v1596 =  ==  ? _v1856 : _t1024;
																goto L384;
															}
															__eflags = _t1159;
															if(__eflags == 0) {
																goto L372;
															}
															__eflags = _v1416;
															if(_v1416 <= 0) {
																goto L372;
															}
															__eflags =  *(_t1265 + 0x33c);
															if(__eflags == 0) {
																_t1469 =  *((intOrPtr*)(_t1265 + 0x348));
																asm("dec eax");
																_t1404 =  *((intOrPtr*)( *((intOrPtr*)(_t1265 + 0x348)) + 0x3c)) +  *((intOrPtr*)(_t1265 + 0x348));
																__eflags = r14b - r12b;
																__eflags =  *((short*)(_t1404 + 0x18)) - 0x20b;
																if(__eflags != 0) {
																	_t997 = _t1159;
																	_t838 = E1B240A60(_t997, _t1233, _t1404, _t1469, _t1492);
																	_t1405 = _t1233;
																	r15w = r15w - 1;
																	r14b = r14b >> _t997;
																	asm("inc cx");
																	_v1888 = _t1233;
																	r15b = r15b << 0x15;
																	r15b = r15b << _t997;
																	__eflags = r15b;
																	L326:
																	r14d = _t1184;
																	asm("inc cx");
																	r15b = r15b >> _t997;
																	_v1800 = _t1184;
																	r15d = (_t1118 << 0x00000020 | r15d) >> 0xd8;
																	_t1521 = _v1840;
																	__eflags = _t1118 & 0x00000084;
																	while(1) {
																		__eflags = r14d -  *((intOrPtr*)(_t1521 + 0x70));
																		if(__eflags >= 0) {
																			r13d = 1;
																			asm("cdq");
																			r12d = _v1944;
																			_t1392 = _v1848;
																			goto L373;
																		}
																		_t1160 =  *(_t1405 + _t1302 * 4);
																		asm("cmc");
																		r12d =  *(_t1405 + _t1233 * 4);
																		asm("cmc");
																		__eflags = _t1479 & _t1466;
																		r12d = r12d ^  *(_t1521 + 8);
																		__eflags = r15b & 0x000000d7;
																		r12d = r12d ^ _t1160;
																		__eflags =  *(_t1265 + 0x33c);
																		if(__eflags == 0) {
																			_t1472 =  *((intOrPtr*)(_t1265 + 0x348));
																			asm("clc");
																			_t1407 =  *((intOrPtr*)( *((intOrPtr*)(_t1265 + 0x348)) + 0x3c)) +  *((intOrPtr*)(_t1265 + 0x348));
																			_t1492 - 0x6fde217a = _t1184 & _t1160;
																			__eflags =  *((short*)(_t1407 + 0x18)) - 0x20b;
																			if(__eflags != 0) {
																				_t1027 = _t1160;
																				E1B240A60(_t1027, _t1233, _t1407, _t1472, _t1492);
																				_t1448 = _t1233;
																				L341:
																				r13d = r12d;
																				asm("inc ecx");
																				r8b =  !r8b;
																				_t1028 = r9w;
																				r8d = 0x30;
																				_t1031 =  !_t1028;
																				VirtualQuery();
																				_t1134 = r13d;
																				_t1032 = _t1031 - _t1184;
																				r8d = _t1185 & 0x0000ffff;
																				__eflags = _t1032 - _t1185;
																				asm("inc ebp");
																				_t1238 =  &_v1584 - _v1584 + _t1448 + 4;
																				asm("inc bp");
																				r9w = r9w - 0x6d5d;
																				_t1410 = _v1560;
																				__eflags = _t1410 - _t1238;
																				_t1411 =  <  ? _t1238 : _t1410;
																				r9w = r8w;
																				r8w = r9w;
																				asm("lahf");
																				r9w = r15b;
																				_v1560 = _t1411;
																				_t1233 = r11w;
																				r8d = _t1134 & 0x0000ffff;
																				r8b =  !r8b;
																				r8w = _t1134;
																				_v1872 = _v1548;
																				r8w = _t970;
																				_t1469 = r9w;
																				r8d = 0x40;
																				__eflags = VirtualProtect();
																				if(__eflags != 0) {
																					L351:
																					 *_t1448 = r13d;
																					asm("inc ecx");
																					if(__eflags >= 0) {
																						L369:
																						_t1479 =  &_v1872;
																						asm("dec eax");
																						r8d = _v1548;
																						asm("bswap ecx");
																						_t997 = _t1032 & 0xffffff00 | __eflags > 0x00000000;
																						_t1302 = _v1584;
																						_t838 = VirtualProtect(??, ??, ??, ??);
																						r14d = r14d + 1;
																						_t1138 =  !=  ? r10d : dil & 0xffffff00 | __eflags;
																						_t1118 = dil & 0xffffff00 | __eflags <= 0x00000000;
																						_v1800 = r14d;
																						_t1405 = _v1888;
																						continue;
																					}
																					_t876 =  *((intOrPtr*)(_t1265 + 0x2c4));
																					asm("stc");
																					__eflags =  *((intOrPtr*)(_t1265 + 0x1c)) - _t876;
																					if(__eflags != 0) {
																						_t1491 =  *((intOrPtr*)(_t1265 + 0x348));
																						_t1134 = _t1134 - 1;
																						__eflags = _t1411 & 0x1d002d66;
																						L360:
																						r9b = 0;
																						_t1415 = _t1462;
																						_v1376 = _t1462;
																						asm("sbb ax, dx");
																						__eflags = (0x0e9f7975 << 0x00000020 | _t970) << 0xd3 | 0x0000219f;
																						while(1) {
																							__eflags = _t1415 - _t1233;
																							L362:
																							if(__eflags >= 0) {
																								goto L369;
																							}
																							r8d =  *(_t1415 + _t1448 + 4) & 0x000000ff;
																							asm("clc");
																							_t1134 - bpl = _t1184 & 0x00002e10;
																							asm("stc");
																							_t1032 =  *(_t1233 + _t1491) ^ r8b;
																							 *(_t1415 + _t1448 + 4) = _t1032;
																							__eflags = _t1415;
																							if(__eflags != 0) {
																								__eflags = _t1134 & 0x00000081;
																								asm("inc ecx");
																								r9w =  ~r9w;
																								_t1032 = r9b ^  *(_t1415 + _t1448 + 4);
																								asm("inc ecx");
																								 *(_t1415 + _t1448 + 4) = _t1032;
																								r9b = r9b << _t1032;
																								asm("inc esp");
																							}
																							r9d = r8b & 0xffffffff;
																							asm("cmc");
																							__eflags = _t970 - 0xe5;
																							_t1415 = _t1415 + 1;
																							_v1376 = _t1415;
																							__eflags = _t1415 - _t1233;
																							goto L362;
																						}
																					}
																					_t1491 = _t1265 + 0xa4;
																					goto L360;
																				}
																				r8b = 0x9c;
																				_t1036 =  <=  ? r15d : _t1032;
																				_t623 = _t1233 + 4; // -96
																				r8d = _t623;
																				_t1134 = r12b;
																				asm("dec eax");
																				_t1411 = _v1560;
																				_t885 = VirtualProtect();
																				__eflags = _t1184 - r9d;
																				asm("cmc");
																				__eflags = _t885;
																				_t1032 =  ==  ? _v1872 : _v1548;
																				_v1548 = _t1032;
																				goto L351;
																			}
																			E1B240A60(_t1160, _t1233, _t1407, _t1472, _t1492);
																			_t1448 = _t1233;
																			goto L341;
																		}
																		_t1448 = _t1448 +  *((intOrPtr*)(_t1265 + 0x348));
																		goto L341;
																	}
																}
																_t997 = _t1159;
																_t838 = E1B240A60(_t997, _t1233, _t1404, _t1469, _t1492);
																_t1405 = _t1233;
																_v1888 = _t1233;
																goto L326;
															}
															_t1118 = _t1159;
															__eflags = _t1186 & r8w;
															_t1405 = _t1391 +  *((intOrPtr*)(_t1265 + 0x348));
															_v1888 = _t1405;
															goto L326;
														}
														_v1680 = _t1184;
														dil = dil & 0x0000008a;
														asm("inc ecx");
														_v1680 = r15d;
														asm("bswap eax");
														_v1676 = r14d;
														r8w = r8w - 0x406d;
														asm("stc");
														_v1672 = r12d;
														_t887 = _v1512;
														r8d = r13w;
														_v1924 = _t887;
														asm("cmc");
														_t1040 = (_t1159 << 0x00000020 | _t997) >> 0xf5 << 0x4e;
														_v1668 = _t887;
														_t888 = _v1476;
														_v1928 = _t888;
														__eflags = r14b - r15b;
														r8d = r8d << 0x55;
														asm("dec esp");
														_v1664 = _t888;
														asm("rdtsc");
														__eflags = _t1040 - 0x60d4;
														asm("cdq");
														_v1660 = r13d;
														asm("bt dx, 0x47");
														asm("bt di, 0x13");
														dil =  !dil;
														__eflags = _t1118 << 0x000000c0 & _t970;
														r8w = 0x7aff;
														asm("stc");
														_t1451 =  !=  ? _t1265 : _t1448;
														asm("inc cx");
														asm("cwd");
														_t1118 = spl & 0xffffffff;
														_v1888 = _t1510 - _t1233 + _v1848 + 1;
														asm("cwd");
														r8d = r8w;
														_t1469 =  &_v1888;
														_t1391 =  &_v1296;
														asm("bswap ecx");
														_t1041 =  <=  ? r14d : _t1040;
														_t997 = _v1408;
														_t1302 = 0x1b291a78;
														E1B236E40(_v1408, 0x1b291a78, _t1391,  &_v1888);
														_v1208 = _t1462;
														_t1241 =  *((intOrPtr*)(0x1b291a80));
														r12d = r12d | _t997;
														asm("inc bp");
														_v1864 =  *((intOrPtr*)(0x1b291a80));
														r12d =  !r12d;
														_v1208 = 0x1b291a78;
														_t1499 = _v1296;
														asm("stc");
														__eflags = r8b & 0x000000fb;
														__eflags = _t1499;
														if(__eflags == 0) {
															L282:
															E1B259280(_t1241, _t1391, _t1469);
															_t1233 = _v1864;
															dil = 0x13;
															dil = dil + 1;
															__eflags = dil;
															L283:
															_t1448 = _v1288;
															asm("clc");
															__eflags = _t1448 - _t1233;
															if(__eflags != 0) {
																__eflags = _t1499;
																if(__eflags == 0) {
																	E1B259280(_t1233, _t1391, _t1469);
																}
																__eflags = _t1448 -  *((intOrPtr*)(_t1499 + 8));
																if(__eflags == 0) {
																	E1B259280(_t1233, _t1391, _t1469);
																}
																__eflags =  *((intOrPtr*)(_t1448 + 0x20)) - r15d;
																if(__eflags != 0) {
																	L306:
																	_t1302 = 0x1b291a78;
																	_t838 = E1B238B50(_t1265, 0x1b291a78,  &_v1888, _t1448, _t1462, _t1464, _t1499, _t1510);
																	_t1391 =  &_v1680;
																	asm("inc sp");
																	dil = dil - 1;
																	 *_t1233 =  *_t1391;
																	asm("bsf edi, ebx");
																	asm("adc di, sp");
																	dil = dil >> 0xd4;
																	 *(_t1233 + 4) = _t1391[0];
																	__eflags = r8b - bpl;
																	 *(_t1233 + 8) = _t1391[1];
																	asm("dec eax");
																	asm("bts di, dx");
																	_t1448 = _t1185;
																	 *(_t1233 + 0xc) = _t1391[1];
																	asm("inc esp");
																	 *(_t1233 + 0x10) = _t1391[2];
																	dil = r10b;
																	_t997 = _t1391[2];
																	 *(_t1233 + 0x14) = _t997;
																	asm("inc cx");
																	_t1159 = _v1412;
																	asm("cmc");
																	__eflags = r15w & 0x000034e1;
																	goto L308;
																}
																__eflags =  *((intOrPtr*)(_t1448 + 0x24)) - r14d;
																if(__eflags != 0) {
																	goto L306;
																}
																__eflags =  *((intOrPtr*)(_t1448 + 0x28)) - _v1944;
																if( *((intOrPtr*)(_t1448 + 0x28)) != _v1944) {
																	goto L306;
																}
																asm("clc");
																__eflags =  *((intOrPtr*)(_t1448 + 0x2c)) - _v1924;
																if( *((intOrPtr*)(_t1448 + 0x2c)) != _v1924) {
																	goto L306;
																}
																_t838 = _v1928;
																asm("clc");
																r9b & 0x000000a3 =  *((intOrPtr*)(_t1448 + 0x30)) - _t838;
																if( *((intOrPtr*)(_t1448 + 0x30)) != _t838) {
																	goto L306;
																}
																__eflags =  *((intOrPtr*)(_t1448 + 0x34)) - r13d;
																if(__eflags != 0) {
																	goto L306;
																}
																_v1832 = _t1184;
																dil = __eflags >= 0;
																asm("bswap edi");
																_t1159 = _v1412;
																goto L308;
															}
															_t838 = E1B238B50(_t1265, 0x1b291a78,  &_v1888, _t1448, _t1462, _t1464, _t1499, _t1510);
															_t1391 =  &_v1680;
															_t1455 =  >=  ? _t1448 : _t1448;
															 *_t1233 =  *_t1391;
															 *(_t1233 + 4) = _t1391[0];
															_t1302 =  !_t838;
															dil = 0x1e;
															 *(_t1233 + 8) = _t1391[1];
															 *(_t1233 + 0xc) = _t1391[1];
															dil = __eflags < 0;
															 *(_t1233 + 0x10) = _t1391[2];
															_t997 = _t1391[2];
															asm("bswap edi");
															dil = __eflags < 0;
															 *(_t1233 + 0x14) = _t997;
															_t1448 =  !=  ? _t1464 : _t1455;
															_t1159 = _v1412;
															goto L308;
														}
														__eflags = _t1499 - 0x1b291a78;
														if(__eflags == 0) {
															goto L283;
														}
														goto L282;
													}
													__eflags = _v1416;
													if(__eflags <= 0) {
														goto L274;
													}
													_v1656 = _t1184;
													_v1656 = r15d;
													_v1652 = r14d;
													asm("clc");
													_v1648 = r12d;
													_t1242 = r11w;
													_t898 = _v1512;
													_v1924 = _t898;
													__eflags = r11w & r12w;
													_v1644 = _t898;
													asm("dec eax");
													_t899 = _v1476;
													r10b - 0xe1 = _t1186 & _t997;
													_v1928 = _t899;
													_v1640 = _t899;
													_v1636 = _t1159;
													__eflags =  *(_t1265 + 0x33c);
													if(__eflags == 0) {
														_t1476 =  *((intOrPtr*)(_t1265 + 0x348));
														spl & 0x000000eb = sil & r10b;
														_t1419 =  *((intOrPtr*)(_t1476 + 0x3c)) + _t1476;
														__eflags = _t997 - 0x34e0;
														asm("clc");
														__eflags =  *((short*)( *((intOrPtr*)(_t1476 + 0x3c)) + _t1476 + 0x18)) - 0x20b;
														if(__eflags != 0) {
															_t997 = _t1159;
															_t899 = E1B240A60(_t997, _t1242, _t1419, _t1476, _t1492);
															L244:
															_v1784 = _t1242;
															asm("cwd");
															asm("dec eax");
															_t1469 =  &_v1784;
															_t1118 = _t899 & 0x000000ff;
															_t1391 =  &_v1280;
															r12b = __eflags == 0;
															r12w =  !r12w;
															_t1054 =  <  ? _t1159 : _t997;
															_t997 =  <  ? _t1159 : _t997;
															_t1302 = 0x1b291a60;
															E1B236E40(_t899, 0x1b291a60, _t1391,  &_v1784);
															_v1240 = _t1462;
															_t1243 =  <  ? _t1466 : _t1242;
															_t1244 =  *((intOrPtr*)(0x1b291a68));
															r13w = r13w - 0x75cd;
															_v1864 =  *((intOrPtr*)(0x1b291a68));
															_v1240 = 0x1b291a60;
															_t1510 = _v1280;
															asm("cmc");
															__eflags = _t1510;
															if(__eflags == 0) {
																L249:
																E1B259280(_t1244, _t1391, _t1469);
																_t1233 = _v1864;
																asm("inc bp");
																L250:
																_t1501 = _v1272;
																asm("clc");
																__eflags = _t1501 - _t1233;
																if(__eflags != 0) {
																	__eflags = _t1510;
																	if(_t1510 == 0) {
																		E1B259280(_t1233, _t1391, _t1469);
																	}
																	__eflags = _t1501 -  *((intOrPtr*)(_t1510 + 8));
																	if(__eflags == 0) {
																		E1B259280(_t1233, _t1391, _t1469);
																	}
																	__eflags =  *((intOrPtr*)(_t1501 + 0x20)) - r15d;
																	if(__eflags != 0) {
																		L273:
																		asm("dec eax");
																		_t838 = E1B238B50(_t1265, 0x1b291a60,  &_v1784, _t1448, _t1462, _t1464, _t1501, _t1510);
																		_t1391 =  &_v1656;
																		r13w = r13w + 1;
																		asm("inc ecx");
																		r12w = r12w | r8w;
																		 *_t1233 =  *_t1391;
																		asm("dec eax");
																		 *(_t1233 + 4) = _t1391[0];
																		_t1302 = _t1186 & 0x0000ffff;
																		_t1059 = _t1391[1];
																		dil =  ~dil;
																		 *(_t1233 + 8) = _t1059;
																		r12w = _t1059;
																		_t1448 = _t1448 ^ 0x5e6c1fe7;
																		 *(_t1233 + 0xc) = _t1391[1];
																		_t1062 = _t1391[2];
																		 *(_t1233 + 0x10) = _t1062;
																		dil = dil >> _t1062;
																		_t997 = _t1391[2];
																		 *(_t1233 + 0x14) = _t997;
																		r12d = r9w;
																		r12b = r12b << 0x91;
																		_t1159 = _v1412;
																		r12w = bpl & 0xffffffff;
																		asm("inc ecx");
																		r12d = _v1944;
																		__eflags = _t1118 & 0x00000212;
																		r13w =  !r13w;
																		goto L274;
																	}
																	__eflags =  *((intOrPtr*)(_t1501 + 0x24)) - r14d;
																	if(__eflags != 0) {
																		goto L273;
																	}
																	__eflags = _t1118 & 0x0000006e;
																	asm("cmc");
																	asm("stc");
																	__eflags =  *((intOrPtr*)(_t1501 + 0x28)) - _v1944;
																	if(__eflags != 0) {
																		goto L273;
																	}
																	__eflags =  *((intOrPtr*)(_t1501 + 0x2c)) - _v1924;
																	if(__eflags != 0) {
																		goto L273;
																	}
																	_t838 = _v1928;
																	__eflags = r9b - 0xa9;
																	__eflags =  *((intOrPtr*)(_t1501 + 0x30)) - _t838;
																	if(__eflags != 0) {
																		goto L273;
																	}
																	__eflags =  *((intOrPtr*)(_t1501 + 0x34)) - _t1159;
																	if(__eflags != 0) {
																		goto L273;
																	}
																	_v1876 = _t1184;
																	r12w = r11b & 0xffffffff;
																	_t1159 = _v1412;
																	r12w = bpl;
																	r12d = _v1944;
																	goto L274;
																}
																_t838 = E1B238B50(_t1265, 0x1b291a60,  &_v1784, _t1448, _t1462, _t1464, _t1501, _t1510);
																_t1391 =  &_v1656;
																 *_t1233 =  *_t1391;
																 *(_t1233 + 4) = _t1391[0];
																r12d = r15w;
																_t1067 = _t1391[1];
																r12d = _t1067;
																asm("bswap edi");
																r12b = dil;
																dil = r12b;
																 *(_t1233 + 8) = _t1067;
																_t1302 = r10d;
																asm("bswap edi");
																 *(_t1233 + 0xc) = _t1391[1];
																 *(_t1233 + 0x10) = _t1391[2];
																_t997 = _t1391[2];
																_t1448 = _t1118;
																 *(_t1233 + 0x14) = _t997;
																_t1159 = _v1412;
																r12b = __eflags;
																r12d = _v1944;
																goto L274;
															}
															__eflags = _t1510 - 0x1b291a60;
															if(__eflags == 0) {
																goto L250;
															}
															goto L249;
														}
														_t997 = _t1159;
														_t899 = E1B240A60(_t997, _t1242, _t1419, _t1476, _t1492);
														goto L244;
													}
													_t1242 = _t1448 +  *((intOrPtr*)(_t1265 + 0x348));
													goto L244;
												}
												_t997 = _v1524;
												_t1464 & 0x45b20feb = _t838 - _t997;
												if(_t838 >= _t997) {
													L206:
													_t838 = _t838 - _t997;
													__eflags = _t838 - 0x13c680;
													if(__eflags <= 0) {
														goto L227;
													}
													_t1233 =  *((intOrPtr*)(0x1b291a28));
													__eflags =  *(_t1233 + 0xcc);
													if( *(_t1233 + 0xcc) != 0) {
														L220:
														_t997 = 4;
														L1B2A202C();
														__eflags = _t1158 - _v1524 - 0x278d00;
														if(__eflags <= 0) {
															goto L227;
														}
														 *( *((intOrPtr*)(0x1b291a28)) + 0x10) = 1;
														_t1330 =  *((intOrPtr*)(0x1b291a28));
														_t1233 = r10d;
														_t907 = _v1460;
														 *((intOrPtr*)(_t1330 + 0xc)) = _t907;
														_t1302 = r14w & 0xffffffff;
														E1B2A6D44();
														_t997 = 0;
														_t838 = E1B259A10(0, _t1233, _t1265, _t1448, _t1462, _t1496);
														goto L227;
													}
													_t1302 = "This application is protected by DNGuard HVM demo version!.";
													_t838 = E1B29B000(_t838, _t970, _t1118, _t1158, _t1184, _t1185, _t1391, _t1448, _t1462, _t1469);
													_t1492 =  *((intOrPtr*)(0x1b291a28));
													asm("stc");
													__eflags =  *(_t1492 + 4);
													if(__eflags == 0) {
														goto L220;
													}
													 *(_t1492 + 0x10) = 1;
													_t1331 =  *((intOrPtr*)(0x1b291a28));
													_t908 = _a24282;
													 *((intOrPtr*)(_t1331 + 0xc)) = _t908;
													__eflags = 0xffffffff - 0x68b84ee0;
													__eflags = _a23830;
													if(__eflags == 0) {
														L218:
														_a23830 = _t1184;
														asm("cmc");
														goto L428;
													}
													LeaveCriticalSection();
													goto L218;
												}
												_t1233 =  *((intOrPtr*)(0x1b291a28));
												__eflags =  *(_t1233 + 0xcc);
												if( *(_t1233 + 0xcc) != 0) {
													L204:
													E1B29F94A(_t838);
													_t997 = 0;
													_t838 = E1B259A10(0, _t1233, _t1265, _t1448, _t1462, _t1496);
													goto L206;
												}
												_t1302 = "This application is protected by DNGuard HVM demo version!";
												L1B29F2AC();
												_t1391 =  *((intOrPtr*)(0x1b291a28));
												__eflags = _t1391[0];
												if(__eflags == 0) {
													goto L204;
												}
												__eflags = _v1912;
												if(__eflags == 0) {
													L203:
													_v1912 = _t1184;
													goto L428;
												}
												LeaveCriticalSection();
												goto L203;
											}
											_t912 = E1B23B9E0(_t1233, _t1264,  &_v1528, _t1447, _t1462, _t1464, _t1469, _t1479);
											_t1422 = _t1233;
											r14w = r9b & 0xffffffff;
											_v1952 = r15d;
											_t1523 =  >=  ? _t1489 : _t1519;
											r14d = _v1900;
											asm("dec ecx");
											r15b = r14w;
											_v1960 = r14d;
											r15d = r14w & 0xffffffff;
											_t1479 = r15w & 0xffffffff;
											r15d = _v1896;
											r9d = r15d;
											_t1469 = _v1936;
											_t1077 = r15b & 0xffffff00 | __eflags != 0x00000000;
											_t1336 = _t1447;
											E1B38E9F0(_t912, _t970, _t1077, _t1116, _t1158, _t1185, _t1186, _t1233, _t1264, _t1336, _t1422, _t1447, _t1462, _t1469, _t1479, _t1489, _t1496, _t1510, 0xffffffff, _t1523); // executed
											_t1265 = _t1233;
											goto L191;
										}
										_v1504 = _t1184;
										_v1500 = _t1184;
										_v1484 = _t1184;
										_t1248 =  *((intOrPtr*)(0x1b28fd00));
										 *((intOrPtr*)(_t1248 + 0x18))();
										_v1176 = _t1248;
										_t219 = _t1248 + 0x18; // 0x18
										_t1459 = _t219;
										_v1936 = _t219;
										_t1250 =  *((intOrPtr*)(0x1b28fd00));
										 *((intOrPtr*)(_t1250 + 0x18))();
										_v1248 = _t1250;
										_t225 = _t1250 + 0x18; // 0x18
										_t1264 = _t225;
										_t1496 = _t1496 - 1;
										asm("inc ecx");
										_v1824 = _t1264;
										__eflags = r12b & 0x00000010;
										r12d = _t1184;
										asm("cmc");
										asm("inc ecx");
										_v1712 = _t1184;
										asm("btc eax, ebp");
										_t1510 = _t1510 - 4;
										_t1300 = _t970;
										_v1352 = _t1510;
										asm("bt ecx, 0x19");
										_t1082 =  *_t1510;
										asm("rcl ah, 0x95");
										_v1368 = _t1082;
										__eflags = _t1082 & r14w;
										_t234 = _t1300 - 5; // 0xf5
										_t924 = _t234;
										__eflags = r8b - r9b;
										__eflags = _t924 - 0x3fa;
										if(__eflags > 0) {
											L153:
											_t1233 =  *((intOrPtr*)(0x1b291a28));
											r15b - 0xab = _t1082 - _t1082;
											__eflags = r9w & _t924;
											__eflags =  *(_t1233 + 0xcc);
											if(__eflags == 0) {
												__eflags = r12d;
												if(__eflags == 0) {
													r8b = r8b + 1;
													r8b = r8b | 0x0000005f;
													asm("rcl ch, cl");
													r8b = r8b + 1;
													_t1445 = "Your trial period has expired,<br />please contact your software provider.";
													asm("repne scasb");
													asm("dec eax");
													asm("inc ecx");
													_t1469 = r8w;
													_t1116 = r15b;
													_v1848 = _t1082;
													r8d = _t1082;
													_t1424 = "Your trial period has expired,<br />please contact your software provider.";
													_t997 = 0;
													E1B231380(_t970, _t1158, _t1264,  &_v1936, "Your trial period has expired,<br />please contact your software provider.", "Your trial period has expired,<br />please contact your software provider.", _t1462, _t1464, _t1496);
													L167:
													_t1300 = _v1936;
													E1B29BB38(_t970, _t997, _t1185, _t1233, _t1424);
													__eflags =  *( *((intOrPtr*)(0x1b291a28)) + 4);
													if(__eflags == 0) {
														L182:
														__eflags = 0;
														E1B259A10(0, _t1233, _t1264, _t1445, _t1462, _t1496);
														_t1085 =  >  ? _t1184 : 0;
														goto L183;
													}
													_v1328 = _t1264 + 0xffffffe8;
													asm("clc");
													asm("lahf");
													asm("stc");
													asm("cmc");
													asm("lock xadd [ebx+0x10], eax");
													__eflags = _t997 & r12b;
													__eflags = r14d + 0xffffffff;
													if(__eflags <= 0) {
														 *((intOrPtr*)( *((intOrPtr*)( *_v1328)) + 8))();
													}
													__eflags = r10w - _t1185;
													_t1253 = _v1936 + 0xffffffe8;
													asm("clc");
													__eflags = _t1445 & 0x11300471;
													_v1864 = _t1253;
													__eflags = r11b - 0x8e;
													asm("clc");
													asm("lock inc esp");
													asm("clc");
													__eflags = r11b - bpl;
													r14d = r14d + 0xffffffff;
													asm("stc");
													r11w & 0x00003611 = bpl - 0x86;
													__eflags = r14d;
													if (r14d > 0) goto 0x1b390142;
													_t1254 =  *((intOrPtr*)( *_v1864));
													 *((intOrPtr*)(_t1254 + 8))();
													asm("stc");
													__eflags = _v1912;
													if(__eflags == 0) {
														L180:
														_v1912 = _t1184;
														goto L428;
													}
													LeaveCriticalSection();
													goto L180;
												}
												_t1469 = "<br />";
												_t1424 = 0x1b26df6c;
												E1B236AF0(_t1082, _t1233, _t1264,  &_v1936, 0x1b26df6c, _t1459, _t1462, _t1464, "<br />", _t1496, _t1510, 0xffffffff, _t1519);
												goto L167;
											}
											__eflags = r12d;
											if(__eflags != 0) {
												r9d = 0x40;
												_t1469 = _t1264;
												asm("clc");
												__eflags = r10w - 0x2d71;
												MessageBoxA();
												goto L182;
											}
											_t1087 = _t1496 + 1;
											L1B29D8EC(_t924, _t970, _t1087, _t1116, _t1185, _t1233, _t1264, _t1300, _t1389, _t1459, 0xffffffff);
											goto L182;
										}
										r12d = 1;
										_v1712 = r12d;
										asm("bsf di, si");
										asm("rcr ax, 0x85");
										asm("inc esp");
										_t1460 = _t1300;
										asm("stc");
										__eflags = r9b - 0x49;
										_t1259 = 0xfffffffc - _t1300;
										asm("stc");
										_t1510 = _t1510 + 0xfffffffc;
										_v1352 = _t1510;
										_t945 = L1B257D70(_t1259, _t1300);
										_v1168 = 0xfffffffc;
										_v1152 = 0xfffffffc;
										_v1136 = _t1510;
										_t1148 =  >=  ? _t1158 : ((_t1116 | 0x0000680f | r9w) << _t1082 << 0x00000020 | r9d) << 0x43;
										_t1429 = _t1462;
										__eflags = r9d & _t1082;
										_v1336 = _t1462;
										r14w - 0x341c = _t1496 & _t1429;
										asm("clc");
										while(1) {
											__eflags = _t1429 - _t1460;
											if(__eflags >= 0) {
												_v1112 = 0x8b;
												asm("rol dl, cl");
												asm("bsf dx, ax");
												_v1111 = 0xf8;
												asm("dec esp");
												asm("dec eax");
												_v1110 = 0x3b;
												_v1109 = 0xfb;
												_v1108 = 0xf;
												_v1107 = 0x84;
												__eflags = _t1186 & r14w;
												_v1106 = 0xbf;
												_v1105 = 0x19;
												asm("ror dl, 0xe9");
												asm("inc cx");
												_v1104 = 0x28;
												asm("ror dl, cl");
												_v1103 = 0;
												_v1102 = 0xc7;
												_v1101 = 0x45;
												_v1100 = 0xe8;
												_v1099 = r12b;
												asm("btr dx, 0x3");
												_v1098 = 0;
												_v1097 = 0;
												asm("bts dx, si");
												_t1432 = _t1462;
												asm("clc");
												__eflags = r15w & _t1148 >> 0x00000055 & 0x0000009f;
												_v1320 = _t1462;
												asm("stc");
												__eflags = r15b & spl;
												while(1) {
													__eflags = _t1432 - _t1460;
													if(__eflags >= 0) {
														__eflags = 0xfffffffc;
														if(0xfffffffc != 0) {
															_t945 = 0;
															__eflags = 0;
															_t1088 = r10w & 0xffffffff;
															_t1460 = 0xfffffffc;
															asm("rcl dh, 0xef");
															asm("bsf dx, sp");
															asm("repne scasb");
															r8w = r9b & 0xffffffff;
															r8w = 0x702a;
															asm("inc ebp");
															_v1924 = _t1088;
															asm("cdq");
															r8b =  !r8b;
															asm("bswap edx");
															L149:
															r8d = _t1088;
															_t290 =  &_v1936; // 0x39
															_t1354 = _t290;
															E1B231380(_t970, _t1158, 0xfffffffc, _t1354, 0xfffffffc, _t1460, _t1462, _t1464, _t1496);
															L1B259C50(_t1259, 0xfffffffc);
															r9b = 0xa;
															r8d = 0;
															_t1389 = _v1936;
															asm("dec eax");
															_t1093 = r15b & 0xffffff00 | __eflags < 0x00000000;
															_t294 =  &_v1824; // 0xa9
															_t1356 = _t294;
															E1B236EC0(_t1158, _t1259, 0xfffffffc, _t1356, _t1389, _t1460, _t1462, _t1464, _t1496);
															_t1264 = _v1824;
															r8d =  *(_t1264 - 0x10);
															asm("bsf cx, dx");
															_v1816 = r8d;
															r8d = r8d + r12d;
															_t1082 = (_t1093 ^ r8d ^ 0x000000f4) >> (_t1093 ^ r8d ^ 0x000000f4);
															_t1116 = 0;
															_t298 =  &_v1936; // 0x39
															_t1300 = _t298;
															_t924 = E1B236700(0, _t1264, _t298, _t1389, _t1460, _t1462, _t1464, _t1469, _t1479, _t1496);
															_t1459 = _v1936;
															asm("dec ecx");
															goto L153;
														}
														_t1088 = _t1184;
														_v1924 = _t1184;
														goto L149;
													}
													__eflags = r13b - 0x4f;
													_t1097 =  *((intOrPtr*)(_t1466 + _t1259 + 0x370));
													_t945 =  *((intOrPtr*)(_t1432 + 0xfffffffc));
													asm("cmc");
													__eflags = _t970 & _t1097;
													_t1082 = _t1097 ^ _t945;
													 *((char*)(_t1432 + 0xfffffffc)) = _t1097 ^ _t945;
													__eflags = r8w - 0x45c5;
													_t1432 = _t1432 + _t1496;
													_v1320 = _t1432;
												}
											}
											_t1082 =  *(_t1429 + _t1510) & 0x000000ff;
											r10b - 0xa2 = bpl & r14b;
											 *((char*)(_t1429 + _t1259)) =  *(_t1429 + _t1510) & 0x000000ff;
											__eflags = _t1460 - _t1492;
											_t1429 = _t1429 + _t1496;
											_v1336 = _t1429;
										}
									}
									__eflags = _v1404 - 0xc88;
									if(__eflags >= 0) {
										goto L121;
									}
									_t1233 =  *((intOrPtr*)(0x1b291a28));
									_t1462 & _t1295 = r15w - 0x4b6;
									__eflags =  *(_t1233 + 0xcc);
									if(__eflags == 0) {
										L119:
										E1B259A10(0, _t1233, _t1264, _t1445, _t1462, _t1496);
										goto L121;
									}
									E1B29B028(_t831, _t970, _t1116, _t1158, _t1184, _t1185, __eflags, _t1233, _t1295, _t1389, _t1445, _t1462, _t1469);
									goto L119;
								}
								_v1736 = _t1462;
								r8b = r11b & 0xffffffff;
								_t1114 = r8b;
								r9d = r11w;
								_t1479 =  &_v1748;
								_t1469 =  &_v1736;
								asm("cwd");
								_t1435 = "\\StringFileInfo\\040904B0\\ProductName";
								_t1100 = r12w;
								L1B26C214();
								__eflags = _t831;
								if(__eflags == 0) {
									_t1479 =  &_v1748;
									r8w = spl;
									r8w = r14b & 0xffffffff;
									_t1469 =  &_v1736;
									_t1435 = "\\StringFileInfo\\000004B0\\ProductName";
									VerQueryValueA(??, ??, ??, ??);
								}
								_t1496 = _v1736;
								__eflags = _t1100 - _t1184;
								asm("cmc");
								__eflags = _t1496;
								if(_t1496 == 0) {
									L105:
									_t1292 = _t1264;
									_t831 = L1B259C50(_t1232, _t1292);
									goto L107;
								}
								_v1792 = _t1496;
								_t1360 = _t1496;
								E1B26C490(_t1184, _t1232, _t1360, _t1435, _t1445, _t1462, _t1464, _t1469, _t1479, _t1489, _t1496, _t1510, 0xffffffff, _t1519);
								dil = dil - 6;
								r15w = r15w + 1;
								asm("dec ecx");
								r15b =  !r15b;
								asm("repne scasb");
								asm("dec esp");
								r15w = r10b;
								_v1768 = r15d;
								asm("inc eax");
								_t1158 = _t1184;
								_v1728 = _t1184;
								while(1) {
									__eflags = _t1158 - r15d;
									if(__eflags >= 0) {
										_t1445 = _v1816;
										r15w = spl & 0xffffffff;
										_t1519 = _t1114;
										r15d = _v1880;
										goto L105;
									}
									r8d = 8;
									_t1436 = _t1496;
									_t997 = 0;
									_t956 = E1B23AA90(0, _t1436, _t1479, _t1492);
									__eflags = _t956 - _v1928;
									if(__eflags != 0) {
										_t1496 = _t1496 + 1;
										__eflags = _t956 - 0x748e;
										_v1792 = _t1496;
										__eflags = r10b - _t1114;
										_t1158 = _t1158 + 1;
										_v1728 = _t1158;
										continue;
									}
									_t1363 = _t1264;
									L1B259C50(_t1232, _t1363);
									__eflags = _v1912;
									if(__eflags == 0) {
										L100:
										_v1912 = _t1184;
										goto L428;
									}
									LeaveCriticalSection();
									goto L100;
								}
							}
							r15d = _t1184;
							_v1880 = _t1184;
							asm("stc");
							_t1260 =  &_v1900;
							_v1960 = _t1260;
							_t1479 =  &_v1896;
							_t1469 = _t1445;
							_t1114 = 0;
							asm("bswap ecx");
							_t1292 = _t1496;
							_t831 = E1B38D750(_t970, 0, _t1158, _t1185, _t1186, __eflags, _t1260, _t1264, _t1292, _t1445, _t1462, _t1469, _t1479, _t1489, _t1492, _t1496, _t1510, 0xffffffff, _t1519);
							_t1510 = _t1260;
							_v1720 = _t1260;
							_t1232 = _t1496;
							_v1936 = _t1496;
							__eflags = spl - 0x9e;
							_v1760 = _t1496;
							__eflags = _t1510;
							if(__eflags != 0) {
								goto L78;
							}
							__eflags = _t1264;
							if(_t1264 == 0) {
								L72:
								__eflags = _v1912;
								if(__eflags == 0) {
									L76:
									_v1912 = _t1184;
									goto L428;
								}
								LeaveCriticalSection();
								goto L76;
							}
							_t1367 = _t1264;
							L1B259C50(_t1232, _t1367);
							goto L72;
						}
						_t1197 = _t1441 - _t1377;
						if(_t1197 == 0) {
							goto L21;
						} else {
							goto L20;
						}
					}
					_t1195 = _t1439 -  *((intOrPtr*)(_t1275 + 0x18));
					if(_t1195 < 0) {
						goto L16;
					} else {
						_t1276 =  &_v1312;
						goto L17;
					}
				} else {
					do {
						_t1192 =  *((intOrPtr*)(_t1226 + 0x18)) - _t1439;
						if(_t1192 >= 0) {
							_t1275 = _t1226;
							__eflags = r12b - r12b;
							_t1226 =  *_t1226;
							_t970 & _t814 = bpl - r15b;
							asm("stc");
						} else {
							_t1226 =  *((intOrPtr*)(_t1226 + 0x10));
						}
					} while ( *((intOrPtr*)(_t1226 + 0x29)) == sil);
					goto L11;
				}
			}





































































































































































































































































































































                                                                                                                                  0x1b238ff0
                                                                                                                                  0x1b238ff0
                                                                                                                                  0x1b238ff0
                                                                                                                                  0x1b238ff0
                                                                                                                                  0x1b238ff0
                                                                                                                                  0x1b238ff0
                                                                                                                                  0x1b238ff0
                                                                                                                                  0x1b238ff0
                                                                                                                                  0x1b238ff0
                                                                                                                                  0x1b238ff0
                                                                                                                                  0x1b238ff0
                                                                                                                                  0x1b238ff0
                                                                                                                                  0x1b238ff0
                                                                                                                                  0x1b238ff0
                                                                                                                                  0x1b38f048
                                                                                                                                  0x1b38f04e
                                                                                                                                  0x1b38f05c
                                                                                                                                  0x1b38f068
                                                                                                                                  0x1b38f06c
                                                                                                                                  0x1b38f073
                                                                                                                                  0x1b38f078
                                                                                                                                  0x1b38f084
                                                                                                                                  0x1b38f08c
                                                                                                                                  0x1b38f08f
                                                                                                                                  0x1b38f093
                                                                                                                                  0x1b38f096
                                                                                                                                  0x1b38f09d
                                                                                                                                  0x1b38f0a1
                                                                                                                                  0x1b38f0a4
                                                                                                                                  0x1b38f0bc
                                                                                                                                  0x1b38f0c0
                                                                                                                                  0x1b38f0c4
                                                                                                                                  0x1b38f0d3
                                                                                                                                  0x1b38f0db
                                                                                                                                  0x1b38f0de
                                                                                                                                  0x1b38f0e2
                                                                                                                                  0x1b38f0e9
                                                                                                                                  0x1b38f0f9
                                                                                                                                  0x1b38f0fa
                                                                                                                                  0x1b38f102
                                                                                                                                  0x1b38f111
                                                                                                                                  0x1b38f122
                                                                                                                                  0x1b38f13a
                                                                                                                                  0x1b38f140
                                                                                                                                  0x1b38f148
                                                                                                                                  0x1b38f14f
                                                                                                                                  0x1b38f151
                                                                                                                                  0x1b38f15c
                                                                                                                                  0x1b38f15e
                                                                                                                                  0x1b38f160
                                                                                                                                  0x1b38f175
                                                                                                                                  0x1b38f178
                                                                                                                                  0x1b38f180
                                                                                                                                  0x1b38f18d
                                                                                                                                  0x1b38f18d
                                                                                                                                  0x1b38f191
                                                                                                                                  0x1b38f199
                                                                                                                                  0x1b38f19a
                                                                                                                                  0x1b38f1a2
                                                                                                                                  0x1b38f1a3
                                                                                                                                  0x1b38f1a4
                                                                                                                                  0x1b38f1ad
                                                                                                                                  0x1b38f1e7
                                                                                                                                  0x1b38f1e7
                                                                                                                                  0x1b38f1fb
                                                                                                                                  0x1b38f205
                                                                                                                                  0x1b38f206
                                                                                                                                  0x1b38f206
                                                                                                                                  0x1b38f20d
                                                                                                                                  0x1b38f234
                                                                                                                                  0x1b38f234
                                                                                                                                  0x1b38f23c
                                                                                                                                  0x1b38f248
                                                                                                                                  0x1b38f250
                                                                                                                                  0x1b38f250
                                                                                                                                  0x1b38f253
                                                                                                                                  0x1b38f25b
                                                                                                                                  0x1b38f25f
                                                                                                                                  0x1b38f266
                                                                                                                                  0x1b38f269
                                                                                                                                  0x1b38f269
                                                                                                                                  0x1b38f278
                                                                                                                                  0x1b38f27b
                                                                                                                                  0x1b38f27f
                                                                                                                                  0x1b38f282
                                                                                                                                  0x1b38f287
                                                                                                                                  0x1b38f28a
                                                                                                                                  0x1b38f28f
                                                                                                                                  0x1b38f295
                                                                                                                                  0x1b38f299
                                                                                                                                  0x1b38f29d
                                                                                                                                  0x1b38f2a3
                                                                                                                                  0x1b38f2a7
                                                                                                                                  0x1b38f2a7
                                                                                                                                  0x1b38f2ab
                                                                                                                                  0x1b38f2b3
                                                                                                                                  0x1b38f2b6
                                                                                                                                  0x1b38f2c1
                                                                                                                                  0x1b38f2d5
                                                                                                                                  0x1b38f2d5
                                                                                                                                  0x1b38f2da
                                                                                                                                  0x1b38f2da
                                                                                                                                  0x1b38f2e2
                                                                                                                                  0x1b38f2e6
                                                                                                                                  0x1b38f2ec
                                                                                                                                  0x1b38f2f4
                                                                                                                                  0x1b38f2fa
                                                                                                                                  0x1b38f2fa
                                                                                                                                  0x1b38f303
                                                                                                                                  0x1b38f30f
                                                                                                                                  0x1b38f30f
                                                                                                                                  0x1b38f303
                                                                                                                                  0x1b38f31b
                                                                                                                                  0x1b38f32e
                                                                                                                                  0x1b38f332
                                                                                                                                  0x1b38f336
                                                                                                                                  0x1b38f33f
                                                                                                                                  0x1b38f353
                                                                                                                                  0x1b38f35d
                                                                                                                                  0x1b38f368
                                                                                                                                  0x1b38f36b
                                                                                                                                  0x1b38f37d
                                                                                                                                  0x1b38f393
                                                                                                                                  0x1b38f398
                                                                                                                                  0x1b38f39b
                                                                                                                                  0x1b38f39d
                                                                                                                                  0x1b38f3a5
                                                                                                                                  0x1b38f3a9
                                                                                                                                  0x1b38f3be
                                                                                                                                  0x1b38f3c8
                                                                                                                                  0x1b38f3cb
                                                                                                                                  0x1b38f3db
                                                                                                                                  0x1b38f3e0
                                                                                                                                  0x1b38f3e6
                                                                                                                                  0x1b38f3ef
                                                                                                                                  0x1b38f3fe
                                                                                                                                  0x1b38f3ff
                                                                                                                                  0x1b38f407
                                                                                                                                  0x1b38f40d
                                                                                                                                  0x1b38f410
                                                                                                                                  0x1b38f418
                                                                                                                                  0x1b38f432
                                                                                                                                  0x1b38f437
                                                                                                                                  0x1b38f43f
                                                                                                                                  0x1b38f440
                                                                                                                                  0x1b38f44d
                                                                                                                                  0x1b38f452
                                                                                                                                  0x1b38f458
                                                                                                                                  0x1b38f460
                                                                                                                                  0x1b38f465
                                                                                                                                  0x1b38f468
                                                                                                                                  0x1b38f46c
                                                                                                                                  0x1b38f474
                                                                                                                                  0x1b38f47c
                                                                                                                                  0x1b38f47f
                                                                                                                                  0x1b38f486
                                                                                                                                  0x1b38f489
                                                                                                                                  0x1b38f48e
                                                                                                                                  0x1b38f491
                                                                                                                                  0x1b38f492
                                                                                                                                  0x1b38f4a9
                                                                                                                                  0x1b38f4ae
                                                                                                                                  0x1b38f4b5
                                                                                                                                  0x1b38f4be
                                                                                                                                  0x1b38f4c3
                                                                                                                                  0x1b38f4c6
                                                                                                                                  0x1b38f4ca
                                                                                                                                  0x1b38f4d2
                                                                                                                                  0x1b38f4de
                                                                                                                                  0x1b38f4e4
                                                                                                                                  0x1b38f4e9
                                                                                                                                  0x1b38f511
                                                                                                                                  0x1b38f516
                                                                                                                                  0x1b38f516
                                                                                                                                  0x1b38f51a
                                                                                                                                  0x1b38f525
                                                                                                                                  0x1b38f529
                                                                                                                                  0x1b38f531
                                                                                                                                  0x1b38f549
                                                                                                                                  0x1b38f54e
                                                                                                                                  0x1b38f555
                                                                                                                                  0x1b38f55b
                                                                                                                                  0x1b38f563
                                                                                                                                  0x1b38f56f
                                                                                                                                  0x1b38f577
                                                                                                                                  0x1b38f57b
                                                                                                                                  0x1b38f57f
                                                                                                                                  0x1b38f582
                                                                                                                                  0x1b38f584
                                                                                                                                  0x1b38f589
                                                                                                                                  0x1b38f596
                                                                                                                                  0x1b38f59f
                                                                                                                                  0x1b38f5a5
                                                                                                                                  0x1b38f5a7
                                                                                                                                  0x1b38f5ae
                                                                                                                                  0x1b38f5ba
                                                                                                                                  0x1b38f5c2
                                                                                                                                  0x1b38f614
                                                                                                                                  0x1b38f618
                                                                                                                                  0x1b38f619
                                                                                                                                  0x1b38f626
                                                                                                                                  0x1b38f62e
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f63a
                                                                                                                                  0x1b38f5c8
                                                                                                                                  0x1b38f5d0
                                                                                                                                  0x1b38f5e4
                                                                                                                                  0x1b38f5e4
                                                                                                                                  0x1b38f5ee
                                                                                                                                  0x1b38f604
                                                                                                                                  0x1b38f604
                                                                                                                                  0x1b391672
                                                                                                                                  0x1b391680
                                                                                                                                  0x1b39168d
                                                                                                                                  0x1b391698
                                                                                                                                  0x1b39169b
                                                                                                                                  0x1b3916ac
                                                                                                                                  0x1b3916bf
                                                                                                                                  0x1b3916cb
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3916e6
                                                                                                                                  0x1b38f5fe
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f5fe
                                                                                                                                  0x1b38f5d6
                                                                                                                                  0x1b38f5de
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f5de
                                                                                                                                  0x1b38f63f
                                                                                                                                  0x1b38f64c
                                                                                                                                  0x1b38f64e
                                                                                                                                  0x1b38f651
                                                                                                                                  0x1b38f652
                                                                                                                                  0x1b38f655
                                                                                                                                  0x1b38f660
                                                                                                                                  0x1b38f667
                                                                                                                                  0x1b38f66c
                                                                                                                                  0x1b38f671
                                                                                                                                  0x1b38f675
                                                                                                                                  0x1b38f67d
                                                                                                                                  0x1b38f681
                                                                                                                                  0x1b38f689
                                                                                                                                  0x1b38f68f
                                                                                                                                  0x1b38f691
                                                                                                                                  0x1b38f693
                                                                                                                                  0x1b38f69d
                                                                                                                                  0x1b38f6a2
                                                                                                                                  0x1b38f6a5
                                                                                                                                  0x1b38f6b1
                                                                                                                                  0x1b38f6b6
                                                                                                                                  0x1b38f6c8
                                                                                                                                  0x1b38f6d4
                                                                                                                                  0x1b38f76b
                                                                                                                                  0x1b38f773
                                                                                                                                  0x1b38f82c
                                                                                                                                  0x1b38f82c
                                                                                                                                  0x1b38f834
                                                                                                                                  0x1b38f9fb
                                                                                                                                  0x1b38f9fb
                                                                                                                                  0x1b38fa0a
                                                                                                                                  0x1b38fa0f
                                                                                                                                  0x1b38fa11
                                                                                                                                  0x1b38fa1d
                                                                                                                                  0x1b38fa2a
                                                                                                                                  0x1b38fa32
                                                                                                                                  0x1b38fa35
                                                                                                                                  0x1b38fa38
                                                                                                                                  0x1b38fa40
                                                                                                                                  0x1b38fa43
                                                                                                                                  0x1b38fa44
                                                                                                                                  0x1b38fa4d
                                                                                                                                  0x1b38fa51
                                                                                                                                  0x1b38fa54
                                                                                                                                  0x1b38fa54
                                                                                                                                  0x1b38fa5b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38fa61
                                                                                                                                  0x1b38fa65
                                                                                                                                  0x1b38fa68
                                                                                                                                  0x1b38fa69
                                                                                                                                  0x1b38fa6f
                                                                                                                                  0x1b38fa73
                                                                                                                                  0x1b38fa7c
                                                                                                                                  0x1b38fa89
                                                                                                                                  0x1b38fa8e
                                                                                                                                  0x1b38fa96
                                                                                                                                  0x1b38fa98
                                                                                                                                  0x1b38faa3
                                                                                                                                  0x1b38faa5
                                                                                                                                  0x1b38faaa
                                                                                                                                  0x1b38fab1
                                                                                                                                  0x1b38fab8
                                                                                                                                  0x1b38fb0c
                                                                                                                                  0x1b38fb0c
                                                                                                                                  0x1b38fb13
                                                                                                                                  0x1b38fb1b
                                                                                                                                  0x1b3915c2
                                                                                                                                  0x1b3915c9
                                                                                                                                  0x1b3915ca
                                                                                                                                  0x1b3915d1
                                                                                                                                  0x1b3915db
                                                                                                                                  0x1b3915e2
                                                                                                                                  0x1b3915ec
                                                                                                                                  0x1b3915ef
                                                                                                                                  0x1b3915f6
                                                                                                                                  0x1b3915f7
                                                                                                                                  0x1b391603
                                                                                                                                  0x1b391615
                                                                                                                                  0x1b391615
                                                                                                                                  0x1b39161c
                                                                                                                                  0x1b391622
                                                                                                                                  0x1b391629
                                                                                                                                  0x1b391634
                                                                                                                                  0x1b39163c
                                                                                                                                  0x1b391640
                                                                                                                                  0x1b391641
                                                                                                                                  0x1b391641
                                                                                                                                  0x1b39164b
                                                                                                                                  0x1b391661
                                                                                                                                  0x1b391661
                                                                                                                                  0x1b391665
                                                                                                                                  0x1b391670
                                                                                                                                  0x00000000
                                                                                                                                  0x1b391670
                                                                                                                                  0x1b39165b
                                                                                                                                  0x00000000
                                                                                                                                  0x1b39165b
                                                                                                                                  0x1b391610
                                                                                                                                  0x00000000
                                                                                                                                  0x1b391610
                                                                                                                                  0x1b38fb21
                                                                                                                                  0x1b38fb29
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38fb39
                                                                                                                                  0x1b38fb3b
                                                                                                                                  0x1b38fb47
                                                                                                                                  0x1b38fb4e
                                                                                                                                  0x1b38fb57
                                                                                                                                  0x1b38fb65
                                                                                                                                  0x1b38fb69
                                                                                                                                  0x1b38fb7b
                                                                                                                                  0x1b38fb82
                                                                                                                                  0x1b38fb94
                                                                                                                                  0x1b38fb96
                                                                                                                                  0x1b39017e
                                                                                                                                  0x1b390188
                                                                                                                                  0x1b39018d
                                                                                                                                  0x1b390190
                                                                                                                                  0x1b390198
                                                                                                                                  0x1b3901a0
                                                                                                                                  0x1b3901a5
                                                                                                                                  0x1b3901a6
                                                                                                                                  0x1b3901ae
                                                                                                                                  0x1b39021c
                                                                                                                                  0x1b39021f
                                                                                                                                  0x1b390224
                                                                                                                                  0x1b390228
                                                                                                                                  0x1b39022d
                                                                                                                                  0x1b390236
                                                                                                                                  0x1b390236
                                                                                                                                  0x1b390247
                                                                                                                                  0x1b39024a
                                                                                                                                  0x1b39024d
                                                                                                                                  0x1b390254
                                                                                                                                  0x1b390256
                                                                                                                                  0x1b39025e
                                                                                                                                  0x1b390263
                                                                                                                                  0x1b390266
                                                                                                                                  0x1b39026c
                                                                                                                                  0x1b390273
                                                                                                                                  0x1b390278
                                                                                                                                  0x1b39027b
                                                                                                                                  0x1b39027c
                                                                                                                                  0x1b39027f
                                                                                                                                  0x1b39028c
                                                                                                                                  0x1b39044d
                                                                                                                                  0x1b39044d
                                                                                                                                  0x1b390455
                                                                                                                                  0x1b390459
                                                                                                                                  0x1b390460
                                                                                                                                  0x1b390461
                                                                                                                                  0x1b390462
                                                                                                                                  0x1b390469
                                                                                                                                  0x1b390821
                                                                                                                                  0x1b390821
                                                                                                                                  0x1b39082c
                                                                                                                                  0x1b39082f
                                                                                                                                  0x1b390833
                                                                                                                                  0x1b390836
                                                                                                                                  0x1b390846
                                                                                                                                  0x1b39084e
                                                                                                                                  0x1b390bbe
                                                                                                                                  0x1b390bbe
                                                                                                                                  0x1b390bc8
                                                                                                                                  0x1b39104e
                                                                                                                                  0x1b39104e
                                                                                                                                  0x1b391054
                                                                                                                                  0x1b39105c
                                                                                                                                  0x1b391060
                                                                                                                                  0x1b391065
                                                                                                                                  0x1b39106e
                                                                                                                                  0x1b391071
                                                                                                                                  0x1b391079
                                                                                                                                  0x1b391080
                                                                                                                                  0x1b391081
                                                                                                                                  0x1b391081
                                                                                                                                  0x1b391089
                                                                                                                                  0x1b3915bd
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3915bd
                                                                                                                                  0x1b39108f
                                                                                                                                  0x1b391099
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3910a3
                                                                                                                                  0x1b3910a6
                                                                                                                                  0x1b3910ac
                                                                                                                                  0x1b3910b4
                                                                                                                                  0x1b3910b5
                                                                                                                                  0x1b3910b8
                                                                                                                                  0x1b3910bc
                                                                                                                                  0x1b3910bf
                                                                                                                                  0x1b3910bf
                                                                                                                                  0x1b3910c4
                                                                                                                                  0x1b3910c7
                                                                                                                                  0x1b3910cf
                                                                                                                                  0x1b3910d4
                                                                                                                                  0x1b3910d5
                                                                                                                                  0x1b3910d9
                                                                                                                                  0x1b3910e3
                                                                                                                                  0x1b3910f9
                                                                                                                                  0x1b391103
                                                                                                                                  0x1b39110f
                                                                                                                                  0x1b391110
                                                                                                                                  0x1b39111e
                                                                                                                                  0x1b391122
                                                                                                                                  0x1b391127
                                                                                                                                  0x1b391129
                                                                                                                                  0x1b391131
                                                                                                                                  0x1b391134
                                                                                                                                  0x1b391137
                                                                                                                                  0x1b39113c
                                                                                                                                  0x1b391142
                                                                                                                                  0x1b391146
                                                                                                                                  0x1b39114a
                                                                                                                                  0x1b39114e
                                                                                                                                  0x1b391151
                                                                                                                                  0x1b391164
                                                                                                                                  0x1b391170
                                                                                                                                  0x1b39117f
                                                                                                                                  0x1b391186
                                                                                                                                  0x1b39118b
                                                                                                                                  0x1b391196
                                                                                                                                  0x1b39119c
                                                                                                                                  0x1b39119e
                                                                                                                                  0x1b3911fa
                                                                                                                                  0x1b3911fa
                                                                                                                                  0x1b391202
                                                                                                                                  0x1b391206
                                                                                                                                  0x1b39120e
                                                                                                                                  0x1b391219
                                                                                                                                  0x1b39121d
                                                                                                                                  0x1b391225
                                                                                                                                  0x1b39122d
                                                                                                                                  0x1b391231
                                                                                                                                  0x1b391232
                                                                                                                                  0x1b39123a
                                                                                                                                  0x1b39123e
                                                                                                                                  0x1b39123f
                                                                                                                                  0x1b39124c
                                                                                                                                  0x1b391254
                                                                                                                                  0x1b391255
                                                                                                                                  0x1b391256
                                                                                                                                  0x1b391261
                                                                                                                                  0x1b391265
                                                                                                                                  0x1b39126d
                                                                                                                                  0x1b391275
                                                                                                                                  0x1b39127d
                                                                                                                                  0x1b39127e
                                                                                                                                  0x1b391282
                                                                                                                                  0x1b39128a
                                                                                                                                  0x1b391292
                                                                                                                                  0x1b391299
                                                                                                                                  0x1b39129a
                                                                                                                                  0x1b3912a2
                                                                                                                                  0x1b3912a3
                                                                                                                                  0x1b3912a9
                                                                                                                                  0x1b3912b1
                                                                                                                                  0x1b3912b6
                                                                                                                                  0x1b391351
                                                                                                                                  0x1b391351
                                                                                                                                  0x1b391359
                                                                                                                                  0x1b39135d
                                                                                                                                  0x1b39136f
                                                                                                                                  0x1b391373
                                                                                                                                  0x1b391380
                                                                                                                                  0x1b391383
                                                                                                                                  0x1b391386
                                                                                                                                  0x1b39138e
                                                                                                                                  0x1b391397
                                                                                                                                  0x1b391397
                                                                                                                                  0x1b391397
                                                                                                                                  0x1b39139c
                                                                                                                                  0x1b3913a1
                                                                                                                                  0x1b3913a5
                                                                                                                                  0x1b3913ad
                                                                                                                                  0x1b391561
                                                                                                                                  0x1b39158d
                                                                                                                                  0x1b3915a0
                                                                                                                                  0x1b3915b1
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3915b1
                                                                                                                                  0x1b3913b3
                                                                                                                                  0x1b3913bc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3913c2
                                                                                                                                  0x1b3913c5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3913cb
                                                                                                                                  0x1b3913d4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3913da
                                                                                                                                  0x1b3913de
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3913e8
                                                                                                                                  0x1b3913ed
                                                                                                                                  0x1b3913f0
                                                                                                                                  0x1b3913f2
                                                                                                                                  0x1b391400
                                                                                                                                  0x1b391402
                                                                                                                                  0x1b391404
                                                                                                                                  0x1b39140b
                                                                                                                                  0x1b39140e
                                                                                                                                  0x1b391422
                                                                                                                                  0x1b391425
                                                                                                                                  0x1b39142d
                                                                                                                                  0x1b391432
                                                                                                                                  0x1b391439
                                                                                                                                  0x1b39143c
                                                                                                                                  0x1b39143f
                                                                                                                                  0x1b391447
                                                                                                                                  0x1b39144a
                                                                                                                                  0x1b39144e
                                                                                                                                  0x1b391451
                                                                                                                                  0x1b391452
                                                                                                                                  0x1b39145c
                                                                                                                                  0x1b391462
                                                                                                                                  0x1b39146f
                                                                                                                                  0x1b391472
                                                                                                                                  0x1b39147a
                                                                                                                                  0x1b391480
                                                                                                                                  0x1b391484
                                                                                                                                  0x1b391485
                                                                                                                                  0x1b39148d
                                                                                                                                  0x1b391491
                                                                                                                                  0x1b391496
                                                                                                                                  0x1b391499
                                                                                                                                  0x1b39149e
                                                                                                                                  0x1b3914a3
                                                                                                                                  0x1b3914ab
                                                                                                                                  0x1b3914af
                                                                                                                                  0x1b3914b3
                                                                                                                                  0x1b3914b6
                                                                                                                                  0x1b3914b9
                                                                                                                                  0x1b3914bb
                                                                                                                                  0x1b3914be
                                                                                                                                  0x1b3914c6
                                                                                                                                  0x1b3914ca
                                                                                                                                  0x1b3914ce
                                                                                                                                  0x1b3914d6
                                                                                                                                  0x1b3914d6
                                                                                                                                  0x1b3914de
                                                                                                                                  0x1b39150f
                                                                                                                                  0x1b391513
                                                                                                                                  0x1b39151b
                                                                                                                                  0x1b39151e
                                                                                                                                  0x1b391527
                                                                                                                                  0x1b39152a
                                                                                                                                  0x1b391532
                                                                                                                                  0x1b391536
                                                                                                                                  0x1b391538
                                                                                                                                  0x1b39153b
                                                                                                                                  0x1b391549
                                                                                                                                  0x1b39154c
                                                                                                                                  0x1b391559
                                                                                                                                  0x00000000
                                                                                                                                  0x1b391559
                                                                                                                                  0x1b3914f6
                                                                                                                                  0x1b3914f8
                                                                                                                                  0x1b3914fb
                                                                                                                                  0x1b3914fe
                                                                                                                                  0x1b391502
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3914d1
                                                                                                                                  0x1b3914ce
                                                                                                                                  0x1b391397
                                                                                                                                  0x1b3912c6
                                                                                                                                  0x1b3912ca
                                                                                                                                  0x1b3912cb
                                                                                                                                  0x1b3912d3
                                                                                                                                  0x1b3912ea
                                                                                                                                  0x1b3912f5
                                                                                                                                  0x1b3912f9
                                                                                                                                  0x1b3912f9
                                                                                                                                  0x1b391301
                                                                                                                                  0x1b391304
                                                                                                                                  0x1b391305
                                                                                                                                  0x1b39130c
                                                                                                                                  0x1b391317
                                                                                                                                  0x1b391317
                                                                                                                                  0x1b39131b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b391321
                                                                                                                                  0x1b391329
                                                                                                                                  0x1b39132d
                                                                                                                                  0x1b391331
                                                                                                                                  0x1b39133b
                                                                                                                                  0x1b391344
                                                                                                                                  0x1b391344
                                                                                                                                  0x00000000
                                                                                                                                  0x1b391317
                                                                                                                                  0x1b3912d9
                                                                                                                                  0x1b3912d9
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3912e5
                                                                                                                                  0x1b3911ac
                                                                                                                                  0x1b3911ae
                                                                                                                                  0x1b3911af
                                                                                                                                  0x1b3911af
                                                                                                                                  0x1b3911d7
                                                                                                                                  0x1b3911dd
                                                                                                                                  0x1b3911e4
                                                                                                                                  0x1b3911eb
                                                                                                                                  0x1b3911f3
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3911f3
                                                                                                                                  0x1b390bce
                                                                                                                                  0x1b390bd5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390bdb
                                                                                                                                  0x1b390be3
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390be9
                                                                                                                                  0x1b390bf5
                                                                                                                                  0x1b390c1c
                                                                                                                                  0x1b390c23
                                                                                                                                  0x1b390c2b
                                                                                                                                  0x1b390c2f
                                                                                                                                  0x1b390c37
                                                                                                                                  0x1b390c42
                                                                                                                                  0x1b390c66
                                                                                                                                  0x1b390c6d
                                                                                                                                  0x1b390c72
                                                                                                                                  0x1b390c75
                                                                                                                                  0x1b390c79
                                                                                                                                  0x1b390c7c
                                                                                                                                  0x1b390c80
                                                                                                                                  0x1b390c85
                                                                                                                                  0x1b390c89
                                                                                                                                  0x1b390c89
                                                                                                                                  0x1b390c8c
                                                                                                                                  0x1b390c8c
                                                                                                                                  0x1b390c8f
                                                                                                                                  0x1b390c94
                                                                                                                                  0x1b390c9b
                                                                                                                                  0x1b390ca2
                                                                                                                                  0x1b390ca7
                                                                                                                                  0x1b390caf
                                                                                                                                  0x1b390cb4
                                                                                                                                  0x1b390cb4
                                                                                                                                  0x1b390cbd
                                                                                                                                  0x1b390ff3
                                                                                                                                  0x1b390ff9
                                                                                                                                  0x1b390ffa
                                                                                                                                  0x1b390fff
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390fff
                                                                                                                                  0x1b390cc7
                                                                                                                                  0x1b390cca
                                                                                                                                  0x1b390cce
                                                                                                                                  0x1b390cd2
                                                                                                                                  0x1b390cd3
                                                                                                                                  0x1b390cd6
                                                                                                                                  0x1b390cda
                                                                                                                                  0x1b390ce3
                                                                                                                                  0x1b390ce6
                                                                                                                                  0x1b390cf2
                                                                                                                                  0x1b390d09
                                                                                                                                  0x1b390d16
                                                                                                                                  0x1b390d1e
                                                                                                                                  0x1b390d29
                                                                                                                                  0x1b390d31
                                                                                                                                  0x1b390d3c
                                                                                                                                  0x1b390d56
                                                                                                                                  0x1b390d5d
                                                                                                                                  0x1b390d62
                                                                                                                                  0x1b390d68
                                                                                                                                  0x1b390d68
                                                                                                                                  0x1b390d6b
                                                                                                                                  0x1b390d74
                                                                                                                                  0x1b390d77
                                                                                                                                  0x1b390d7b
                                                                                                                                  0x1b390d90
                                                                                                                                  0x1b390d9a
                                                                                                                                  0x1b390da0
                                                                                                                                  0x1b390da3
                                                                                                                                  0x1b390da6
                                                                                                                                  0x1b390daa
                                                                                                                                  0x1b390db5
                                                                                                                                  0x1b390dbb
                                                                                                                                  0x1b390dc0
                                                                                                                                  0x1b390dc5
                                                                                                                                  0x1b390dcb
                                                                                                                                  0x1b390dd3
                                                                                                                                  0x1b390dde
                                                                                                                                  0x1b390de2
                                                                                                                                  0x1b390de2
                                                                                                                                  0x1b390de6
                                                                                                                                  0x1b390de7
                                                                                                                                  0x1b390dec
                                                                                                                                  0x1b390df7
                                                                                                                                  0x1b390dfb
                                                                                                                                  0x1b390e04
                                                                                                                                  0x1b390e07
                                                                                                                                  0x1b390e0c
                                                                                                                                  0x1b390e1d
                                                                                                                                  0x1b390e22
                                                                                                                                  0x1b390e26
                                                                                                                                  0x1b390e37
                                                                                                                                  0x1b390e3e
                                                                                                                                  0x1b390e98
                                                                                                                                  0x1b390e98
                                                                                                                                  0x1b390ea0
                                                                                                                                  0x1b390eaa
                                                                                                                                  0x1b390f96
                                                                                                                                  0x1b390f96
                                                                                                                                  0x1b390fa5
                                                                                                                                  0x1b390fa7
                                                                                                                                  0x1b390fba
                                                                                                                                  0x1b390fbd
                                                                                                                                  0x1b390fc0
                                                                                                                                  0x1b390fc8
                                                                                                                                  0x1b390fce
                                                                                                                                  0x1b390fd2
                                                                                                                                  0x1b390fd9
                                                                                                                                  0x1b390fdc
                                                                                                                                  0x1b390fe9
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390fe9
                                                                                                                                  0x1b390eb0
                                                                                                                                  0x1b390eb6
                                                                                                                                  0x1b390ebc
                                                                                                                                  0x1b390ec4
                                                                                                                                  0x1b390edb
                                                                                                                                  0x1b390ee2
                                                                                                                                  0x1b390ee4
                                                                                                                                  0x1b390eef
                                                                                                                                  0x1b390eef
                                                                                                                                  0x1b390efb
                                                                                                                                  0x1b390efe
                                                                                                                                  0x1b390f06
                                                                                                                                  0x1b390f09
                                                                                                                                  0x1b390f0d
                                                                                                                                  0x1b390f10
                                                                                                                                  0x1b390f18
                                                                                                                                  0x1b390f18
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390f1e
                                                                                                                                  0x1b390f26
                                                                                                                                  0x1b390f37
                                                                                                                                  0x1b390f3c
                                                                                                                                  0x1b390f3d
                                                                                                                                  0x1b390f3f
                                                                                                                                  0x1b390f48
                                                                                                                                  0x1b390f50
                                                                                                                                  0x1b390f59
                                                                                                                                  0x1b390f5c
                                                                                                                                  0x1b390f60
                                                                                                                                  0x1b390f68
                                                                                                                                  0x1b390f6a
                                                                                                                                  0x1b390f6e
                                                                                                                                  0x1b390f72
                                                                                                                                  0x1b390f75
                                                                                                                                  0x1b390f75
                                                                                                                                  0x1b390f78
                                                                                                                                  0x1b390f7c
                                                                                                                                  0x1b390f7d
                                                                                                                                  0x1b390f80
                                                                                                                                  0x1b390f89
                                                                                                                                  0x1b390f10
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390f13
                                                                                                                                  0x1b390f0d
                                                                                                                                  0x1b390eca
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390ed6
                                                                                                                                  0x1b390e4c
                                                                                                                                  0x1b390e4f
                                                                                                                                  0x1b390e53
                                                                                                                                  0x1b390e53
                                                                                                                                  0x1b390e57
                                                                                                                                  0x1b390e5c
                                                                                                                                  0x1b390e5f
                                                                                                                                  0x1b390e74
                                                                                                                                  0x1b390e81
                                                                                                                                  0x1b390e84
                                                                                                                                  0x1b390e85
                                                                                                                                  0x1b390e87
                                                                                                                                  0x1b390e91
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390e91
                                                                                                                                  0x1b390d44
                                                                                                                                  0x1b390d49
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390d51
                                                                                                                                  0x1b390cf8
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390d04
                                                                                                                                  0x1b390cb4
                                                                                                                                  0x1b390c48
                                                                                                                                  0x1b390c4a
                                                                                                                                  0x1b390c4f
                                                                                                                                  0x1b390c57
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390c61
                                                                                                                                  0x1b390bfb
                                                                                                                                  0x1b390bfd
                                                                                                                                  0x1b390c01
                                                                                                                                  0x1b390c0d
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390c17
                                                                                                                                  0x1b390854
                                                                                                                                  0x1b39085b
                                                                                                                                  0x1b39085f
                                                                                                                                  0x1b390862
                                                                                                                                  0x1b39086a
                                                                                                                                  0x1b39086d
                                                                                                                                  0x1b390875
                                                                                                                                  0x1b39087f
                                                                                                                                  0x1b390880
                                                                                                                                  0x1b390888
                                                                                                                                  0x1b39088f
                                                                                                                                  0x1b390896
                                                                                                                                  0x1b39089a
                                                                                                                                  0x1b39089b
                                                                                                                                  0x1b39089e
                                                                                                                                  0x1b3908a5
                                                                                                                                  0x1b3908af
                                                                                                                                  0x1b3908b3
                                                                                                                                  0x1b3908b6
                                                                                                                                  0x1b3908ba
                                                                                                                                  0x1b3908be
                                                                                                                                  0x1b3908c5
                                                                                                                                  0x1b3908c7
                                                                                                                                  0x1b3908cc
                                                                                                                                  0x1b3908cd
                                                                                                                                  0x1b3908d5
                                                                                                                                  0x1b3908df
                                                                                                                                  0x1b3908e4
                                                                                                                                  0x1b3908f1
                                                                                                                                  0x1b3908f3
                                                                                                                                  0x1b3908f8
                                                                                                                                  0x1b3908fe
                                                                                                                                  0x1b39090e
                                                                                                                                  0x1b39091f
                                                                                                                                  0x1b390921
                                                                                                                                  0x1b390926
                                                                                                                                  0x1b39092b
                                                                                                                                  0x1b39092d
                                                                                                                                  0x1b390931
                                                                                                                                  0x1b390936
                                                                                                                                  0x1b390942
                                                                                                                                  0x1b390945
                                                                                                                                  0x1b390954
                                                                                                                                  0x1b390957
                                                                                                                                  0x1b39095a
                                                                                                                                  0x1b39095f
                                                                                                                                  0x1b390967
                                                                                                                                  0x1b390972
                                                                                                                                  0x1b390975
                                                                                                                                  0x1b39097a
                                                                                                                                  0x1b390982
                                                                                                                                  0x1b390985
                                                                                                                                  0x1b39098d
                                                                                                                                  0x1b390995
                                                                                                                                  0x1b390996
                                                                                                                                  0x1b39099f
                                                                                                                                  0x1b3909a7
                                                                                                                                  0x1b3909bb
                                                                                                                                  0x1b3909bb
                                                                                                                                  0x1b3909c0
                                                                                                                                  0x1b3909c8
                                                                                                                                  0x1b3909cb
                                                                                                                                  0x1b3909cb
                                                                                                                                  0x1b3909ce
                                                                                                                                  0x1b3909ce
                                                                                                                                  0x1b3909d6
                                                                                                                                  0x1b3909d7
                                                                                                                                  0x1b3909df
                                                                                                                                  0x1b390a80
                                                                                                                                  0x1b390a88
                                                                                                                                  0x1b390a8e
                                                                                                                                  0x1b390a8e
                                                                                                                                  0x1b390a93
                                                                                                                                  0x1b390a9d
                                                                                                                                  0x1b390aa3
                                                                                                                                  0x1b390aa3
                                                                                                                                  0x1b390aa8
                                                                                                                                  0x1b390ab1
                                                                                                                                  0x1b390b1f
                                                                                                                                  0x1b390b2c
                                                                                                                                  0x1b390b33
                                                                                                                                  0x1b390b38
                                                                                                                                  0x1b390b40
                                                                                                                                  0x1b390b4c
                                                                                                                                  0x1b390b52
                                                                                                                                  0x1b390b57
                                                                                                                                  0x1b390b5d
                                                                                                                                  0x1b390b60
                                                                                                                                  0x1b390b64
                                                                                                                                  0x1b390b69
                                                                                                                                  0x1b390b6f
                                                                                                                                  0x1b390b7f
                                                                                                                                  0x1b390b83
                                                                                                                                  0x1b390b87
                                                                                                                                  0x1b390b8a
                                                                                                                                  0x1b390b95
                                                                                                                                  0x1b390b9d
                                                                                                                                  0x1b390ba0
                                                                                                                                  0x1b390ba3
                                                                                                                                  0x1b390ba8
                                                                                                                                  0x1b390bab
                                                                                                                                  0x1b390bb0
                                                                                                                                  0x1b390bb7
                                                                                                                                  0x1b390bb8
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390bb8
                                                                                                                                  0x1b390ab7
                                                                                                                                  0x1b390ac0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390aca
                                                                                                                                  0x1b390acd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390ad7
                                                                                                                                  0x1b390ad8
                                                                                                                                  0x1b390adb
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390ae1
                                                                                                                                  0x1b390ae5
                                                                                                                                  0x1b390aea
                                                                                                                                  0x1b390aed
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390af3
                                                                                                                                  0x1b390af7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390afd
                                                                                                                                  0x1b390b04
                                                                                                                                  0x1b390b08
                                                                                                                                  0x1b390b0e
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390b1a
                                                                                                                                  0x1b3909f6
                                                                                                                                  0x1b3909fb
                                                                                                                                  0x1b390a03
                                                                                                                                  0x1b390a0c
                                                                                                                                  0x1b390a1a
                                                                                                                                  0x1b390a25
                                                                                                                                  0x1b390a2b
                                                                                                                                  0x1b390a2e
                                                                                                                                  0x1b390a48
                                                                                                                                  0x1b390a52
                                                                                                                                  0x1b390a56
                                                                                                                                  0x1b390a59
                                                                                                                                  0x1b390a5c
                                                                                                                                  0x1b390a5f
                                                                                                                                  0x1b390a68
                                                                                                                                  0x1b390a6b
                                                                                                                                  0x1b390a6f
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390a7b
                                                                                                                                  0x1b3909ad
                                                                                                                                  0x1b3909b5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3909b5
                                                                                                                                  0x1b39046f
                                                                                                                                  0x1b39047c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390482
                                                                                                                                  0x1b390489
                                                                                                                                  0x1b390496
                                                                                                                                  0x1b39049e
                                                                                                                                  0x1b39049f
                                                                                                                                  0x1b3904aa
                                                                                                                                  0x1b3904ae
                                                                                                                                  0x1b3904bb
                                                                                                                                  0x1b3904bf
                                                                                                                                  0x1b3904c3
                                                                                                                                  0x1b3904ca
                                                                                                                                  0x1b3904d1
                                                                                                                                  0x1b3904dc
                                                                                                                                  0x1b3904df
                                                                                                                                  0x1b3904e8
                                                                                                                                  0x1b3904ef
                                                                                                                                  0x1b3904f6
                                                                                                                                  0x1b390502
                                                                                                                                  0x1b39051c
                                                                                                                                  0x1b39052e
                                                                                                                                  0x1b390531
                                                                                                                                  0x1b390535
                                                                                                                                  0x1b39053a
                                                                                                                                  0x1b39053b
                                                                                                                                  0x1b390546
                                                                                                                                  0x1b39055d
                                                                                                                                  0x1b390564
                                                                                                                                  0x1b390569
                                                                                                                                  0x1b390569
                                                                                                                                  0x1b390571
                                                                                                                                  0x1b390576
                                                                                                                                  0x1b390578
                                                                                                                                  0x1b390580
                                                                                                                                  0x1b390584
                                                                                                                                  0x1b39058c
                                                                                                                                  0x1b390590
                                                                                                                                  0x1b390594
                                                                                                                                  0x1b39059f
                                                                                                                                  0x1b3905a2
                                                                                                                                  0x1b3905aa
                                                                                                                                  0x1b3905af
                                                                                                                                  0x1b3905b7
                                                                                                                                  0x1b3905bb
                                                                                                                                  0x1b3905c2
                                                                                                                                  0x1b3905cb
                                                                                                                                  0x1b3905d3
                                                                                                                                  0x1b3905db
                                                                                                                                  0x1b3905e3
                                                                                                                                  0x1b3905e4
                                                                                                                                  0x1b3905ec
                                                                                                                                  0x1b390600
                                                                                                                                  0x1b390600
                                                                                                                                  0x1b390605
                                                                                                                                  0x1b39060d
                                                                                                                                  0x1b390612
                                                                                                                                  0x1b390612
                                                                                                                                  0x1b39061a
                                                                                                                                  0x1b39061b
                                                                                                                                  0x1b390623
                                                                                                                                  0x1b3906c5
                                                                                                                                  0x1b3906c8
                                                                                                                                  0x1b3906ce
                                                                                                                                  0x1b3906ce
                                                                                                                                  0x1b3906d3
                                                                                                                                  0x1b3906dc
                                                                                                                                  0x1b3906e2
                                                                                                                                  0x1b3906e2
                                                                                                                                  0x1b3906e7
                                                                                                                                  0x1b3906f1
                                                                                                                                  0x1b39078a
                                                                                                                                  0x1b390795
                                                                                                                                  0x1b3907a2
                                                                                                                                  0x1b3907a7
                                                                                                                                  0x1b3907af
                                                                                                                                  0x1b3907b3
                                                                                                                                  0x1b3907b6
                                                                                                                                  0x1b3907bc
                                                                                                                                  0x1b3907be
                                                                                                                                  0x1b3907c9
                                                                                                                                  0x1b3907cc
                                                                                                                                  0x1b3907d0
                                                                                                                                  0x1b3907d3
                                                                                                                                  0x1b3907d6
                                                                                                                                  0x1b3907d9
                                                                                                                                  0x1b3907e2
                                                                                                                                  0x1b3907e9
                                                                                                                                  0x1b3907ec
                                                                                                                                  0x1b3907ef
                                                                                                                                  0x1b3907f2
                                                                                                                                  0x1b3907f5
                                                                                                                                  0x1b3907f8
                                                                                                                                  0x1b3907fb
                                                                                                                                  0x1b3907ff
                                                                                                                                  0x1b390803
                                                                                                                                  0x1b39080a
                                                                                                                                  0x1b39080f
                                                                                                                                  0x1b390813
                                                                                                                                  0x1b390818
                                                                                                                                  0x1b39081d
                                                                                                                                  0x00000000
                                                                                                                                  0x1b39081d
                                                                                                                                  0x1b3906f7
                                                                                                                                  0x1b390701
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b39070b
                                                                                                                                  0x1b39070e
                                                                                                                                  0x1b39070f
                                                                                                                                  0x1b390710
                                                                                                                                  0x1b39071a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390724
                                                                                                                                  0x1b39072e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390734
                                                                                                                                  0x1b390738
                                                                                                                                  0x1b39073c
                                                                                                                                  0x1b390746
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b39074c
                                                                                                                                  0x1b390756
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b39075c
                                                                                                                                  0x1b390760
                                                                                                                                  0x1b390765
                                                                                                                                  0x1b39076c
                                                                                                                                  0x1b39077b
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390785
                                                                                                                                  0x1b39063b
                                                                                                                                  0x1b390640
                                                                                                                                  0x1b39064a
                                                                                                                                  0x1b39065d
                                                                                                                                  0x1b390660
                                                                                                                                  0x1b390664
                                                                                                                                  0x1b390667
                                                                                                                                  0x1b39066b
                                                                                                                                  0x1b39066e
                                                                                                                                  0x1b39066e
                                                                                                                                  0x1b390671
                                                                                                                                  0x1b390674
                                                                                                                                  0x1b39068a
                                                                                                                                  0x1b39068d
                                                                                                                                  0x1b390693
                                                                                                                                  0x1b39069c
                                                                                                                                  0x1b39069f
                                                                                                                                  0x1b3906a8
                                                                                                                                  0x1b3906ab
                                                                                                                                  0x1b3906b2
                                                                                                                                  0x1b3906b6
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3906c0
                                                                                                                                  0x1b3905f2
                                                                                                                                  0x1b3905fa
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3905fa
                                                                                                                                  0x1b39054c
                                                                                                                                  0x1b390553
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390553
                                                                                                                                  0x1b39050b
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390517
                                                                                                                                  0x1b390292
                                                                                                                                  0x1b3902a0
                                                                                                                                  0x1b3902a2
                                                                                                                                  0x1b390324
                                                                                                                                  0x1b390324
                                                                                                                                  0x1b390326
                                                                                                                                  0x1b390330
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390336
                                                                                                                                  0x1b390342
                                                                                                                                  0x1b390349
                                                                                                                                  0x1b3903ce
                                                                                                                                  0x1b3903ce
                                                                                                                                  0x1b3903d8
                                                                                                                                  0x1b3903e4
                                                                                                                                  0x1b3903ef
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390406
                                                                                                                                  0x1b39040d
                                                                                                                                  0x1b390414
                                                                                                                                  0x1b39041b
                                                                                                                                  0x1b390427
                                                                                                                                  0x1b39042a
                                                                                                                                  0x1b39043c
                                                                                                                                  0x1b390441
                                                                                                                                  0x1b390448
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390448
                                                                                                                                  0x1b39034f
                                                                                                                                  0x1b39035b
                                                                                                                                  0x1b390360
                                                                                                                                  0x1b390367
                                                                                                                                  0x1b390368
                                                                                                                                  0x1b390372
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390378
                                                                                                                                  0x1b390380
                                                                                                                                  0x1b390387
                                                                                                                                  0x1b390393
                                                                                                                                  0x1b390396
                                                                                                                                  0x1b39039d
                                                                                                                                  0x1b3903a7
                                                                                                                                  0x1b3903bd
                                                                                                                                  0x1b3903bd
                                                                                                                                  0x1b3903c1
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3903c9
                                                                                                                                  0x1b3903b7
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3903b7
                                                                                                                                  0x1b3902a8
                                                                                                                                  0x1b3902af
                                                                                                                                  0x1b3902b6
                                                                                                                                  0x1b39030e
                                                                                                                                  0x1b390313
                                                                                                                                  0x1b390318
                                                                                                                                  0x1b39031f
                                                                                                                                  0x00000000
                                                                                                                                  0x1b39031f
                                                                                                                                  0x1b3902bc
                                                                                                                                  0x1b3902c3
                                                                                                                                  0x1b3902c8
                                                                                                                                  0x1b3902d4
                                                                                                                                  0x1b3902dd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3902e3
                                                                                                                                  0x1b3902ed
                                                                                                                                  0x1b390303
                                                                                                                                  0x1b390303
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390307
                                                                                                                                  0x1b3902fd
                                                                                                                                  0x00000000
                                                                                                                                  0x1b3902fd
                                                                                                                                  0x1b3901c1
                                                                                                                                  0x1b3901c6
                                                                                                                                  0x1b3901ce
                                                                                                                                  0x1b3901d2
                                                                                                                                  0x1b3901d7
                                                                                                                                  0x1b3901db
                                                                                                                                  0x1b3901e0
                                                                                                                                  0x1b3901e7
                                                                                                                                  0x1b3901ea
                                                                                                                                  0x1b3901ef
                                                                                                                                  0x1b3901f3
                                                                                                                                  0x1b3901f7
                                                                                                                                  0x1b3901fc
                                                                                                                                  0x1b3901ff
                                                                                                                                  0x1b390204
                                                                                                                                  0x1b390207
                                                                                                                                  0x1b39020f
                                                                                                                                  0x1b390214
                                                                                                                                  0x00000000
                                                                                                                                  0x1b390214
                                                                                                                                  0x1b38fb9c
                                                                                                                                  0x1b38fbac
                                                                                                                                  0x1b38fbb3
                                                                                                                                  0x1b38fbc9
                                                                                                                                  0x1b38fbd0
                                                                                                                                  0x1b38fbd3
                                                                                                                                  0x1b38fbdb
                                                                                                                                  0x1b38fbdb
                                                                                                                                  0x1b38fbdf
                                                                                                                                  0x1b38fbf7
                                                                                                                                  0x1b38fc03
                                                                                                                                  0x1b38fc06
                                                                                                                                  0x1b38fc0e
                                                                                                                                  0x1b38fc0e
                                                                                                                                  0x1b38fc12
                                                                                                                                  0x1b38fc15
                                                                                                                                  0x1b38fc19
                                                                                                                                  0x1b38fc21
                                                                                                                                  0x1b38fc28
                                                                                                                                  0x1b38fc2b
                                                                                                                                  0x1b38fc2c
                                                                                                                                  0x1b38fc2f
                                                                                                                                  0x1b38fc3a
                                                                                                                                  0x1b38fc3d
                                                                                                                                  0x1b38fc41
                                                                                                                                  0x1b38fc44
                                                                                                                                  0x1b38fc4c
                                                                                                                                  0x1b38fc56
                                                                                                                                  0x1b38fc5f
                                                                                                                                  0x1b38fc62
                                                                                                                                  0x1b38fc69
                                                                                                                                  0x1b38fc72
                                                                                                                                  0x1b38fc72
                                                                                                                                  0x1b38fc75
                                                                                                                                  0x1b38fc78
                                                                                                                                  0x1b38fc82
                                                                                                                                  0x1b38ff6a
                                                                                                                                  0x1b38ff6a
                                                                                                                                  0x1b38ff75
                                                                                                                                  0x1b38ff77
                                                                                                                                  0x1b38ff7b
                                                                                                                                  0x1b38ff87
                                                                                                                                  0x1b38ffd4
                                                                                                                                  0x1b38ffdc
                                                                                                                                  0x1b39000a
                                                                                                                                  0x1b39000d
                                                                                                                                  0x1b390011
                                                                                                                                  0x1b390016
                                                                                                                                  0x1b390019
                                                                                                                                  0x1b390020
                                                                                                                                  0x1b390022
                                                                                                                                  0x1b39002a
                                                                                                                                  0x1b390032
                                                                                                                                  0x1b390036
                                                                                                                                  0x1b390039
                                                                                                                                  0x1b390040
                                                                                                                                  0x1b390047
                                                                                                                                  0x1b390050
                                                                                                                                  0x1b39005d
                                                                                                                                  0x1b390062
                                                                                                                                  0x1b390062
                                                                                                                                  0x1b39006c
                                                                                                                                  0x1b390078
                                                                                                                                  0x1b390081
                                                                                                                                  0x1b390172
                                                                                                                                  0x1b390172
                                                                                                                                  0x1b390174
                                                                                                                                  0x1b39017a
                                                                                                                                  0x00000000
                                                                                                                                  0x1b39017a
                                                                                                                                  0x1b39008b
                                                                                                                                  0x1b390093
                                                                                                                                  0x1b390094
                                                                                                                                  0x1b390098
                                                                                                                                  0x1b390099
                                                                                                                                  0x1b39009a
                                                                                                                                  0x1b39009f
                                                                                                                                  0x1b3900a5
                                                                                                                                  0x1b3900ac
                                                                                                                                  0x1b3900c8
                                                                                                                                  0x1b3900cc
                                                                                                                                  0x1b3900d5
                                                                                                                                  0x1b3900d9
                                                                                                                                  0x1b3900dd
                                                                                                                                  0x1b3900de
                                                                                                                                  0x1b3900ea
                                                                                                                                  0x1b3900f2
                                                                                                                                  0x1b3900f6
                                                                                                                                  0x1b3900fc
                                                                                                                                  0x1b390102
                                                                                                                                  0x1b390103
                                                                                                                                  0x1b390106
                                                                                                                                  0x1b39010a
                                                                                                                                  0x1b390111
                                                                                                                                  0x1b390115
                                                                                                                                  0x1b390118
                                                                                                                                  0x1b390135
                                                                                                                                  0x1b39013d
                                                                                                                                  0x1b390141
                                                                                                                                  0x1b390142
                                                                                                                                  0x1b39014c
                                                                                                                                  0x1b390162
                                                                                                                                  0x1b390162
                                                                                                                                  0x00000000
                                                                                                                                  0x1b39016d
                                                                                                                                  0x1b39015c
                                                                                                                                  0x00000000
                                                                                                                                  0x1b39015c
                                                                                                                                  0x1b38ffe2
                                                                                                                                  0x1b38ffed
                                                                                                                                  0x1b38fffe
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38fffe
                                                                                                                                  0x1b38ff8d
                                                                                                                                  0x1b38ff95
                                                                                                                                  0x1b38ffaf
                                                                                                                                  0x1b38ffb5
                                                                                                                                  0x1b38ffbb
                                                                                                                                  0x1b38ffbc
                                                                                                                                  0x1b38ffc9
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38ffc9
                                                                                                                                  0x1b38ff9b
                                                                                                                                  0x1b38ffa5
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38ffa5
                                                                                                                                  0x1b38fc88
                                                                                                                                  0x1b38fc95
                                                                                                                                  0x1b38fc9d
                                                                                                                                  0x1b38fca1
                                                                                                                                  0x1b38fca5
                                                                                                                                  0x1b38fca9
                                                                                                                                  0x1b38fcbb
                                                                                                                                  0x1b38fcbc
                                                                                                                                  0x1b38fcc0
                                                                                                                                  0x1b38fcc3
                                                                                                                                  0x1b38fcc4
                                                                                                                                  0x1b38fccc
                                                                                                                                  0x1b38fcd9
                                                                                                                                  0x1b38fce1
                                                                                                                                  0x1b38fce9
                                                                                                                                  0x1b38fcfd
                                                                                                                                  0x1b38fd0a
                                                                                                                                  0x1b38fd0e
                                                                                                                                  0x1b38fd11
                                                                                                                                  0x1b38fd19
                                                                                                                                  0x1b38fd27
                                                                                                                                  0x1b38fd2d
                                                                                                                                  0x1b38fd2e
                                                                                                                                  0x1b38fd2e
                                                                                                                                  0x1b38fd36
                                                                                                                                  0x1b38fd63
                                                                                                                                  0x1b38fd6b
                                                                                                                                  0x1b38fd6d
                                                                                                                                  0x1b38fd71
                                                                                                                                  0x1b38fd79
                                                                                                                                  0x1b38fd7d
                                                                                                                                  0x1b38fd7f
                                                                                                                                  0x1b38fd87
                                                                                                                                  0x1b38fd8f
                                                                                                                                  0x1b38fd97
                                                                                                                                  0x1b38fd9f
                                                                                                                                  0x1b38fda3
                                                                                                                                  0x1b38fdab
                                                                                                                                  0x1b38fdb3
                                                                                                                                  0x1b38fdb6
                                                                                                                                  0x1b38fdbf
                                                                                                                                  0x1b38fdca
                                                                                                                                  0x1b38fdcc
                                                                                                                                  0x1b38fdd4
                                                                                                                                  0x1b38fddc
                                                                                                                                  0x1b38fde4
                                                                                                                                  0x1b38fdef
                                                                                                                                  0x1b38fdf7
                                                                                                                                  0x1b38fdfc
                                                                                                                                  0x1b38fe04
                                                                                                                                  0x1b38fe0c
                                                                                                                                  0x1b38fe13
                                                                                                                                  0x1b38fe16
                                                                                                                                  0x1b38fe17
                                                                                                                                  0x1b38fe1b
                                                                                                                                  0x1b38fe23
                                                                                                                                  0x1b38fe24
                                                                                                                                  0x1b38fe27
                                                                                                                                  0x1b38fe27
                                                                                                                                  0x1b38fe2f
                                                                                                                                  0x1b38fe74
                                                                                                                                  0x1b38fe7c
                                                                                                                                  0x1b38fe92
                                                                                                                                  0x1b38fe94
                                                                                                                                  0x1b38fe9a
                                                                                                                                  0x1b38fea1
                                                                                                                                  0x1b38fea4
                                                                                                                                  0x1b38fea7
                                                                                                                                  0x1b38feab
                                                                                                                                  0x1b38fead
                                                                                                                                  0x1b38feb7
                                                                                                                                  0x1b38febf
                                                                                                                                  0x1b38fecb
                                                                                                                                  0x1b38fecf
                                                                                                                                  0x1b38fed0
                                                                                                                                  0x1b38fed3
                                                                                                                                  0x1b38fed6
                                                                                                                                  0x1b38fed6
                                                                                                                                  0x1b38fee8
                                                                                                                                  0x1b38fee8
                                                                                                                                  0x1b38fef2
                                                                                                                                  0x1b38feff
                                                                                                                                  0x1b38ff04
                                                                                                                                  0x1b38ff0a
                                                                                                                                  0x1b38ff0d
                                                                                                                                  0x1b38ff12
                                                                                                                                  0x1b38ff1a
                                                                                                                                  0x1b38ff1d
                                                                                                                                  0x1b38ff1d
                                                                                                                                  0x1b38ff2a
                                                                                                                                  0x1b38ff2f
                                                                                                                                  0x1b38ff3a
                                                                                                                                  0x1b38ff41
                                                                                                                                  0x1b38ff45
                                                                                                                                  0x1b38ff4d
                                                                                                                                  0x1b38ff50
                                                                                                                                  0x1b38ff52
                                                                                                                                  0x1b38ff57
                                                                                                                                  0x1b38ff57
                                                                                                                                  0x1b38ff5c
                                                                                                                                  0x1b38ff61
                                                                                                                                  0x1b38ff66
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38ff66
                                                                                                                                  0x1b38fe82
                                                                                                                                  0x1b38fe89
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38fe89
                                                                                                                                  0x1b38fe37
                                                                                                                                  0x1b38fe40
                                                                                                                                  0x1b38fe49
                                                                                                                                  0x1b38fe4c
                                                                                                                                  0x1b38fe4d
                                                                                                                                  0x1b38fe54
                                                                                                                                  0x1b38fe56
                                                                                                                                  0x1b38fe59
                                                                                                                                  0x1b38fe5f
                                                                                                                                  0x1b38fe62
                                                                                                                                  0x1b38fe6f
                                                                                                                                  0x1b38fe27
                                                                                                                                  0x1b38fd3c
                                                                                                                                  0x1b38fd45
                                                                                                                                  0x1b38fd48
                                                                                                                                  0x1b38fd4b
                                                                                                                                  0x1b38fd4e
                                                                                                                                  0x1b38fd51
                                                                                                                                  0x1b38fd5e
                                                                                                                                  0x1b38fd2e
                                                                                                                                  0x1b38fabe
                                                                                                                                  0x1b38face
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38fad4
                                                                                                                                  0x1b38fade
                                                                                                                                  0x1b38fae4
                                                                                                                                  0x1b38faeb
                                                                                                                                  0x1b38fb00
                                                                                                                                  0x1b38fb07
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38fb07
                                                                                                                                  0x1b38fafb
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38fafb
                                                                                                                                  0x1b38f83a
                                                                                                                                  0x1b38f847
                                                                                                                                  0x1b38f847
                                                                                                                                  0x1b38f84a
                                                                                                                                  0x1b38f84e
                                                                                                                                  0x1b38f85e
                                                                                                                                  0x1b38f866
                                                                                                                                  0x1b38f870
                                                                                                                                  0x1b38f877
                                                                                                                                  0x1b38f883
                                                                                                                                  0x1b38f888
                                                                                                                                  0x1b38f88f
                                                                                                                                  0x1b38f895
                                                                                                                                  0x1b38f89d
                                                                                                                                  0x1b38f8a6
                                                                                                                                  0x1b38f8ab
                                                                                                                                  0x1b38f8b3
                                                                                                                                  0x1b38f8bd
                                                                                                                                  0x1b38f8bd
                                                                                                                                  0x1b38f8c2
                                                                                                                                  0x1b38f8ca
                                                                                                                                  0x1b38f8cd
                                                                                                                                  0x1b38f8ce
                                                                                                                                  0x1b38f8d1
                                                                                                                                  0x1b38f9ee
                                                                                                                                  0x1b38f9ee
                                                                                                                                  0x1b38f9f6
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f9f6
                                                                                                                                  0x1b38f8d7
                                                                                                                                  0x1b38f8e6
                                                                                                                                  0x1b38f8ee
                                                                                                                                  0x1b38f8f5
                                                                                                                                  0x1b38f907
                                                                                                                                  0x1b38f90b
                                                                                                                                  0x1b38f90e
                                                                                                                                  0x1b38f911
                                                                                                                                  0x1b38f916
                                                                                                                                  0x1b38f91a
                                                                                                                                  0x1b38f923
                                                                                                                                  0x1b38f92b
                                                                                                                                  0x1b38f92f
                                                                                                                                  0x1b38f93a
                                                                                                                                  0x1b38f941
                                                                                                                                  0x1b38f941
                                                                                                                                  0x1b38f949
                                                                                                                                  0x1b38f9d8
                                                                                                                                  0x1b38f9e0
                                                                                                                                  0x1b38f9e5
                                                                                                                                  0x1b38f9e9
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f9e9
                                                                                                                                  0x1b38f94f
                                                                                                                                  0x1b38f955
                                                                                                                                  0x1b38f958
                                                                                                                                  0x1b38f95f
                                                                                                                                  0x1b38f964
                                                                                                                                  0x1b38f96d
                                                                                                                                  0x1b38f9b1
                                                                                                                                  0x1b38f9b5
                                                                                                                                  0x1b38f9b9
                                                                                                                                  0x1b38f9c1
                                                                                                                                  0x1b38f9c4
                                                                                                                                  0x1b38f9cc
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f9cc
                                                                                                                                  0x1b38f973
                                                                                                                                  0x1b38f97b
                                                                                                                                  0x1b38f981
                                                                                                                                  0x1b38f98b
                                                                                                                                  0x1b38f9a1
                                                                                                                                  0x1b38f9a1
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f9ac
                                                                                                                                  0x1b38f99b
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f99b
                                                                                                                                  0x1b38f941
                                                                                                                                  0x1b38f779
                                                                                                                                  0x1b38f77c
                                                                                                                                  0x1b38f782
                                                                                                                                  0x1b38f783
                                                                                                                                  0x1b38f788
                                                                                                                                  0x1b38f78d
                                                                                                                                  0x1b38f792
                                                                                                                                  0x1b38f7a2
                                                                                                                                  0x1b38f7a4
                                                                                                                                  0x1b38f7a6
                                                                                                                                  0x1b38f7ae
                                                                                                                                  0x1b38f7b3
                                                                                                                                  0x1b38f7b6
                                                                                                                                  0x1b38f7c3
                                                                                                                                  0x1b38f7c6
                                                                                                                                  0x1b38f7cb
                                                                                                                                  0x1b38f7cf
                                                                                                                                  0x1b38f7d7
                                                                                                                                  0x1b38f7df
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f7e5
                                                                                                                                  0x1b38f7e8
                                                                                                                                  0x1b38f7fc
                                                                                                                                  0x1b38f7fc
                                                                                                                                  0x1b38f806
                                                                                                                                  0x1b38f81c
                                                                                                                                  0x1b38f81c
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f827
                                                                                                                                  0x1b38f816
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f816
                                                                                                                                  0x1b38f7ee
                                                                                                                                  0x1b38f7f6
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f7f6
                                                                                                                                  0x1b38f2c7
                                                                                                                                  0x1b38f2cf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f2cf
                                                                                                                                  0x1b38f213
                                                                                                                                  0x1b38f21c
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f222
                                                                                                                                  0x1b38f222
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f22f
                                                                                                                                  0x1b38f1b5
                                                                                                                                  0x1b38f1b5
                                                                                                                                  0x1b38f1b5
                                                                                                                                  0x1b38f1be
                                                                                                                                  0x1b38f1cd
                                                                                                                                  0x1b38f1d0
                                                                                                                                  0x1b38f1d3
                                                                                                                                  0x1b38f1d9
                                                                                                                                  0x1b38f1dc
                                                                                                                                  0x1b38f1c4
                                                                                                                                  0x1b38f1c4
                                                                                                                                  0x1b38f1c4
                                                                                                                                  0x1b38f1dd
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38f1b5

                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 1B38F13A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalEnterSection
                                                                                                                                  • String ID: ($($/$;$;$<br />$E$E$This application is protected by DNGuard HVM demo version!$This application is protected by DNGuard HVM demo version!.$Your trial period has expired,<br />please contact your software provider.$\StringFileInfo\000004B0\ProductName$\StringFileInfo\040904B0\ProductName
                                                                                                                                  • API String ID: 1904992153-232889153
                                                                                                                                  • Opcode ID: 20d31534802db7937f546ec0e44aaf09a6ad870e986e68947a91875587b3aa28
                                                                                                                                  • Instruction ID: 35588c3159fd432707b996702edcbf6b02c665e19ac28834ffa104c52da2e6ee
                                                                                                                                  • Opcode Fuzzy Hash: 20d31534802db7937f546ec0e44aaf09a6ad870e986e68947a91875587b3aa28
                                                                                                                                  • Instruction Fuzzy Hash: 79033576708AD1C6D725DB25F4903DEB7A9F389B91F00421ADB9A47B98DB3CC0A4CB41
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B233420 Relevance: 20.0, APIs: 3, Strings: 8, Instructions: 747COMMONCrypto
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 569 1b233420-1b38bb92 576 1b38bb98-1b38bba6 569->576 577 1b38bc15 569->577 576->577 581 1b38bbac-1b38bbb8 576->581 578 1b38bc1b-1b38bc23 577->578 582 1b38bc29-1b38bc71 578->582 583 1b38bee0-1b38bee8 578->583 587 1b38bbbe-1b38bbda 581->587 588 1b38bc01 581->588 589 1b38bcc2-1b38bcdb 582->589 590 1b38bc77-1b38bc84 582->590 591 1b38c0da-1b38c104 583->591 592 1b38beee-1b38bf2e 583->592 614 1b38bbef-1b38bbfc 587->614 615 1b38bbe0-1b38bbea 587->615 593 1b38bc07-1b38bc10 588->593 603 1b38bcef-1b38bd7e call 1b2331f0 589->603 604 1b38bce1-1b38bce9 589->604 595 1b38bc89-1b38bc91 590->595 607 1b38c118-1b38c14b 591->607 608 1b38c10a-1b38c113 591->608 612 1b38bf6e-1b38bf89 592->612 613 1b38bf34-1b38bf3d 592->613 593->578 610 1b38bca5-1b38bcac 595->610 611 1b38bc97-1b38bca0 595->611 616 1b38bd83-1b38bd86 603->616 604->603 604->616 625 1b38c15d-1b38c164 call 1b240a60 607->625 626 1b38c151-1b38c158 call 1b240a60 607->626 617 1b38c169-1b38c175 608->617 623 1b38bcb8-1b38bcbc 610->623 611->623 636 1b38bfa8-1b38bfc2 612->636 637 1b38bf8f-1b38bf98 612->637 632 1b38bf51-1b38bf5c 613->632 633 1b38bf43-1b38bf4c 613->633 614->593 634 1b38c6c8-1b38c72e 615->634 629 1b38bd8c call 1b259280 616->629 630 1b38bd91-1b38bd9a 616->630 641 1b38c4ba-1b38c4f3 MessageBoxA 617->641 642 1b38c17b-1b38c183 617->642 623->589 623->595 625->617 626->617 629->630 651 1b38bda0 call 1b259280 630->651 652 1b38bda5-1b38be1d 630->652 646 1b38bf5f-1b38bf68 632->646 633->646 650 1b38bfc6-1b38c006 636->650 637->636 656 1b38bf9e-1b38bfa3 637->656 667 1b38c4f9-1b38c500 641->667 668 1b38c505-1b38c52b 641->668 642->641 660 1b38c189-1b38c19b 642->660 646->612 646->613 661 1b38c01a call 1b259280 650->661 662 1b38c00c-1b38c014 650->662 651->652 652->634 704 1b38be23-1b38be2b 652->704 656->650 671 1b38c1ae-1b38c1f6 call 1b38c811 660->671 672 1b38c1a1-1b38c1a9 660->672 676 1b38c01f-1b38c02c 661->676 662->661 662->676 677 1b38c55c-1b38c59d 667->677 680 1b38c531-1b38c540 call 1b240a60 668->680 681 1b38c545-1b38c55a call 1b240a60 668->681 682 1b38c1fc-1b38c204 671->682 672->682 685 1b38c06f-1b38c077 676->685 686 1b38c032-1b38c06a 676->686 699 1b38c6b3-1b38c6bd ExitProcess 677->699 700 1b38c5a3-1b38c69f call 1b2314e0 MessageBoxA 677->700 680->677 681->677 682->641 698 1b38c20a-1b38c212 682->698 702 1b38c07d call 1b259280 685->702 703 1b38c082-1b38c087 685->703 686->591 714 1b38c218-1b38c269 698->714 715 1b38c381-1b38c3f6 call 1b257350 698->715 700->699 762 1b38c6a5-1b38c6b0 700->762 702->703 712 1b38c08d call 1b259280 703->712 713 1b38c092-1b38c0a7 703->713 704->634 717 1b38be31-1b38be51 704->717 712->713 719 1b38c0ad call 1b259280 713->719 720 1b38c0b2-1b38c0d5 713->720 714->715 740 1b38c26f-1b38c2ab 714->740 737 1b38c3fa-1b38c446 call 1b259c50 call 1b240e40 715->737 732 1b38be67-1b38be6a 717->732 733 1b38be57-1b38be62 717->733 719->720 720->591 739 1b38be6d-1b38be79 732->739 733->739 772 1b38c44c-1b38c454 737->772 773 1b38c4b2-1b38c4b5 737->773 747 1b38bea8-1b38bec8 739->747 748 1b38be7f-1b38bea3 739->748 750 1b38c2b1-1b38c2b5 740->750 751 1b38c2b7-1b38c2bf 740->751 755 1b38becc-1b38bedb 747->755 748->755 750->751 760 1b38c33b-1b38c37c 751->760 761 1b38c2c5-1b38c2d4 751->761 755->634 760->634 769 1b38c2da-1b38c2f0 761->769 770 1b38c306-1b38c315 761->770 762->699 769->760 778 1b38c2f6-1b38c300 769->778 770->760 776 1b38c31b-1b38c323 770->776 772->773 780 1b38c45a-1b38c4a5 772->780 773->634 776->760 779 1b38c329-1b38c335 776->779 778->760 778->770 779->715 779->760 780->773
                                                                                                                                  C-Code - Quality: 61%
                                                                                                                                  			E1B233420(void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi, signed int __ebp, void* __esp, void* __rax, signed long long __rbx, void* __rcx, signed long long __rdx, long long __rdi, long long __rsi, signed long long __rbp, signed int __r8, long long __r9, signed long long __r12, signed long long __r13, signed int __r14, long long __r15, signed short _a8, intOrPtr _a12, char _a16, long long _a24, void* _a32, signed int* _a40) {
				void* _v8;
				void* _v16;
				void* _v24;
				void* _v32;
				void* _v40;
				void* _v48;
				void* _v56;
				char _v72;
				char _v88;
				long long _v104;
				char _v112;
				long long _v120;
				char _v128;
				long long _v136;
				void* _v144;
				signed long long _v152;
				void _v168;
				char _v184;
				long long _v192;
				signed int _v200;
				signed char _t251;
				signed char _t253;
				signed int _t267;
				signed int _t271;
				intOrPtr _t273;
				signed char _t277;
				signed char _t284;
				signed short _t291;
				signed short _t294;
				signed int _t295;
				void* _t296;
				signed short _t300;
				signed short _t302;
				signed short _t303;
				signed int _t306;
				signed char _t307;
				void* _t315;
				void* _t320;
				signed int _t321;
				signed int _t324;
				signed char _t326;
				signed short _t327;
				signed char _t328;
				signed short _t335;
				signed int _t338;
				signed int _t342;
				signed int _t345;
				signed int _t351;
				signed int _t353;
				void* _t354;
				signed int _t357;
				signed int _t359;
				signed int _t360;
				void* _t361;
				void* _t364;
				signed char* _t366;
				intOrPtr _t368;
				intOrPtr _t369;
				intOrPtr _t372;
				void* _t374;
				signed long long _t375;
				signed long long _t378;
				void* _t379;
				intOrPtr* _t382;
				intOrPtr* _t384;
				long long _t385;
				signed long long _t386;
				signed char* _t387;
				intOrPtr _t389;
				long long _t390;
				char* _t395;
				void* _t397;
				intOrPtr _t398;
				intOrPtr _t401;
				intOrPtr _t403;
				signed long long _t406;
				signed int _t409;
				intOrPtr* _t410;
				intOrPtr* _t411;
				intOrPtr* _t414;
				char* _t422;
				long long* _t427;
				intOrPtr _t428;
				void* _t429;
				intOrPtr* _t435;
				char* _t436;
				signed long long _t439;
				intOrPtr* _t441;
				long long _t442;
				signed int _t447;
				signed int _t450;
				long long _t452;
				intOrPtr* _t453;
				signed int* _t455;
				void* _t457;
				signed long long _t459;
				signed long long _t461;
				void* _t462;
				signed long long _t463;
				intOrPtr _t466;
				signed short _t467;
				void* _t469;
				long long _t473;
				void* _t476;
				signed long long _t478;
				signed long long _t479;
				signed long long _t487;
				void* _t488;
				void* _t489;
				void* _t490;
				signed long long _t491;
				signed long long _t492;
				intOrPtr* _t495;
				signed long long _t496;
				signed long long _t501;

				_t498 = __r14;
				_t496 = __r13;
				_t492 = __r12;
				_t465 = __r8;
				_t461 = __rbp;
				_t386 = __rbx;
				_t354 = __esp;
				_t353 = __ebp;
				_t324 = __edx;
				_t302 = __ecx;
				_a32 = __r9;
				_a24 = __r8;
				asm("rcr al, 0xbe");
				_t364 = _t462;
				_t463 = _t462 - 0xe8;
				asm("clc");
				asm("stc");
				_v136 = 0xfffffffe;
				 *((long long*)(_t364 - 8)) = __rbx;
				asm("stc");
				 *((long long*)(_t364 - 0x10)) = __rsi;
				 *((long long*)(_t364 - 0x18)) = __rdi;
				sil =  ~sil;
				 *((long long*)(_t364 - 0x20)) = __r12;
				asm("inc eax");
				asm("inc eax");
				 *((long long*)(_t364 - 0x28)) = __r13;
				_t351 = r8w;
				 *((long long*)(_t364 - 0x30)) = __r14;
				 *((long long*)(_t364 - 0x38)) = __r15;
				r14w =  <  ? r12w : r14w;
				r15b = r15b << __ecx;
				_t501 = __rdx;
				_t457 = __rcx;
				r14w =  *(__rcx + 0x2bc);
				asm("rcl ch, 0x2f");
				r14d = r14d >> 4;
				_t357 = r14d & r8b;
				r14d = r14d & 0x00000020;
				_t366 =  *((intOrPtr*)(__rdx));
				_t427 =  *__r8;
				r13d = _t366[0x10]();
				asm("xadd bl, bl");
				_t478 =  *((intOrPtr*)(__rcx + 0x390));
				_t17 = _t366 - 1; // -1
				r8d = _t17;
				_t450 = __edx;
				_t342 =  *(_t478 + __r8 * 4);
				asm("bt bx, 0x43");
				asm("stc");
				_t291 = _t342 >> 0x1c;
				r14d = r14d >> 4;
				_a8 = r14d;
				asm("clc");
				asm("bt edi, 0x1f");
				if(_t357 >= 0) {
					L18:
					r12d = 1;
					goto L19;
				} else {
					_t324 =  *(__rcx + 0x74);
					asm("cmc");
					_t359 = _t324;
					if(_t359 == 0) {
						goto L18;
					} else {
						_t360 =  *(__rcx + 0xb4);
						if(_t360 != 0) {
							r12d = 1;
							L16:
							asm("btr edi, 0x1f");
							L19:
							__eflags = _t291 & 0x00000002;
							if(__eflags == 0) {
								__eflags = _t291 & 0x00000004;
								if(__eflags == 0) {
									L98:
									r8w & r10w = r9b & 0x000000c4;
									__eflags = r11w - 0x580f;
									_t294 = ( *(_t457 + 0x1c) ^ _t342) & 0x0fffffff;
									__eflags =  *(_t457 + 0x33c);
									if(__eflags == 0) {
										_t465 =  *((intOrPtr*)(_t457 + 0x348));
										asm("btr dx, 0x8c");
										_t324 = ((_t324 << 0x00000020 | r8w) << 0) - 0xbe;
										_t428 =  *((intOrPtr*)(_t465 + 0x3c));
										_t429 = _t428 + _t465;
										spl & 0x000000e4 =  *((short*)(_t429 + 0x18)) - 0x20b;
										if( *((short*)(_t429 + 0x18)) != 0x20b) {
											_t302 = _t294;
											_t251 = E1B240A60(_t302, _t366, _t429, _t465, _t490);
											L107:
											__eflags =  *(_t457 + 0x340);
											if(__eflags == 0) {
												L157:
												r9d = 0x30;
												_t466 = "DNGuard Runtime Error!";
												_t326 = _t324 ^ r12b;
												_t430 = "This application occurred a problem.";
												asm("cmc");
												__eflags = _t294 - 0x6c;
												_t303 = 0;
												MessageBoxA();
												__eflags =  *(_t457 + 0x33c);
												if(__eflags == 0) {
													_t466 =  *((intOrPtr*)(_t457 + 0x348));
													asm("rol dh, 0xf4");
													__eflags = r11b & 0x000000e4;
													_t430 =  *((intOrPtr*)(_t466 + 0x3c)) + _t466;
													__eflags = r8b & 0x0000008b;
													asm("stc");
													__eflags =  *((short*)( *((intOrPtr*)(_t466 + 0x3c)) + _t466 + 0x18)) - 0x20b;
													if(__eflags != 0) {
														_t303 = _t294;
														_t253 = E1B240A60(_t303, _t366, _t430, _t466, _t490);
														_t387 = _t366;
														dil = dil + 0xbd;
														__eflags = _t253 & _t294;
														L168:
														_t345 =  *(_t457 + 0xb8) & 0xffffff00;
														asm("dec eax");
														r12d =  *(_t457 + 0x2c4);
														_t255 = r12b & 0xffffffff;
														r12d = r12d & 0xffffff00;
														_t368 =  *0x1B291A28;
														__eflags =  *(_t368 + 0xcc);
														if(__eflags == 0) {
															L181:
															ExitProcess();
														}
														asm("lahf");
														_t369 =  *0x1B28FD00;
														 *((intOrPtr*)(_t369 + 0x18))();
														_a16 = _t369 + 0x18;
														asm("inc cx");
														_t479 = (_t487 << 0x00000020 | _t478) >> 0;
														r8w =  >=  ? r8w : r8w;
														asm("dec eax");
														r9d = _t326;
														r9d =  *_t387 & 0x000000ff;
														asm("inc cx");
														r9d = r9d | r12d;
														r8b = __eflags != 0;
														r8d = _t303 & 0x0000ffff;
														_v200 = _t387[1] & 0x000000ff | _t345;
														_t467 = _t303;
														r8d =  *(_t457 + 0x340);
														_t327 = r12w;
														_t227 =  &_a16; // 0xf9
														_t395 = _t227;
														E1B2314E0(_t294, _t387, _t395, "Please send the following information to your software vendor.\nP0:%d, P1:0x%.8X, P2:0x%.8X", _t450, _t457, _t461, _t467, _t479);
														r9d = 0x40;
														asm("stc");
														_t328 = _t327 << _t303;
														asm("dec eax");
														asm("bsr dx, ax");
														_t389 = _a16;
														__eflags = r8w - r12w;
														MessageBoxA();
														_t435 = _t389 - 0x18;
														asm("lock xadd [edx+0x10], eax");
														asm("cmc");
														__eflags = bpl - 2;
														_t255 = 0x1fffffffe;
														_t328 & r14b = 0x1fffffffe;
														if(0x1fffffffe > 0) {
															goto L181;
														}
														_t372 =  *((intOrPtr*)( *_t435));
														_t255 =  *((intOrPtr*)(_t372 + 8))();
														goto L181;
													}
													_t303 = _t294;
													E1B240A60(_t303, _t366, _t430, _t466, _t490);
													_t387 = _t366;
													goto L168;
												}
												_t387 = _t386 +  *((intOrPtr*)(_t457 + 0x348));
												goto L168;
											}
											__eflags =  *_t366 - 0xfe;
											if(__eflags != 0) {
												goto L157;
											}
											r9d = _t366[1] & 0x000000ff;
											__eflags = _t353 - 0x627d;
											__eflags = r9b;
											if(__eflags >= 0) {
												r8d = _t366[2];
												asm("inc sp");
												_t306 = _t302 + sil;
												_t469 = _t465 +  *((intOrPtr*)(_t457 + 0x380));
												_t324 =  >=  ? r14w : _t342 & 0x0000ffff;
												_t130 =  &_v168; // 0x41
												_t436 = _t130;
												asm("bswap ecx");
												_t302 = _t306 & 0xffffff00 | __eflags <= 0x00000000;
												_t397 = _t457;
												_t251 = E1B38C811(_t294, _t302, _t324, _t342, _t351, _t353, _t354, _t366, _t386, _t397, _t436, _t450, _t457, _t469, _t487, _t490, _t492, _t496, _t498, _t501);
												r13d = 0;
												__eflags = _t366 - 0x2be5662f;
												__eflags = _t251;
												_t496 =  !=  ? _v168 : _t496;
												L119:
												__eflags = _t496;
												if(__eflags == 0) {
													goto L157;
												}
												__eflags = r14d;
												if(__eflags == 0) {
													L143:
													_t398 = _a24;
													_t452 =  *((intOrPtr*)(_t398 + 0x10));
													_t295 =  *((intOrPtr*)(_t398 + 0x18));
													_t488 =  *_t501;
													__eflags = _t324 - r15b;
													__eflags =  *(_t457 + 0x1c);
													asm("cdq");
													r8w = _t295;
													_v184 = _t251 & 0xffffff00 | __eflags == 0x00000000;
													_t373 = _a40;
													asm("inc cx");
													_v192 = _a40;
													_v200 = _a32;
													asm("dec eax");
													_t267 =  *((intOrPtr*)(_t488 + 8))();
													r12d = _t267;
													asm("bswap ecx");
													_t307 = r15b;
													_a8 = _t267;
													_t401 =  *((intOrPtr*)(_t496 + 0x10));
													L1B259C50(_t373, _t401);
													L1B240E40(_t373, _t496);
													_t403 = _a24;
													__eflags = _t307 & _t307;
													 *((long long*)(_t403 + 0x10)) = _t452;
													 *((intOrPtr*)(_t403 + 0x18)) = _t295;
													__eflags = spl & 0x0000001e;
													asm("stc");
													__eflags =  *(_t457 + 0x2c4);
													if(__eflags == 0) {
														L156:
														_t255 = r12d;
														L183:
														asm("inc ecx");
														asm("dec ecx");
														r13w = r13w ^ 0x0000527e;
														asm("clc");
														r14b = 0xc5;
														r15w = r15w - r12w;
														r15d = r15d & 0x60227aca;
														asm("inc ecx");
														asm("clc");
														return _t255;
													}
													__eflags = r14d;
													if(__eflags == 0) {
														goto L156;
													}
													_v152 = 0;
													asm("dec eax");
													_a24 = 0;
													_t374 =  *_t501;
													asm("bswap ecx");
													 *((intOrPtr*)(_t374 + 0x60))();
													goto L156;
												}
												_t271 =  *0x1B291908;
												asm("rcr cl, 0x57");
												__eflags = _t271;
												_t272 =  ==  ? r12d : _t271;
												_t302 = r14w & 0xffffffff;
												 *0x1B291908 =  ==  ? r12d : _t271;
												_t375 =  *_t501;
												_t406 = _t501;
												_t251 =  *((intOrPtr*)(_t375 + 0x68))();
												_t491 = _t375;
												asm("dec eax");
												asm("inc ecx");
												asm("rcl dl, cl");
												_t439 =  *((intOrPtr*)(_t375 + 0x40));
												asm("stc");
												__eflags = r11b & _t251;
												__eflags = _t439;
												if(__eflags == 0) {
													goto L143;
												}
												_t273 =  *((intOrPtr*)(_t375 + 0x58));
												asm("dec eax");
												r8w & _t353 = _t353 - 0x8715dc6;
												asm("cmc");
												asm("ror ch, cl");
												_t378 = _t375 ^ _t406 ^ _t406 ^ _t439;
												_t302 =  *(_t491 + 0x60);
												asm("clc");
												_t496 & _t492 = r15b - r8b;
												__eflags =  *_t378 - _t302;
												if(__eflags != 0) {
													_t378 =  *((intOrPtr*)(_t491 + 0x18));
													__eflags = _t324 - _t273;
												}
												__eflags = _t378 - _t439;
												if(__eflags != 0) {
													L141:
													_t379 =  *_t501;
													asm("dec eax");
													asm("cwd");
													asm("dec eax");
													asm("bswap edx");
													_t315 =  !=  ? r12d : 0x3d6f5440;
													_t255 =  *((intOrPtr*)(_t379 + 0x60))();
													goto L183;
												}
												_t441 =  *((intOrPtr*)(_t491 + 0x68));
												__eflags = dil - _t302;
												__eflags = _t441;
												if(__eflags == 0) {
													L137:
													_t409 =  *((intOrPtr*)(_t491 + 0x88));
													asm("stc");
													_t302 & r9w = _t409;
													if(_t409 == 0) {
														goto L141;
													}
													__eflags =  *((intOrPtr*)(_t409 + 0x10)) -  *((intOrPtr*)(_t491 + 0x10));
													if( *((intOrPtr*)(_t409 + 0x10)) !=  *((intOrPtr*)(_t491 + 0x10))) {
														goto L141;
													}
													_t251 =  *(_t491 + 8);
													__eflags =  *((intOrPtr*)(_t409 + 8)) - _t251;
													if(__eflags == 0) {
														goto L143;
													}
													goto L141;
												}
												asm("cmc");
												_t302 =  *( *(_t491 + 0x78));
												__eflags =  *((intOrPtr*)(_t491 + 0x70)) - _t302;
												if( *((intOrPtr*)(_t491 + 0x70)) != _t302) {
													goto L141;
												}
												asm("stc");
												__eflags =  *((intOrPtr*)(_t491 + 0x80)) -  *_t441;
												if( *((intOrPtr*)(_t491 + 0x80)) !=  *_t441) {
													goto L141;
												}
												goto L137;
											}
											r13d = 0;
											goto L119;
										}
										_t302 = _t294;
										_t251 = E1B240A60(_t302, _t366, _t429, _t465, _t490);
										goto L107;
									}
									_t251 = _t294;
									_t366 =  &(_t366[ *((intOrPtr*)(_t457 + 0x348))]);
									goto L107;
								}
								 *(_t457 + 0x1c) =  *(_t457 + 0x1c) ^ r13d;
								r8b = r8b - 1;
								r8b = r8b + 0x10;
								_t442 = _t457 + 0x368;
								_t473 =  *((intOrPtr*)(_t442 + 8));
								asm("ror ch, cl");
								_t277 = (_t291 & 0x0000ffff) - r15w >> _t302;
								_t382 =  *((intOrPtr*)(_t473 + 8));
								_t410 = _t473;
								__eflags = r12b & 0x000000ad;
								__eflags =  *((char*)(_t382 + 0x21));
								if(__eflags != 0) {
									L75:
									_v120 = _t410;
									_v128 = _t442;
									__eflags = _t410 - _t473;
									if(__eflags == 0) {
										L81:
										_v104 = _t473;
										r12d = _t324;
										_v112 = _t442;
										_t89 =  &_v112; // 0x79
										_t411 = _t89;
										asm("rcl al, cl");
										asm("inc ecx");
										r14w = _t342;
										L82:
										_t90 =  &_v152; // 0x51
										_t465 = _t90;
										 *_t465 =  *_t411;
										asm("sbb ah, 0xac");
										_t366 =  *((intOrPtr*)(_t411 + 8));
										r12b = r12b ^ _t277;
										r12d = r12d & 0x6f686ebf;
										r14b = r14b << 0xaa;
										 *(_t465 + 8) = _t366;
										r12b = r12b >> _t302;
										_t498 =  *((intOrPtr*)(_t442 + 8));
										__eflags = spl - 0x7d;
										asm("inc ecx");
										_t492 = _v152;
										__eflags = _t492;
										if(__eflags == 0) {
											L86:
											E1B259280(_t366, _t442, _t465);
											L87:
											_t386 = _v144;
											__eflags = _t386 - _t498;
											if(_t386 != _t498) {
												__eflags = _t492;
												if(__eflags == 0) {
													E1B259280(_t366, _t442, _t465);
												}
												__eflags = _t386 -  *((intOrPtr*)(_t492 + 8));
												if(_t386 ==  *((intOrPtr*)(_t492 + 8))) {
													E1B259280(_t366, _t442, _t465);
												}
												asm("cmc");
												 *(_t457 + 0x1c) =  *(_t457 + 0x1c) ^  *(_t386 + 0x18);
												__eflags = r10b & 0x000000ae;
												asm("stc");
												r9b - 0x8f = _t386 -  *((intOrPtr*)(_t492 + 8));
												if(_t386 ==  *((intOrPtr*)(_t492 + 8))) {
													E1B259280(_t366, _t442, _t465);
												}
												_t342 = _t342 ^  *(_t386 + 0x1c);
												__eflags = _t498;
												r14w =  !r14w;
												r12d = 1;
												r14d = _a8;
												asm("rol bl, 0x84");
												_t386 = r12w & 0xffffffff;
												_t296 =  !=  ? r12w : _t291;
												goto L98;
											}
											asm("inc cx");
											__eflags = _t302 - 0xb8;
											 *(_t457 + 0x1c) =  *(_t457 + 0x1c) ^  *(_t457 + 0xb8);
											asm("inc ecx");
											_t342 = _t342 ^ r13d;
											r14w = r14b & 0xffffffff;
											r14d = r15w;
											r12d = 1;
											r14w = bpl;
											r14w = _t353;
											r14d = _a8;
											goto L98;
										}
										__eflags = _t492 - _t442;
										if(__eflags == 0) {
											goto L87;
										}
										goto L86;
									}
									__eflags = r13d -  *((intOrPtr*)(_t410 + 0x18));
									if(__eflags < 0) {
										goto L81;
									}
									_t86 =  &_v128; // 0x69
									_t411 = _t86;
									goto L82;
								} else {
									goto L67;
								}
								do {
									L67:
									__eflags =  *((intOrPtr*)(_t382 + 0x18)) - r13d;
									if(__eflags >= 0) {
										_t410 = _t382;
										_t382 =  *_t382;
										__eflags = r13b - sil;
										L73:
										__eflags =  *((char*)(_t382 + 0x21));
										goto L74;
									}
									_t382 =  *((intOrPtr*)(_t382 + 0x10));
									goto L73;
									L74:
								} while (__eflags == 0);
								goto L75;
							}
							asm("lahf");
							asm("rcl eax, 0x8");
							dil = dil - 1;
							_t300 = ( *(_t457 + 0x1c) ^ _t342 ^ r13d) & 0x0fffffff;
							_t459 = _t457 + 0x368;
							asm("inc cx");
							_t414 =  *((intOrPtr*)(_t459 + 8));
							_t384 =  *((intOrPtr*)(_t414 + 8));
							_t453 = _t414;
							__eflags =  *((char*)(_t384 + 0x21));
							if(__eflags != 0) {
								L30:
								_v144 = _t453;
								__eflags = _t302 - 0xb4;
								asm("clc");
								_v152 = _t459;
								asm("stc");
								asm("clc");
								asm("cmc");
								__eflags = _t453 - _t414;
								if(__eflags == 0) {
									L34:
									asm("movaps xmm0, [esp+0x50]");
									asm("movdqa [esp+0x90], xmm0");
									_a8 = _t300;
									_a12 = 0;
									_t40 =  &_a8; // 0xf1
									_t335 = _t300 & 0x0000ffff;
									asm("dec eax");
									_t41 =  &_v88; // 0x91
									_t465 = _t41;
									asm("bswap edx");
									_t43 =  &_v72; // 0xa1
									_t284 = E1B2331F0(r10b & 0xffffffff, _t335, _t384, _t386, _t459, _t43, _t453, _t459, _t41, _t40, _t492, _t496);
									_t45 =  &_v152; // 0x51
									_t427 = _t45;
									_t302 = _t284 & 0x000000ff;
									asm("sbb esi, 0xc1244b2");
									 *_t427 =  *_t384;
									_t335 & 0x00004969 = _t459 | _t461;
									 *((long long*)(_t427 + 8)) = _t384;
									_t453 = _v144;
									asm("inc esp");
									_t459 = _v152;
									L36:
									__eflags = _t459;
									if(_t459 == 0) {
										E1B259280(_t384, _t427, _t465);
									}
									__eflags = _t453 -  *((intOrPtr*)(_t459 + 8));
									if(__eflags == 0) {
										E1B259280(_t384, _t427, _t465);
									}
									 *(_t453 + 0x1c) = r13d;
									_t385 =  *_t501;
									asm("cdq");
									 *((intOrPtr*)(_t385 + 0x18))();
									_t390 = _t385;
									asm("cdq");
									r9d = _t300;
									_t489 =  *_t501;
									r8b = dil;
									dil = r8b;
									_t455 = _a40;
									_t495 = _a32;
									_t320 = _t354;
									_t338 = r14w & 0xffffffff;
									_t255 =  *((intOrPtr*)(_t489 + 0x60))();
									_t422 =  *_t495;
									__eflags = r11w - 0x32d1;
									asm("stc");
									__eflags = _t422;
									if(__eflags == 0) {
										goto L183;
									}
									__eflags =  *_t455;
									if(__eflags == 0) {
										goto L183;
									}
									asm("dec ecx");
									asm("inc ecx");
									r8d = r8d >> 0x26;
									_t476 = _t422 + 5;
									__eflags = _t476 - _t390;
									if(__eflags <= 0) {
										_t447 = _t390 - _t476;
										__eflags = _t447;
										L53:
										__eflags = _t447 - 0x7fff0000;
										if(__eflags > 0) {
											 *_t422 = 0xff;
											 *((char*)(_t422 + 1)) = 0x25;
											 *((intOrPtr*)(_t422 + 2)) = 0;
											asm("stc");
											__eflags = _t338 - 0x48;
											asm("cmc");
											 *((long long*)(_t422 + 6)) = _t390;
											__eflags = r15d - _t353;
											__eflags = _t422 + 0xe;
											L59:
											_t321 = _t320 - r9d;
											 *_t455 = _t321;
											goto L183;
										}
										 *_t422 = 0xe9;
										asm("cmc");
										r12d - r15d = _t463 & 0x19cf1d7d;
										 *((intOrPtr*)(_t422 + 1)) = _t300 - r8d;
										asm("stc");
										r15b - r13b = _t338 - 0xf2;
										goto L59;
									}
									_t447 = _t476 - _t390;
									goto L53;
								}
								__eflags = _t300 -  *((intOrPtr*)(_t453 + 0x18));
								if(__eflags >= 0) {
									goto L36;
								}
								goto L34;
							}
							__eflags = _t300 - 0x174f3d35;
							asm("clc");
							asm("cmc");
							do {
								__eflags =  *((intOrPtr*)(_t384 + 0x18)) - _t300;
								if(__eflags >= 0) {
									_t453 = _t384;
									asm("stc");
									_t384 =  *_t384;
									goto L29;
								}
								_t384 =  *((intOrPtr*)(_t384 + 0x10));
								L29:
								__eflags =  *((char*)(_t384 + 0x21));
							} while ( *((char*)(_t384 + 0x21)) == 0);
							goto L30;
						}
						_t366 =  *((intOrPtr*)(__rdx));
						_t302 = dil;
						_t361 = _t366[0x58]();
						if(_t361 != 0) {
							r12d = 1;
							 *(__rcx + 0xb4) = r12d;
							goto L16;
						}
						_t255 = 0x80000001;
						goto L183;
					}
				}
			}






















































































































                                                                                                                                  0x1b233420
                                                                                                                                  0x1b233420
                                                                                                                                  0x1b233420
                                                                                                                                  0x1b233420
                                                                                                                                  0x1b233420
                                                                                                                                  0x1b233420
                                                                                                                                  0x1b233420
                                                                                                                                  0x1b233420
                                                                                                                                  0x1b233420
                                                                                                                                  0x1b233420
                                                                                                                                  0x1b38ba94
                                                                                                                                  0x1b38ba99
                                                                                                                                  0x1b38baa1
                                                                                                                                  0x1b38baa9
                                                                                                                                  0x1b38bab0
                                                                                                                                  0x1b38bab7
                                                                                                                                  0x1b38bab8
                                                                                                                                  0x1b38bab9
                                                                                                                                  0x1b38bac2
                                                                                                                                  0x1b38bac6
                                                                                                                                  0x1b38bace
                                                                                                                                  0x1b38bad9
                                                                                                                                  0x1b38badd
                                                                                                                                  0x1b38bae0
                                                                                                                                  0x1b38bae4
                                                                                                                                  0x1b38bae7
                                                                                                                                  0x1b38baee
                                                                                                                                  0x1b38baf2
                                                                                                                                  0x1b38baf5
                                                                                                                                  0x1b38baf9
                                                                                                                                  0x1b38bafd
                                                                                                                                  0x1b38bb02
                                                                                                                                  0x1b38bb07
                                                                                                                                  0x1b38bb0a
                                                                                                                                  0x1b38bb12
                                                                                                                                  0x1b38bb1d
                                                                                                                                  0x1b38bb20
                                                                                                                                  0x1b38bb24
                                                                                                                                  0x1b38bb2b
                                                                                                                                  0x1b38bb33
                                                                                                                                  0x1b38bb3e
                                                                                                                                  0x1b38bb4c
                                                                                                                                  0x1b38bb53
                                                                                                                                  0x1b38bb56
                                                                                                                                  0x1b38bb5d
                                                                                                                                  0x1b38bb5d
                                                                                                                                  0x1b38bb61
                                                                                                                                  0x1b38bb6c
                                                                                                                                  0x1b38bb70
                                                                                                                                  0x1b38bb77
                                                                                                                                  0x1b38bb78
                                                                                                                                  0x1b38bb7b
                                                                                                                                  0x1b38bb85
                                                                                                                                  0x1b38bb8d
                                                                                                                                  0x1b38bb8e
                                                                                                                                  0x1b38bb92
                                                                                                                                  0x1b38bc15
                                                                                                                                  0x1b38bc15
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38bb98
                                                                                                                                  0x1b38bb98
                                                                                                                                  0x1b38bb9b
                                                                                                                                  0x1b38bb9f
                                                                                                                                  0x1b38bba6
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38bbac
                                                                                                                                  0x1b38bbac
                                                                                                                                  0x1b38bbb8
                                                                                                                                  0x1b38bc01
                                                                                                                                  0x1b38bc07
                                                                                                                                  0x1b38bc07
                                                                                                                                  0x1b38bc1b
                                                                                                                                  0x1b38bc1b
                                                                                                                                  0x1b38bc23
                                                                                                                                  0x1b38bee0
                                                                                                                                  0x1b38bee8
                                                                                                                                  0x1b38c0da
                                                                                                                                  0x1b38c0e3
                                                                                                                                  0x1b38c0e7
                                                                                                                                  0x1b38c0ed
                                                                                                                                  0x1b38c0f8
                                                                                                                                  0x1b38c104
                                                                                                                                  0x1b38c118
                                                                                                                                  0x1b38c125
                                                                                                                                  0x1b38c12a
                                                                                                                                  0x1b38c12d
                                                                                                                                  0x1b38c13d
                                                                                                                                  0x1b38c145
                                                                                                                                  0x1b38c14b
                                                                                                                                  0x1b38c15d
                                                                                                                                  0x1b38c164
                                                                                                                                  0x1b38c169
                                                                                                                                  0x1b38c169
                                                                                                                                  0x1b38c175
                                                                                                                                  0x1b38c4ba
                                                                                                                                  0x1b38c4ba
                                                                                                                                  0x1b38c4c0
                                                                                                                                  0x1b38c4c7
                                                                                                                                  0x1b38c4ca
                                                                                                                                  0x1b38c4d1
                                                                                                                                  0x1b38c4d2
                                                                                                                                  0x1b38c4da
                                                                                                                                  0x1b38c4e1
                                                                                                                                  0x1b38c4e7
                                                                                                                                  0x1b38c4f3
                                                                                                                                  0x1b38c505
                                                                                                                                  0x1b38c50c
                                                                                                                                  0x1b38c513
                                                                                                                                  0x1b38c517
                                                                                                                                  0x1b38c51b
                                                                                                                                  0x1b38c51f
                                                                                                                                  0x1b38c520
                                                                                                                                  0x1b38c52b
                                                                                                                                  0x1b38c545
                                                                                                                                  0x1b38c54c
                                                                                                                                  0x1b38c551
                                                                                                                                  0x1b38c556
                                                                                                                                  0x1b38c55a
                                                                                                                                  0x1b38c55c
                                                                                                                                  0x1b38c562
                                                                                                                                  0x1b38c568
                                                                                                                                  0x1b38c56b
                                                                                                                                  0x1b38c575
                                                                                                                                  0x1b38c57a
                                                                                                                                  0x1b38c581
                                                                                                                                  0x1b38c591
                                                                                                                                  0x1b38c59d
                                                                                                                                  0x1b38c6b3
                                                                                                                                  0x1b38c6bd
                                                                                                                                  0x1b38c6bd
                                                                                                                                  0x1b38c5ad
                                                                                                                                  0x1b38c5b1
                                                                                                                                  0x1b38c5bd
                                                                                                                                  0x1b38c5c4
                                                                                                                                  0x1b38c5cc
                                                                                                                                  0x1b38c5d1
                                                                                                                                  0x1b38c5d6
                                                                                                                                  0x1b38c5df
                                                                                                                                  0x1b38c5e3
                                                                                                                                  0x1b38c5ec
                                                                                                                                  0x1b38c5f0
                                                                                                                                  0x1b38c5f5
                                                                                                                                  0x1b38c5f8
                                                                                                                                  0x1b38c5fc
                                                                                                                                  0x1b38c600
                                                                                                                                  0x1b38c604
                                                                                                                                  0x1b38c611
                                                                                                                                  0x1b38c618
                                                                                                                                  0x1b38c626
                                                                                                                                  0x1b38c626
                                                                                                                                  0x1b38c633
                                                                                                                                  0x1b38c638
                                                                                                                                  0x1b38c63e
                                                                                                                                  0x1b38c63f
                                                                                                                                  0x1b38c649
                                                                                                                                  0x1b38c64d
                                                                                                                                  0x1b38c651
                                                                                                                                  0x1b38c65c
                                                                                                                                  0x1b38c66c
                                                                                                                                  0x1b38c673
                                                                                                                                  0x1b38c688
                                                                                                                                  0x1b38c68d
                                                                                                                                  0x1b38c68e
                                                                                                                                  0x1b38c692
                                                                                                                                  0x1b38c698
                                                                                                                                  0x1b38c69f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c6a8
                                                                                                                                  0x1b38c6b0
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c6b0
                                                                                                                                  0x1b38c531
                                                                                                                                  0x1b38c533
                                                                                                                                  0x1b38c538
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c540
                                                                                                                                  0x1b38c4f9
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c4f9
                                                                                                                                  0x1b38c17b
                                                                                                                                  0x1b38c183
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c189
                                                                                                                                  0x1b38c18e
                                                                                                                                  0x1b38c193
                                                                                                                                  0x1b38c19b
                                                                                                                                  0x1b38c1ae
                                                                                                                                  0x1b38c1b2
                                                                                                                                  0x1b38c1b7
                                                                                                                                  0x1b38c1ba
                                                                                                                                  0x1b38c1c4
                                                                                                                                  0x1b38c1ce
                                                                                                                                  0x1b38c1ce
                                                                                                                                  0x1b38c1d3
                                                                                                                                  0x1b38c1d5
                                                                                                                                  0x1b38c1d8
                                                                                                                                  0x1b38c1e0
                                                                                                                                  0x1b38c1e5
                                                                                                                                  0x1b38c1e8
                                                                                                                                  0x1b38c1f4
                                                                                                                                  0x1b38c1f6
                                                                                                                                  0x1b38c1fc
                                                                                                                                  0x1b38c1fc
                                                                                                                                  0x1b38c204
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c20a
                                                                                                                                  0x1b38c212
                                                                                                                                  0x1b38c381
                                                                                                                                  0x1b38c381
                                                                                                                                  0x1b38c389
                                                                                                                                  0x1b38c38d
                                                                                                                                  0x1b38c390
                                                                                                                                  0x1b38c393
                                                                                                                                  0x1b38c396
                                                                                                                                  0x1b38c39a
                                                                                                                                  0x1b38c3a3
                                                                                                                                  0x1b38c3a8
                                                                                                                                  0x1b38c3b7
                                                                                                                                  0x1b38c3bf
                                                                                                                                  0x1b38c3c3
                                                                                                                                  0x1b38c3d0
                                                                                                                                  0x1b38c3d8
                                                                                                                                  0x1b38c3f6
                                                                                                                                  0x1b38c3fa
                                                                                                                                  0x1b38c3fd
                                                                                                                                  0x1b38c3ff
                                                                                                                                  0x1b38c402
                                                                                                                                  0x1b38c409
                                                                                                                                  0x1b38c412
                                                                                                                                  0x1b38c41a
                                                                                                                                  0x1b38c41f
                                                                                                                                  0x1b38c427
                                                                                                                                  0x1b38c429
                                                                                                                                  0x1b38c432
                                                                                                                                  0x1b38c435
                                                                                                                                  0x1b38c439
                                                                                                                                  0x1b38c43a
                                                                                                                                  0x1b38c446
                                                                                                                                  0x1b38c4b2
                                                                                                                                  0x1b38c4b2
                                                                                                                                  0x1b38c6c8
                                                                                                                                  0x1b38c6e0
                                                                                                                                  0x1b38c6ed
                                                                                                                                  0x1b38c6f0
                                                                                                                                  0x1b38c6f6
                                                                                                                                  0x1b38c6ff
                                                                                                                                  0x1b38c702
                                                                                                                                  0x1b38c70e
                                                                                                                                  0x1b38c715
                                                                                                                                  0x1b38c721
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c722
                                                                                                                                  0x1b38c44c
                                                                                                                                  0x1b38c454
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c45a
                                                                                                                                  0x1b38c463
                                                                                                                                  0x1b38c465
                                                                                                                                  0x1b38c47c
                                                                                                                                  0x1b38c491
                                                                                                                                  0x1b38c49c
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c4a5
                                                                                                                                  0x1b38c218
                                                                                                                                  0x1b38c21e
                                                                                                                                  0x1b38c221
                                                                                                                                  0x1b38c22b
                                                                                                                                  0x1b38c22f
                                                                                                                                  0x1b38c233
                                                                                                                                  0x1b38c239
                                                                                                                                  0x1b38c23c
                                                                                                                                  0x1b38c244
                                                                                                                                  0x1b38c247
                                                                                                                                  0x1b38c24a
                                                                                                                                  0x1b38c24f
                                                                                                                                  0x1b38c252
                                                                                                                                  0x1b38c254
                                                                                                                                  0x1b38c258
                                                                                                                                  0x1b38c259
                                                                                                                                  0x1b38c261
                                                                                                                                  0x1b38c269
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c26f
                                                                                                                                  0x1b38c272
                                                                                                                                  0x1b38c282
                                                                                                                                  0x1b38c28e
                                                                                                                                  0x1b38c28f
                                                                                                                                  0x1b38c296
                                                                                                                                  0x1b38c299
                                                                                                                                  0x1b38c29d
                                                                                                                                  0x1b38c2a1
                                                                                                                                  0x1b38c2a4
                                                                                                                                  0x1b38c2ab
                                                                                                                                  0x1b38c2b1
                                                                                                                                  0x1b38c2b5
                                                                                                                                  0x1b38c2b5
                                                                                                                                  0x1b38c2b7
                                                                                                                                  0x1b38c2bf
                                                                                                                                  0x1b38c33b
                                                                                                                                  0x1b38c33b
                                                                                                                                  0x1b38c33e
                                                                                                                                  0x1b38c343
                                                                                                                                  0x1b38c351
                                                                                                                                  0x1b38c353
                                                                                                                                  0x1b38c36d
                                                                                                                                  0x1b38c379
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c379
                                                                                                                                  0x1b38c2c5
                                                                                                                                  0x1b38c2c9
                                                                                                                                  0x1b38c2cc
                                                                                                                                  0x1b38c2d4
                                                                                                                                  0x1b38c306
                                                                                                                                  0x1b38c306
                                                                                                                                  0x1b38c30d
                                                                                                                                  0x1b38c312
                                                                                                                                  0x1b38c315
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c31f
                                                                                                                                  0x1b38c323
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c329
                                                                                                                                  0x1b38c32d
                                                                                                                                  0x1b38c335
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c335
                                                                                                                                  0x1b38c2e0
                                                                                                                                  0x1b38c2e1
                                                                                                                                  0x1b38c2ec
                                                                                                                                  0x1b38c2f0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c2f8
                                                                                                                                  0x1b38c2f9
                                                                                                                                  0x1b38c300
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c300
                                                                                                                                  0x1b38c1a1
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c1a9
                                                                                                                                  0x1b38c151
                                                                                                                                  0x1b38c153
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c153
                                                                                                                                  0x1b38c10a
                                                                                                                                  0x1b38c10c
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c10c
                                                                                                                                  0x1b38beee
                                                                                                                                  0x1b38bef2
                                                                                                                                  0x1b38bef5
                                                                                                                                  0x1b38bef9
                                                                                                                                  0x1b38bf06
                                                                                                                                  0x1b38bf0a
                                                                                                                                  0x1b38bf10
                                                                                                                                  0x1b38bf12
                                                                                                                                  0x1b38bf16
                                                                                                                                  0x1b38bf19
                                                                                                                                  0x1b38bf25
                                                                                                                                  0x1b38bf2e
                                                                                                                                  0x1b38bf6e
                                                                                                                                  0x1b38bf6e
                                                                                                                                  0x1b38bf7c
                                                                                                                                  0x1b38bf81
                                                                                                                                  0x1b38bf89
                                                                                                                                  0x1b38bfa8
                                                                                                                                  0x1b38bfa8
                                                                                                                                  0x1b38bfb0
                                                                                                                                  0x1b38bfb3
                                                                                                                                  0x1b38bfb8
                                                                                                                                  0x1b38bfb8
                                                                                                                                  0x1b38bfbd
                                                                                                                                  0x1b38bfbf
                                                                                                                                  0x1b38bfc2
                                                                                                                                  0x1b38bfc6
                                                                                                                                  0x1b38bfc6
                                                                                                                                  0x1b38bfc6
                                                                                                                                  0x1b38bfce
                                                                                                                                  0x1b38bfd1
                                                                                                                                  0x1b38bfd4
                                                                                                                                  0x1b38bfd8
                                                                                                                                  0x1b38bfdb
                                                                                                                                  0x1b38bfe2
                                                                                                                                  0x1b38bfe6
                                                                                                                                  0x1b38bfea
                                                                                                                                  0x1b38bfed
                                                                                                                                  0x1b38bff1
                                                                                                                                  0x1b38bff5
                                                                                                                                  0x1b38bff9
                                                                                                                                  0x1b38bffe
                                                                                                                                  0x1b38c006
                                                                                                                                  0x1b38c01a
                                                                                                                                  0x1b38c01a
                                                                                                                                  0x1b38c01f
                                                                                                                                  0x1b38c01f
                                                                                                                                  0x1b38c029
                                                                                                                                  0x1b38c02c
                                                                                                                                  0x1b38c06f
                                                                                                                                  0x1b38c077
                                                                                                                                  0x1b38c07d
                                                                                                                                  0x1b38c07d
                                                                                                                                  0x1b38c082
                                                                                                                                  0x1b38c087
                                                                                                                                  0x1b38c08d
                                                                                                                                  0x1b38c08d
                                                                                                                                  0x1b38c095
                                                                                                                                  0x1b38c096
                                                                                                                                  0x1b38c099
                                                                                                                                  0x1b38c09d
                                                                                                                                  0x1b38c0a2
                                                                                                                                  0x1b38c0a7
                                                                                                                                  0x1b38c0ad
                                                                                                                                  0x1b38c0ad
                                                                                                                                  0x1b38c0b2
                                                                                                                                  0x1b38c0b5
                                                                                                                                  0x1b38c0bc
                                                                                                                                  0x1b38c0c0
                                                                                                                                  0x1b38c0c6
                                                                                                                                  0x1b38c0ce
                                                                                                                                  0x1b38c0d1
                                                                                                                                  0x1b38c0d5
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c0d5
                                                                                                                                  0x1b38c038
                                                                                                                                  0x1b38c03d
                                                                                                                                  0x1b38c040
                                                                                                                                  0x1b38c043
                                                                                                                                  0x1b38c047
                                                                                                                                  0x1b38c04a
                                                                                                                                  0x1b38c04f
                                                                                                                                  0x1b38c053
                                                                                                                                  0x1b38c059
                                                                                                                                  0x1b38c05e
                                                                                                                                  0x1b38c062
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c062
                                                                                                                                  0x1b38c00c
                                                                                                                                  0x1b38c014
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38c014
                                                                                                                                  0x1b38bf8f
                                                                                                                                  0x1b38bf98
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38bf9e
                                                                                                                                  0x1b38bf9e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38bf34
                                                                                                                                  0x1b38bf34
                                                                                                                                  0x1b38bf34
                                                                                                                                  0x1b38bf3d
                                                                                                                                  0x1b38bf51
                                                                                                                                  0x1b38bf59
                                                                                                                                  0x1b38bf5c
                                                                                                                                  0x1b38bf5f
                                                                                                                                  0x1b38bf5f
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38bf5f
                                                                                                                                  0x1b38bf43
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38bf68
                                                                                                                                  0x1b38bf68
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38bf34
                                                                                                                                  0x1b38bc2c
                                                                                                                                  0x1b38bc2f
                                                                                                                                  0x1b38bc35
                                                                                                                                  0x1b38bc38
                                                                                                                                  0x1b38bc44
                                                                                                                                  0x1b38bc4b
                                                                                                                                  0x1b38bc57
                                                                                                                                  0x1b38bc5b
                                                                                                                                  0x1b38bc65
                                                                                                                                  0x1b38bc68
                                                                                                                                  0x1b38bc71
                                                                                                                                  0x1b38bcc2
                                                                                                                                  0x1b38bcc2
                                                                                                                                  0x1b38bcc7
                                                                                                                                  0x1b38bcca
                                                                                                                                  0x1b38bccb
                                                                                                                                  0x1b38bcd0
                                                                                                                                  0x1b38bcd1
                                                                                                                                  0x1b38bcd2
                                                                                                                                  0x1b38bcd3
                                                                                                                                  0x1b38bcdb
                                                                                                                                  0x1b38bcef
                                                                                                                                  0x1b38bcef
                                                                                                                                  0x1b38bcf4
                                                                                                                                  0x1b38bcfd
                                                                                                                                  0x1b38bd04
                                                                                                                                  0x1b38bd14
                                                                                                                                  0x1b38bd1c
                                                                                                                                  0x1b38bd1f
                                                                                                                                  0x1b38bd21
                                                                                                                                  0x1b38bd21
                                                                                                                                  0x1b38bd29
                                                                                                                                  0x1b38bd33
                                                                                                                                  0x1b38bd47
                                                                                                                                  0x1b38bd4c
                                                                                                                                  0x1b38bd4c
                                                                                                                                  0x1b38bd55
                                                                                                                                  0x1b38bd5c
                                                                                                                                  0x1b38bd62
                                                                                                                                  0x1b38bd6a
                                                                                                                                  0x1b38bd71
                                                                                                                                  0x1b38bd75
                                                                                                                                  0x1b38bd7a
                                                                                                                                  0x1b38bd7e
                                                                                                                                  0x1b38bd83
                                                                                                                                  0x1b38bd83
                                                                                                                                  0x1b38bd86
                                                                                                                                  0x1b38bd8c
                                                                                                                                  0x1b38bd8c
                                                                                                                                  0x1b38bd91
                                                                                                                                  0x1b38bd9a
                                                                                                                                  0x1b38bda0
                                                                                                                                  0x1b38bda0
                                                                                                                                  0x1b38bda5
                                                                                                                                  0x1b38bda9
                                                                                                                                  0x1b38bdac
                                                                                                                                  0x1b38bdb2
                                                                                                                                  0x1b38bdb5
                                                                                                                                  0x1b38bdb8
                                                                                                                                  0x1b38bdb9
                                                                                                                                  0x1b38bdbd
                                                                                                                                  0x1b38bdc0
                                                                                                                                  0x1b38bdc0
                                                                                                                                  0x1b38bdca
                                                                                                                                  0x1b38bde4
                                                                                                                                  0x1b38bdef
                                                                                                                                  0x1b38bdf2
                                                                                                                                  0x1b38be06
                                                                                                                                  0x1b38be0a
                                                                                                                                  0x1b38be0e
                                                                                                                                  0x1b38be14
                                                                                                                                  0x1b38be15
                                                                                                                                  0x1b38be1d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38be23
                                                                                                                                  0x1b38be2b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38be34
                                                                                                                                  0x1b38be38
                                                                                                                                  0x1b38be3b
                                                                                                                                  0x1b38be3f
                                                                                                                                  0x1b38be49
                                                                                                                                  0x1b38be51
                                                                                                                                  0x1b38be6a
                                                                                                                                  0x1b38be6a
                                                                                                                                  0x1b38be6d
                                                                                                                                  0x1b38be6d
                                                                                                                                  0x1b38be79
                                                                                                                                  0x1b38bea8
                                                                                                                                  0x1b38beab
                                                                                                                                  0x1b38beaf
                                                                                                                                  0x1b38beb6
                                                                                                                                  0x1b38beb7
                                                                                                                                  0x1b38beba
                                                                                                                                  0x1b38bebb
                                                                                                                                  0x1b38bebf
                                                                                                                                  0x1b38bec8
                                                                                                                                  0x1b38becc
                                                                                                                                  0x1b38becc
                                                                                                                                  0x1b38bed4
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38bedb
                                                                                                                                  0x1b38be7f
                                                                                                                                  0x1b38be82
                                                                                                                                  0x1b38be89
                                                                                                                                  0x1b38be90
                                                                                                                                  0x1b38be93
                                                                                                                                  0x1b38be97
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38bea3
                                                                                                                                  0x1b38be5a
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38be62
                                                                                                                                  0x1b38bce1
                                                                                                                                  0x1b38bce9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38bce9
                                                                                                                                  0x1b38bc79
                                                                                                                                  0x1b38bc7f
                                                                                                                                  0x1b38bc83
                                                                                                                                  0x1b38bc89
                                                                                                                                  0x1b38bc89
                                                                                                                                  0x1b38bc91
                                                                                                                                  0x1b38bca5
                                                                                                                                  0x1b38bca8
                                                                                                                                  0x1b38bca9
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38bca9
                                                                                                                                  0x1b38bc97
                                                                                                                                  0x1b38bcb8
                                                                                                                                  0x1b38bcb8
                                                                                                                                  0x1b38bcb8
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38bc89
                                                                                                                                  0x1b38bbbe
                                                                                                                                  0x1b38bbc8
                                                                                                                                  0x1b38bbd3
                                                                                                                                  0x1b38bbda
                                                                                                                                  0x1b38bbef
                                                                                                                                  0x1b38bbf5
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38bbf5
                                                                                                                                  0x1b38bbe0
                                                                                                                                  0x00000000
                                                                                                                                  0x1b38bbea
                                                                                                                                  0x1b38bba6

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: /f+$@To=$DNGuard Runtime Error!$DNGuard Runtime Info$Please send the following information to your software vendor.P0:%d, P1:0x%.8X, P2:0x%.8X$This application occurred a problem.$}$}b
                                                                                                                                  • API String ID: 0-4166108272
                                                                                                                                  • Opcode ID: 9b20232da9ae3102c02565c9e9d6b5eb0914d078f80939e258891f79d7a32338
                                                                                                                                  • Instruction ID: e92ac1204878f497682279a6427270a05d52c446ba8e493d76332878315cf9a8
                                                                                                                                  • Opcode Fuzzy Hash: 9b20232da9ae3102c02565c9e9d6b5eb0914d078f80939e258891f79d7a32338
                                                                                                                                  • Instruction Fuzzy Hash: 61421472709A82C6DB298B25E0903EE7769F344F90F844316CB9A477A4DB7DD4E5C702
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B255140 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 77memorysleeplibraryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 559 1b255140-1b255163 GetModuleHandleA 560 1b255165-1b25516b 559->560 561 1b25518d-1b2551a4 GetModuleHandleA 559->561 560->561 562 1b25516d-1b25518b Sleep GetModuleHandleA 560->562 563 1b25528c-1b2552a3 SetEvent 561->563 564 1b2551aa-1b2551c0 GetProcAddress 561->564 562->560 562->561 564->563 565 1b2551c6-1b2551df GetModuleHandleA 564->565 565->563 567 1b2551e5-1b255280 VirtualQuery VirtualProtect * 2 565->567 567->563 568 1b255282-1b255285 567->568 568->563
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HandleModule$Virtual$Protect$AddressEventProcQuerySleep
                                                                                                                                  • String ID: clr.dll$clrjit.dll$getJit
                                                                                                                                  • API String ID: 1621864188-2561302590
                                                                                                                                  • Opcode ID: e2d5472a14d24e08bfa7c5872eb6f7dad8543173c65ccca4f7590ec08fcf36fe
                                                                                                                                  • Instruction ID: 6f11d6a1f6c27d7be99b3e2d63911f290ea472d5be4f4947091f2e9d5238301e
                                                                                                                                  • Opcode Fuzzy Hash: e2d5472a14d24e08bfa7c5872eb6f7dad8543173c65ccca4f7590ec08fcf36fe
                                                                                                                                  • Instruction Fuzzy Hash: 3331F835A16F4996EB508F22F88039973A4F788B95F644529DE8D43764EF3DC49DCB00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B23AB40 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 174COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                  			E1B23AB40(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, long long __r12, long long __r13, long long __r14) {
				signed int _t62;
				unsigned int _t65;
				int _t71;
				struct HINSTANCE__* _t72;
				int _t77;
				int _t80;
				void* _t85;
				intOrPtr _t86;
				intOrPtr _t97;
				signed int _t99;
				int _t100;
				signed long long _t115;
				intOrPtr _t117;
				intOrPtr _t118;
				signed int* _t119;
				intOrPtr _t120;
				intOrPtr _t121;
				void* _t123;
				void* _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				intOrPtr _t131;
				intOrPtr _t132;
				void* _t147;
				void* _t148;
				long long _t155;
				intOrPtr _t156;
				signed long long _t158;
				intOrPtr _t160;
				signed long long _t161;
				long long _t162;

				_t162 = __r12;
				_t159 = __r8;
				_t153 = __rsi;
				_t151 = __rdi;
				_t147 = __rdx;
				_t122 = __rbx;
				_t161 = _t158;
				_t115 =  *0x1b28fd98; // 0x6f0cc7c64fc9
				 *(_t158 + 0x440) = _t115 ^ _t158;
				_t117 =  *0x1b291a28; // 0x1b490cd0
				 *((long long*)(_t161 + 0x10)) = __rbx;
				 *((long long*)(_t161 + 0x18)) = _t155;
				 *((long long*)(_t161 + 0x20)) = __rsi;
				 *((long long*)(_t161 - 8)) = __rdi;
				 *((long long*)(_t161 - 0x18)) = __r13;
				_t7 = _t117 + 0xc8; // 0x100000004
				_t86 =  *_t7;
				 *((long long*)(_t161 - 0x20)) = __r14;
				r14d = 1;
				_t97 = 0;
				if(_t86 == r14d) {
					L20:
					GetModuleHandleA();
					if(_t117 != 0) {
						E1B23A850(_t86, _t122, _t147, _t151, _t153, _t155, _t159, _t162);
					}
					L22:
					_t118 =  *0x1b291a28; // 0x1b490cd0
					 *((long long*)(_t158 + 0x468)) = _t162;
					_t23 = _t118 + 0xb0; // 0x1b230000
					_t156 =  *_t23;
					_t24 = _t156 + 0x3c; // 0xeba1f0e000000e8
					_t128 =  *_t24 + _t156;
					if( *((short*)(_t128 + 0x18)) != 0x20b) {
						r12d =  *(_t128 + 6) & 0x0000ffff;
						_t123 = _t118 + _t128 + 0x18;
					} else {
						r12d =  *(_t128 + 6) & 0x0000ffff;
						_t123 = _t118 + _t128 + 0x18;
					}
					r8d =  *(_t123 + 0x10);
					_t148 = _t147 + _t156;
					_t99 =  *(_t123 + 0x24) >> 0x1c;
					_t62 = E1B23AA90(r14d, _t148, _t160, _t161);
					_t129 =  *0x1b291a28; // 0x1b490cd0
					 *((intOrPtr*)(_t129 + 0x188)) =  *((intOrPtr*)(_t123 + 0xc));
					_t130 =  *0x1b291a28; // 0x1b490cd0
					r11d = _t62;
					 *(_t130 + 0x18c) =  *(_t123 + 0x10);
					_t131 =  *0x1b291a28; // 0x1b490cd0
					 *((intOrPtr*)(_t131 + 0x190)) = _t97;
					_t132 =  *0x1b291a28; // 0x1b490cd0
					 *((intOrPtr*)(_t132 + 0x194)) = _t97;
					_t88 = _t162 - 1;
					if(_t88 <= 0) {
						L31:
						_t119 =  *0x1b291a28; // 0x1b490cd0
						r11d = r11d ^  *_t119;
						_t119[6] = r11d;
						SetEvent(??);
						return E1B258680(_t88,  *(_t158 + 0x440) ^ _t158);
					} else {
						while(1) {
							_t65 =  *(_t123 + 0x4c);
							_t123 = _t123 + 0x28;
							if((_t65 >> 0x0000001c & _t99) == _t99) {
								break;
							}
							_t97 = _t97 + 1;
							if(_t97 < _t88) {
								continue;
							}
							goto L31;
						}
						_t120 =  *0x1b291a28; // 0x1b490cd0
						 *((intOrPtr*)(_t120 + 0x190)) =  *((intOrPtr*)(_t123 + 0xc));
						_t121 =  *0x1b291a28; // 0x1b490cd0
						 *(_t121 + 0x194) =  *(_t123 + 0x10);
						r8d =  *(_t123 + 0x10);
						__eflags = _t148 + _t156;
						_t88 = r11d;
						r11d = E1B23AA90(r11d, _t148 + _t156, _t160, _t161);
						goto L31;
					}
				}
				if(_t86 != 2) {
					_t71 = E1B23A850(_t86, __rbx, __rdx, __rdi, __rsi, _t155, __r8, __r12); // executed
					__eflags = _t71;
					if(_t71 != 0) {
						goto L22;
					}
					goto L20;
				} else {
					_t72 = GetModuleHandleA();
					_t153 = _t117;
					if(_t117 == 0) {
						_t72 = GetModuleHandleA();
						_t153 = _t117;
					}
					_t117 =  *0x1b291a28; // 0x1b490cd0
					_t85 =  >  ? r14d : _t97;
					if(_t153 == 0) {
						L16:
						_t108 = _t85;
						if(_t85 == 0) {
							E1B246DC0(__eflags, _t117, _t147, _t151, _t153, _t155, _t160, _t162);
						} else {
							E1B24AC40(_t108, _t117, _t147, _t151, _t153, _t155, _t160, _t162);
						}
						goto L20;
					}
					r8d = 0x400;
					E1B258FC0(_t72, _t86, 0, _t158 + 0x40, _t147, _t159);
					r8d = 0x3ff;
					GetModuleFileNameA(??, ??, ??);
					_t147 = _t158 + 0x30;
					_t77 = GetFileVersionInfoSizeA(??, ??);
					_t100 = _t77;
					if(_t77 == 0) {
						goto L16;
					}
					L1B257D70(_t117, _t155);
					r8d = _t100;
					_t160 = _t117;
					_t153 = _t117;
					if(GetFileVersionInfoA(??, ??, ??, ??) != 0) {
						_t160 = _t158 + 0x20;
						_t159 = _t158 + 0x28;
						_t147 = 0x1b26e068;
						_t80 = VerQueryValueA(??, ??, ??, ??);
						__eflags = _t80;
						if(_t80 != 0) {
							_t117 =  *((intOrPtr*)(_t158 + 0x28));
							__eflags =  *((intOrPtr*)(_t117 + 8)) - 0x20000;
							if( *((intOrPtr*)(_t117 + 8)) != 0x20000) {
								L14:
								__eflags =  *((short*)(_t117 + 0xe)) - 0xc627;
								_t85 =  >  ? r14d : _t85;
								L15:
								L1B259C50(_t117, _t153);
								goto L16;
							}
							__eflags =  *((short*)(_t117 + 0xe)) - 0xc627;
							if( *((short*)(_t117 + 0xe)) != 0xc627) {
								goto L14;
							}
							__eflags =  *((short*)(_t117 + 0xc)) - 0xbd7;
							if( *((short*)(_t117 + 0xc)) >= 0xbd7) {
								_t85 = r14d;
							}
							goto L15;
						}
						L1B259C50(_t117, _t153);
						goto L16;
					}
					L1B259C50(_t117, _t153);
					goto L16;
				}
			}


































                                                                                                                                  0x1b23ab40
                                                                                                                                  0x1b23ab40
                                                                                                                                  0x1b23ab40
                                                                                                                                  0x1b23ab40
                                                                                                                                  0x1b23ab40
                                                                                                                                  0x1b23ab40
                                                                                                                                  0x1b23ab40
                                                                                                                                  0x1b23ab4a
                                                                                                                                  0x1b23ab54
                                                                                                                                  0x1b23ab5c
                                                                                                                                  0x1b23ab63
                                                                                                                                  0x1b23ab67
                                                                                                                                  0x1b23ab6b
                                                                                                                                  0x1b23ab6f
                                                                                                                                  0x1b23ab73
                                                                                                                                  0x1b23ab7a
                                                                                                                                  0x1b23ab7a
                                                                                                                                  0x1b23ab80
                                                                                                                                  0x1b23ab84
                                                                                                                                  0x1b23ab8a
                                                                                                                                  0x1b23ab8f
                                                                                                                                  0x1b23acc1
                                                                                                                                  0x1b23acc8
                                                                                                                                  0x1b23acd1
                                                                                                                                  0x1b23acd3
                                                                                                                                  0x1b23acd3
                                                                                                                                  0x1b23acd8
                                                                                                                                  0x1b23acd8
                                                                                                                                  0x1b23acdf
                                                                                                                                  0x1b23ace7
                                                                                                                                  0x1b23ace7
                                                                                                                                  0x1b23acee
                                                                                                                                  0x1b23acf2
                                                                                                                                  0x1b23acfb
                                                                                                                                  0x1b23ad11
                                                                                                                                  0x1b23ad16
                                                                                                                                  0x1b23acfd
                                                                                                                                  0x1b23ad01
                                                                                                                                  0x1b23ad06
                                                                                                                                  0x1b23ad06
                                                                                                                                  0x1b23ad21
                                                                                                                                  0x1b23ad25
                                                                                                                                  0x1b23ad2b
                                                                                                                                  0x1b23ad2e
                                                                                                                                  0x1b23ad33
                                                                                                                                  0x1b23ad45
                                                                                                                                  0x1b23ad4b
                                                                                                                                  0x1b23ad55
                                                                                                                                  0x1b23ad58
                                                                                                                                  0x1b23ad5e
                                                                                                                                  0x1b23ad65
                                                                                                                                  0x1b23ad6b
                                                                                                                                  0x1b23ad72
                                                                                                                                  0x1b23ad78
                                                                                                                                  0x1b23ad87
                                                                                                                                  0x1b23adde
                                                                                                                                  0x1b23adde
                                                                                                                                  0x1b23ade8
                                                                                                                                  0x1b23adeb
                                                                                                                                  0x1b23adef
                                                                                                                                  0x1b23ae34
                                                                                                                                  0x1b23ad90
                                                                                                                                  0x1b23ad90
                                                                                                                                  0x1b23ad90
                                                                                                                                  0x1b23ad93
                                                                                                                                  0x1b23ad9e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23ada0
                                                                                                                                  0x1b23ada5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23ada7
                                                                                                                                  0x1b23ada9
                                                                                                                                  0x1b23adb3
                                                                                                                                  0x1b23adbc
                                                                                                                                  0x1b23adc3
                                                                                                                                  0x1b23adcc
                                                                                                                                  0x1b23add0
                                                                                                                                  0x1b23add3
                                                                                                                                  0x1b23addb
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23addb
                                                                                                                                  0x1b23ad87
                                                                                                                                  0x1b23ab98
                                                                                                                                  0x1b23acb8
                                                                                                                                  0x1b23acbd
                                                                                                                                  0x1b23acbf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23ab9e
                                                                                                                                  0x1b23aba5
                                                                                                                                  0x1b23abae
                                                                                                                                  0x1b23abb1
                                                                                                                                  0x1b23abba
                                                                                                                                  0x1b23abc0
                                                                                                                                  0x1b23abc0
                                                                                                                                  0x1b23abc3
                                                                                                                                  0x1b23abd3
                                                                                                                                  0x1b23abda
                                                                                                                                  0x1b23aca6
                                                                                                                                  0x1b23aca6
                                                                                                                                  0x1b23aca8
                                                                                                                                  0x1b23acb1
                                                                                                                                  0x1b23acaa
                                                                                                                                  0x1b23acaa
                                                                                                                                  0x1b23acaa
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23aca8
                                                                                                                                  0x1b23abe7
                                                                                                                                  0x1b23abed
                                                                                                                                  0x1b23abf7
                                                                                                                                  0x1b23ac00
                                                                                                                                  0x1b23ac06
                                                                                                                                  0x1b23ac10
                                                                                                                                  0x1b23ac17
                                                                                                                                  0x1b23ac19
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23ac22
                                                                                                                                  0x1b23ac2c
                                                                                                                                  0x1b23ac2f
                                                                                                                                  0x1b23ac34
                                                                                                                                  0x1b23ac3e
                                                                                                                                  0x1b23ac4a
                                                                                                                                  0x1b23ac4f
                                                                                                                                  0x1b23ac54
                                                                                                                                  0x1b23ac5e
                                                                                                                                  0x1b23ac63
                                                                                                                                  0x1b23ac65
                                                                                                                                  0x1b23ac71
                                                                                                                                  0x1b23ac76
                                                                                                                                  0x1b23ac7d
                                                                                                                                  0x1b23ac94
                                                                                                                                  0x1b23ac94
                                                                                                                                  0x1b23ac9a
                                                                                                                                  0x1b23ac9e
                                                                                                                                  0x1b23aca1
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23aca1
                                                                                                                                  0x1b23ac7f
                                                                                                                                  0x1b23ac85
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23ac87
                                                                                                                                  0x1b23ac8d
                                                                                                                                  0x1b23ac8f
                                                                                                                                  0x1b23ac8f
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23ac8d
                                                                                                                                  0x1b23ac6a
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23ac6a
                                                                                                                                  0x1b23ac43
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23ac43

                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Module$FileHandle$InfoVersion$EventNameQuerySizeValue
                                                                                                                                  • String ID: clrjit.dll$mscorjit.dll$mscorwks.dll
                                                                                                                                  • API String ID: 3753412869-1889958636
                                                                                                                                  • Opcode ID: 708ba1e4c3cef1f5101ec596dfa5d24741ef19070ed89156bd1a45a32b26ba9b
                                                                                                                                  • Instruction ID: dd1853cc8ad44ba84517575f6c5884a4a3ab7a77545fe40ab47d220622f72bfd
                                                                                                                                  • Opcode Fuzzy Hash: 708ba1e4c3cef1f5101ec596dfa5d24741ef19070ed89156bd1a45a32b26ba9b
                                                                                                                                  • Instruction Fuzzy Hash: EA715BB6A14A8586DB18CF16D4807ED73A0F78DB99F688529CE4D43774DF38C98ACB00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B25B620 Relevance: 15.2, APIs: 10, Instructions: 150memoryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 841 1b25b620-1b25b62f 842 1b25b635-1b25b652 GetProcessHeap HeapAlloc 841->842 843 1b25b796-1b25b798 841->843 844 1b25b654-1b25b665 GetVersionExA 842->844 845 1b25b67b-1b25b686 842->845 846 1b25b7e3-1b25b7e6 843->846 847 1b25b79a-1b25b7a2 843->847 848 1b25b687-1b25b6c6 GetProcessHeap HeapFree 844->848 849 1b25b667-1b25b675 GetProcessHeap HeapFree 844->849 850 1b25b858-1b25b85b 846->850 851 1b25b7e8-1b25b802 call 1b231670 call 1b261130 846->851 847->845 852 1b25b7a8-1b25b7b7 847->852 856 1b25b6cc-1b25b712 call 1b262dd0 848->856 857 1b25b6c8 848->857 849->845 853 1b25b864-1b25b872 850->853 854 1b25b85d-1b25b85f call 1b25e6a0 850->854 851->845 873 1b25b808-1b25b819 FlsSetValue 851->873 858 1b25b7be-1b25b7c1 852->858 859 1b25b7b9 call 1b259a30 852->859 854->853 856->845 868 1b25b718-1b25b71f call 1b25e700 856->868 857->856 858->853 860 1b25b7c7-1b25b7e2 call 1b261d70 call 1b25e280 call 1b262e30 858->860 859->858 879 1b25b785-1b25b795 call 1b262e30 868->879 880 1b25b721-1b25b746 call 1b260820 GetCommandLineA call 1b264900 call 1b261a20 868->880 876 1b25b844-1b25b857 call 1b25a880 873->876 877 1b25b81b-1b25b843 call 1b25e2d0 GetCurrentThreadId 873->877 894 1b25b780 call 1b25e280 880->894 895 1b25b748-1b25b74f call 1b2647f0 880->895 894->879 899 1b25b751-1b25b758 call 1b264430 895->899 900 1b25b77b call 1b261d70 895->900 899->900 904 1b25b75a-1b25b75c call 1b259800 899->904 900->894 906 1b25b761-1b25b763 904->906 906->900 907 1b25b765-1b25b77a 906->907
                                                                                                                                  C-Code - Quality: 49%
                                                                                                                                  			E1B25B620(void* __ebx, long* __edx, long* __rax, long long __rbx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, intOrPtr __r8, long long __r12, void* __r13, void* __r14, void* __r15, long long _a32) {
				long long _v8;
				long long _v16;
				long long _v24;
				long long _v32;
				void* _t23;
				intOrPtr _t27;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t56;
				intOrPtr _t58;
				intOrPtr _t60;
				intOrPtr _t61;
				void* _t65;
				signed int _t78;
				signed int _t79;
				long _t80;
				long* _t90;
				void* _t98;
				long* _t103;
				long* _t106;
				intOrPtr _t108;
				intOrPtr _t110;
				intOrPtr _t112;
				long* _t114;
				void* _t116;
				intOrPtr _t118;
				void* _t119;
				void* _t120;
				void* _t121;

				_t121 = __r15;
				_t120 = __r14;
				_t119 = __r13;
				_t117 = __r12;
				_t111 = __rbp;
				_t109 = __rsi;
				_t107 = __rdi;
				_t105 = __rdx;
				_t86 = __rax;
				_t71 = __edx;
				_t65 = __ebx;
				_a32 = __rbx;
				_t88 = __r8;
				if(__edx != 1) {
					__eflags = __edx;
					if(__edx != 0) {
						__eflags = __edx - 2;
						if(__edx != 2) {
							__eflags = __edx - 3;
							if(__edx == 3) {
								__eflags = 0;
								E1B25E6A0(__rax, _t98);
							}
							goto L30;
						} else {
							E1B231670(_t23);
							_t27 = E1B261130(__rax, __r8, _t98, __rdx, __rdi, __rsi, __rbp, __r12);
							__eflags = _t86;
							_t90 = _t86;
							if(_t86 == 0) {
								goto L4;
							} else {
								_t106 = _t86;
								__imp__FlsSetValue();
								__eflags = _t27;
								if(_t27 == 0) {
									E1B25A880(_t86, _t90);
									__eflags = 0;
									return 0;
								} else {
									__eflags = 0;
									E1B25E2D0(_t86, _t90, _t90, _t106, _t107, _t109);
									_t32 = GetCurrentThreadId();
									_t90[2] = 0xffffffff;
									 *_t90 = _t32;
									return 1;
								}
							}
						}
					} else {
						_t34 =  *0x1b292bf8; // 0x0
						__eflags = _t34;
						if(_t34 <= 0) {
							goto L4;
						} else {
							__eflags =  *0x1b292bf0 - _t71; // 0x1
							 *0x1b292bf8 = _t34 - 1;
							if(__eflags == 0) {
								E1B259A30(__rax, __r8, __rdx, __rdi, __rsi, __r12); // executed
							}
							__eflags = _t88;
							if(_t88 != 0) {
								L30:
								return 1;
							} else {
								E1B261D70(_t88, _t107, _t109, _t111);
								E1B25E280(_t88, _t107, _t109, _t111, _t117);
								E1B262E30();
								return _t88 + 1;
							}
						}
					}
				} else {
					GetProcessHeap();
					r8d = 0x94;
					HeapAlloc(??, ??, ??);
					_t95 = __rax;
					if(__rax == 0) {
						L4:
						return 0;
					} else {
						 *__rax = 0x94;
						if(GetVersionExA(??) != 0) {
							_v8 = __rbp;
							_t80 = __rax[2];
							_v16 = __rsi;
							_t79 = __rax[1];
							_v24 = __rdi;
							_v32 = __r12;
							r12d = __rax[4];
							_t78 = __rax[3] & 0x00007fff;
							GetProcessHeap();
							_t114 = __rax;
							_t103 = __rax;
							HeapFree(??, ??, ??);
							__eflags = r12d - 2;
							if(r12d != 2) {
								asm("bts edi, 0xf");
							}
							 *0x1b292b94 = r12d;
							 *0x1b292ba0 = _t79;
							 *0x1b292ba4 = _t80;
							 *0x1b292b98 = _t78;
							 *0x1b292b9c = (_t79 << 8) + _t80; // executed
							_t49 = E1B262DD0(1, _t86); // executed
							_t118 = _v32;
							__eflags = _t49;
							_t108 = _v24;
							_t110 = _v16;
							_t112 = _v8;
							if(__eflags == 0) {
								goto L4;
							} else {
								_t50 = E1B25E700(0, __eflags, _t86, _t103, _t105, _t108, _t110, _t118, _t119); // executed
								__eflags = _t50;
								if(_t50 == 0) {
									L16:
									E1B262E30();
									__eflags = 0;
									return 0;
								} else {
									E1B260820(_t95, _t108);
									GetCommandLineA();
									 *0x1b294c88 = _t86;
									E1B264900(_t65, _t80, _t86, _t95, _t108, _t110, _t112, _t118);
									 *0x1b292c00 = _t86;
									_t56 = E1B261A20(_t78, _t95, _t105, _t108, _t110, _t112, _t114, _t118, _t119, _t120, _t121);
									__eflags = _t56;
									if(_t56 < 0) {
										L15:
										E1B25E280(_t95, _t108, _t110, _t112, _t118);
										goto L16;
									} else {
										_t58 = E1B2647F0(_t95, _t108, _t110, _t114, _t118, _t119, _t120); // executed
										__eflags = _t58;
										if(_t58 < 0) {
											L14:
											E1B261D70(_t95, _t108, _t110, _t112);
											goto L15;
										} else {
											_t60 = E1B264430(1, _t86, _t95, _t108, _t110, _t112, _t114, _t116, _t118);
											__eflags = _t60;
											if(_t60 < 0) {
												goto L14;
											} else {
												_t61 = E1B259800(0, _t86, _t95, _t105, _t108, _t114); // executed
												__eflags = _t61;
												if(_t61 != 0) {
													goto L14;
												} else {
													 *0x1b292bf8 =  *0x1b292bf8 + 1;
													__eflags =  *0x1b292bf8;
													return 1;
												}
											}
										}
									}
								}
							}
						} else {
							GetProcessHeap();
							HeapFree(??, ??, ??);
							goto L4;
						}
					}
				}
			}


































                                                                                                                                  0x1b25b620
                                                                                                                                  0x1b25b620
                                                                                                                                  0x1b25b620
                                                                                                                                  0x1b25b620
                                                                                                                                  0x1b25b620
                                                                                                                                  0x1b25b620
                                                                                                                                  0x1b25b620
                                                                                                                                  0x1b25b620
                                                                                                                                  0x1b25b620
                                                                                                                                  0x1b25b620
                                                                                                                                  0x1b25b620
                                                                                                                                  0x1b25b627
                                                                                                                                  0x1b25b62c
                                                                                                                                  0x1b25b62f
                                                                                                                                  0x1b25b796
                                                                                                                                  0x1b25b798
                                                                                                                                  0x1b25b7e3
                                                                                                                                  0x1b25b7e6
                                                                                                                                  0x1b25b858
                                                                                                                                  0x1b25b85b
                                                                                                                                  0x1b25b85d
                                                                                                                                  0x1b25b85f
                                                                                                                                  0x1b25b85f
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25b7e8
                                                                                                                                  0x1b25b7e8
                                                                                                                                  0x1b25b7f7
                                                                                                                                  0x1b25b7fc
                                                                                                                                  0x1b25b7ff
                                                                                                                                  0x1b25b802
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25b808
                                                                                                                                  0x1b25b80e
                                                                                                                                  0x1b25b811
                                                                                                                                  0x1b25b817
                                                                                                                                  0x1b25b819
                                                                                                                                  0x1b25b847
                                                                                                                                  0x1b25b84c
                                                                                                                                  0x1b25b857
                                                                                                                                  0x1b25b81b
                                                                                                                                  0x1b25b81b
                                                                                                                                  0x1b25b820
                                                                                                                                  0x1b25b825
                                                                                                                                  0x1b25b82b
                                                                                                                                  0x1b25b833
                                                                                                                                  0x1b25b843
                                                                                                                                  0x1b25b843
                                                                                                                                  0x1b25b819
                                                                                                                                  0x1b25b802
                                                                                                                                  0x1b25b79a
                                                                                                                                  0x1b25b79a
                                                                                                                                  0x1b25b7a0
                                                                                                                                  0x1b25b7a2
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25b7a8
                                                                                                                                  0x1b25b7ab
                                                                                                                                  0x1b25b7b1
                                                                                                                                  0x1b25b7b7
                                                                                                                                  0x1b25b7b9
                                                                                                                                  0x1b25b7b9
                                                                                                                                  0x1b25b7be
                                                                                                                                  0x1b25b7c1
                                                                                                                                  0x1b25b864
                                                                                                                                  0x1b25b872
                                                                                                                                  0x1b25b7c7
                                                                                                                                  0x1b25b7c7
                                                                                                                                  0x1b25b7cc
                                                                                                                                  0x1b25b7d1
                                                                                                                                  0x1b25b7e2
                                                                                                                                  0x1b25b7e2
                                                                                                                                  0x1b25b7c1
                                                                                                                                  0x1b25b7a2
                                                                                                                                  0x1b25b635
                                                                                                                                  0x1b25b635
                                                                                                                                  0x1b25b63d
                                                                                                                                  0x1b25b646
                                                                                                                                  0x1b25b64f
                                                                                                                                  0x1b25b652
                                                                                                                                  0x1b25b67b
                                                                                                                                  0x1b25b686
                                                                                                                                  0x1b25b654
                                                                                                                                  0x1b25b657
                                                                                                                                  0x1b25b665
                                                                                                                                  0x1b25b687
                                                                                                                                  0x1b25b68c
                                                                                                                                  0x1b25b68f
                                                                                                                                  0x1b25b694
                                                                                                                                  0x1b25b697
                                                                                                                                  0x1b25b69f
                                                                                                                                  0x1b25b6a4
                                                                                                                                  0x1b25b6a8
                                                                                                                                  0x1b25b6ae
                                                                                                                                  0x1b25b6b4
                                                                                                                                  0x1b25b6b9
                                                                                                                                  0x1b25b6bc
                                                                                                                                  0x1b25b6c2
                                                                                                                                  0x1b25b6c6
                                                                                                                                  0x1b25b6c8
                                                                                                                                  0x1b25b6c8
                                                                                                                                  0x1b25b6d3
                                                                                                                                  0x1b25b6dd
                                                                                                                                  0x1b25b6e3
                                                                                                                                  0x1b25b6eb
                                                                                                                                  0x1b25b6f1
                                                                                                                                  0x1b25b6f7
                                                                                                                                  0x1b25b6fc
                                                                                                                                  0x1b25b701
                                                                                                                                  0x1b25b703
                                                                                                                                  0x1b25b708
                                                                                                                                  0x1b25b70d
                                                                                                                                  0x1b25b712
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25b718
                                                                                                                                  0x1b25b718
                                                                                                                                  0x1b25b71d
                                                                                                                                  0x1b25b71f
                                                                                                                                  0x1b25b785
                                                                                                                                  0x1b25b785
                                                                                                                                  0x1b25b78a
                                                                                                                                  0x1b25b795
                                                                                                                                  0x1b25b721
                                                                                                                                  0x1b25b721
                                                                                                                                  0x1b25b726
                                                                                                                                  0x1b25b72c
                                                                                                                                  0x1b25b733
                                                                                                                                  0x1b25b738
                                                                                                                                  0x1b25b73f
                                                                                                                                  0x1b25b744
                                                                                                                                  0x1b25b746
                                                                                                                                  0x1b25b780
                                                                                                                                  0x1b25b780
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25b748
                                                                                                                                  0x1b25b748
                                                                                                                                  0x1b25b74d
                                                                                                                                  0x1b25b74f
                                                                                                                                  0x1b25b77b
                                                                                                                                  0x1b25b77b
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25b751
                                                                                                                                  0x1b25b751
                                                                                                                                  0x1b25b756
                                                                                                                                  0x1b25b758
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25b75a
                                                                                                                                  0x1b25b75c
                                                                                                                                  0x1b25b761
                                                                                                                                  0x1b25b763
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25b765
                                                                                                                                  0x1b25b765
                                                                                                                                  0x1b25b765
                                                                                                                                  0x1b25b77a
                                                                                                                                  0x1b25b77a
                                                                                                                                  0x1b25b763
                                                                                                                                  0x1b25b758
                                                                                                                                  0x1b25b74f
                                                                                                                                  0x1b25b746
                                                                                                                                  0x1b25b71f
                                                                                                                                  0x1b25b667
                                                                                                                                  0x1b25b667
                                                                                                                                  0x1b25b675
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25b675
                                                                                                                                  0x1b25b665
                                                                                                                                  0x1b25b652

                                                                                                                                  APIs
                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 1B25B635
                                                                                                                                  • HeapAlloc.KERNEL32 ref: 1B25B646
                                                                                                                                  • GetVersionExA.KERNEL32 ref: 1B25B65D
                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 1B25B667
                                                                                                                                  • HeapFree.KERNEL32 ref: 1B25B675
                                                                                                                                    • Part of subcall function 1B261D70: DeleteCriticalSection.KERNEL32(?,?,?,?,1B25B7CC), ref: 1B261DB9
                                                                                                                                    • Part of subcall function 1B25E280: FlsFree.KERNEL32(?,?,?,?,1B25B7D1), ref: 1B25E28F
                                                                                                                                    • Part of subcall function 1B25E280: TlsFree.KERNEL32(?,?,?,?,1B25B7D1), ref: 1B25E2AA
                                                                                                                                    • Part of subcall function 1B262E30: HeapDestroy.KERNEL32(?,?,?,?,1B25B7D6), ref: 1B262E3B
                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 1B25B6AE
                                                                                                                                  • HeapFree.KERNEL32 ref: 1B25B6BC
                                                                                                                                  • GetCommandLineA.KERNEL32 ref: 1B25B726
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$Free$Process$AllocCommandCriticalDeleteDestroyLineSectionVersion
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4041283029-0
                                                                                                                                  • Opcode ID: 3c754f4a0903ba7cbe1fa122f2f343f7e935590b1dbe26069edc96f42caf5276
                                                                                                                                  • Instruction ID: 353f022a67a7e158ccb3ea507212fffb1602749141ba6bea39699ac85c941723
                                                                                                                                  • Opcode Fuzzy Hash: 3c754f4a0903ba7cbe1fa122f2f343f7e935590b1dbe26069edc96f42caf5276
                                                                                                                                  • Instruction Fuzzy Hash: 64518335A0074187DB04EF62A9953C973A5EF89BD8F584129DE59877A5EF3CE08CCB10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B23A850 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 120COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 908 1b23a850-1b23a889 GetModuleHandleA 909 1b23a8a4-1b23a8bc 908->909 910 1b23a88b-1b23a89e GetModuleHandleA 908->910 912 1b23a922 call 1b24ed90 909->912 913 1b23a8be-1b23a8f7 call 1b258fc0 GetModuleFileNameA GetFileVersionInfoSizeA 909->913 910->909 911 1b23a93c-1b23a963 call 1b258680 910->911 917 1b23a927-1b23a937 912->917 913->912 920 1b23a8f9-1b23a918 call 1b257d70 GetFileVersionInfoA 913->920 917->911 923 1b23a964-1b23a97f VerQueryValueA 920->923 924 1b23a91a-1b23a91d call 1b259c50 920->924 923->924 926 1b23a981-1b23a98d 923->926 924->912 927 1b23a9b3-1b23a9bb 926->927 928 1b23a98f-1b23a995 926->928 930 1b23a9c9-1b23a9cd 927->930 931 1b23a9bd-1b23a9c7 927->931 928->927 929 1b23a997-1b23a9a0 928->929 932 1b23aa3c-1b23aa46 call 1b259c50 929->932 935 1b23a9a6-1b23a9ae 929->935 933 1b23a9db-1b23a9df 930->933 934 1b23a9cf-1b23a9d9 930->934 931->932 932->912 945 1b23aa4c-1b23aa57 call 1b256e60 932->945 936 1b23a9e1-1b23a9f4 933->936 937 1b23a9fe-1b23aa02 933->937 934->932 935->932 936->932 939 1b23a9f6-1b23a9fc 936->939 940 1b23aa21-1b23aa34 937->940 941 1b23aa04-1b23aa17 937->941 939->932 940->932 944 1b23aa36 940->944 941->932 943 1b23aa19-1b23aa1f 941->943 943->932 944->932 945->917
                                                                                                                                  C-Code - Quality: 50%
                                                                                                                                  			E1B23A850(signed short __ecx, long long __rbx, char* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r12, long long _a8, long long _a16, void* _a24, void* _a32) {
				signed int _v24;
				char _v1048;
				char _v1064;
				signed long long _v1072;
				char _v1080;
				struct HINSTANCE__* _t29;
				int _t35;
				int _t37;
				int _t38;
				signed int _t42;
				int _t46;
				int _t47;
				signed long long _t54;
				signed long long _t55;
				long long _t56;
				signed long long _t66;
				char* _t70;
				signed long long _t75;
				long long _t77;
				signed long long _t79;
				void* _t80;
				signed long long _t82;
				signed long long _t83;
				void* _t84;

				_t84 = __r12;
				_t80 = __r8;
				_t77 = __rbp;
				_t72 = __rdi;
				_t70 = __rdx;
				_t56 = __rbx;
				_t43 = __ecx;
				_t83 = _t79;
				_t54 =  *0x1b28fd98; // 0x6f0cc7c64fc9
				_t55 = _t54 ^ _t79;
				_v24 = _t55;
				 *((long long*)(_t83 + 0x18)) = __rsi;
				 *((long long*)(_t83 + 0x20)) = __rdi;
				_t46 = 0;
				_t29 = GetModuleHandleA(??);
				_t75 = _t55;
				if(_t55 != 0) {
					L2:
					_a8 = _t56;
					_a16 = _t77;
					_t42 = 0x4609;
					if(_t75 == 0) {
						L6:
						E1B24ED90(_t52, _t55, _t70, _t72, _t75, _t77, _t82, _t84);
						L7:
						L8:
						return E1B258680(_t43, _v24 ^ _t79);
					}
					r8d = 0x400;
					E1B258FC0(_t29, _t43, 0,  &_v1048, _t70, _t80);
					r8d = 0x3ff;
					GetModuleFileNameA(??, ??, ??);
					_t70 =  &_v1064;
					_t35 = GetFileVersionInfoSizeA(??, ??); // executed
					_t47 = _t35;
					if(_t35 == 0) {
						goto L6;
					}
					L1B257D70(_t55, _t77);
					r8d = _t47;
					_t82 = _t55;
					_t75 = _t55; // executed
					_t37 = GetFileVersionInfoA(??, ??, ??, ??); // executed
					_t52 = _t37;
					if(_t37 != 0) {
						_t82 =  &_v1080;
						_t70 = 0x1b26e068;
						_t66 = _t75;
						_t38 = VerQueryValueA(??, ??, ??, ??);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L5;
						}
						_t55 = _v1072;
						__eflags =  *(_t55 + 8) - 0x40000;
						if( *(_t55 + 8) != 0x40000) {
							L14:
							_t43 =  *(_t55 + 8) & 0x0000ffff;
							__eflags = _t43 - 5;
							if(_t43 != 5) {
								__eflags = _t43 - 6;
								if(_t43 != 6) {
									__eflags = _t43 - 7;
									if(_t43 != 7) {
										__eflags = _t43 - 8;
										if(_t43 < 8) {
											_t43 =  *(_t55 + 0xe) & 0x0000ffff;
											_t46 = 1;
											_t42 = 0x1c9c463e;
											__eflags = ( *(_t55 + 0xe) & 0x0000ffff) - 0xe3e;
											if(( *(_t55 + 0xe) & 0x0000ffff) >= 0xe3e) {
												_t42 = _t66 + 0x1c9c3800;
											}
										} else {
											_t43 =  *(_t55 + 0xe) & 0x0000ffff;
											_t46 = 1;
											_t42 = 0x1c9c463e;
											__eflags = ( *(_t55 + 0xe) & 0x0000ffff) - 0xe3e;
											if(( *(_t55 + 0xe) & 0x0000ffff) >= 0xe3e) {
												_t42 = _t66 + 0x1c9c3800;
											}
										}
									} else {
										_t43 =  *(_t55 + 0xe) & 0x0000ffff;
										_t46 = 1;
										_t42 = 0x1c03a97e;
										__eflags = ( *(_t55 + 0xe) & 0x0000ffff) - 0x805;
										if(( *(_t55 + 0xe) & 0x0000ffff) >= 0x805) {
											_t42 = _t66 + 0x1c03a180;
										}
									}
								} else {
									_t46 = 1;
									_t42 = 0x1b722048;
								}
							} else {
								_t46 = 1;
								_t42 = 0x1b00c923;
							}
							L26:
							L1B259C50(_t55, _t75);
							__eflags = _t46;
							if(__eflags == 0) {
								goto L6;
							}
							 *0x1b292aa0 = _t42; // executed
							E1B256E60(_t55, _t70); // executed
							goto L7;
						}
						__eflags =  *(_t55 + 0xe) - 0x766f;
						if( *(_t55 + 0xe) != 0x766f) {
							goto L14;
						} else {
							_t43 =  *(_t55 + 0xc) & 0x0000ffff;
							__eflags = _t43 - 0x427c;
							if(_t43 >= 0x427c) {
								_t42 = _t43 & 0x0000ffff;
								_t46 = 1;
							}
							goto L26;
						}
					}
					L5:
					L1B259C50(_t55, _t75);
					goto L6;
				}
				_t29 = GetModuleHandleA();
				_t75 = _t55;
				if(_t55 == 0) {
					goto L8;
				}
				goto L2;
			}



























                                                                                                                                  0x1b23a850
                                                                                                                                  0x1b23a850
                                                                                                                                  0x1b23a850
                                                                                                                                  0x1b23a850
                                                                                                                                  0x1b23a850
                                                                                                                                  0x1b23a850
                                                                                                                                  0x1b23a850
                                                                                                                                  0x1b23a850
                                                                                                                                  0x1b23a85a
                                                                                                                                  0x1b23a861
                                                                                                                                  0x1b23a864
                                                                                                                                  0x1b23a86c
                                                                                                                                  0x1b23a870
                                                                                                                                  0x1b23a87b
                                                                                                                                  0x1b23a87d
                                                                                                                                  0x1b23a886
                                                                                                                                  0x1b23a889
                                                                                                                                  0x1b23a8a4
                                                                                                                                  0x1b23a8a7
                                                                                                                                  0x1b23a8af
                                                                                                                                  0x1b23a8b7
                                                                                                                                  0x1b23a8bc
                                                                                                                                  0x1b23a922
                                                                                                                                  0x1b23a922
                                                                                                                                  0x1b23a927
                                                                                                                                  0x1b23a93c
                                                                                                                                  0x1b23a963
                                                                                                                                  0x1b23a963
                                                                                                                                  0x1b23a8c5
                                                                                                                                  0x1b23a8cb
                                                                                                                                  0x1b23a8d5
                                                                                                                                  0x1b23a8de
                                                                                                                                  0x1b23a8e4
                                                                                                                                  0x1b23a8ee
                                                                                                                                  0x1b23a8f5
                                                                                                                                  0x1b23a8f7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23a8fc
                                                                                                                                  0x1b23a906
                                                                                                                                  0x1b23a909
                                                                                                                                  0x1b23a90e
                                                                                                                                  0x1b23a911
                                                                                                                                  0x1b23a916
                                                                                                                                  0x1b23a918
                                                                                                                                  0x1b23a964
                                                                                                                                  0x1b23a96e
                                                                                                                                  0x1b23a975
                                                                                                                                  0x1b23a978
                                                                                                                                  0x1b23a97d
                                                                                                                                  0x1b23a97f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23a981
                                                                                                                                  0x1b23a986
                                                                                                                                  0x1b23a98d
                                                                                                                                  0x1b23a9b3
                                                                                                                                  0x1b23a9b3
                                                                                                                                  0x1b23a9b7
                                                                                                                                  0x1b23a9bb
                                                                                                                                  0x1b23a9c9
                                                                                                                                  0x1b23a9cd
                                                                                                                                  0x1b23a9db
                                                                                                                                  0x1b23a9df
                                                                                                                                  0x1b23a9fe
                                                                                                                                  0x1b23aa02
                                                                                                                                  0x1b23aa21
                                                                                                                                  0x1b23aa25
                                                                                                                                  0x1b23aa2a
                                                                                                                                  0x1b23aa2f
                                                                                                                                  0x1b23aa34
                                                                                                                                  0x1b23aa36
                                                                                                                                  0x1b23aa36
                                                                                                                                  0x1b23aa04
                                                                                                                                  0x1b23aa04
                                                                                                                                  0x1b23aa08
                                                                                                                                  0x1b23aa0d
                                                                                                                                  0x1b23aa12
                                                                                                                                  0x1b23aa17
                                                                                                                                  0x1b23aa19
                                                                                                                                  0x1b23aa19
                                                                                                                                  0x1b23aa17
                                                                                                                                  0x1b23a9e1
                                                                                                                                  0x1b23a9e1
                                                                                                                                  0x1b23a9e5
                                                                                                                                  0x1b23a9ea
                                                                                                                                  0x1b23a9ef
                                                                                                                                  0x1b23a9f4
                                                                                                                                  0x1b23a9f6
                                                                                                                                  0x1b23a9f6
                                                                                                                                  0x1b23a9f4
                                                                                                                                  0x1b23a9cf
                                                                                                                                  0x1b23a9cf
                                                                                                                                  0x1b23a9d4
                                                                                                                                  0x1b23a9d4
                                                                                                                                  0x1b23a9bd
                                                                                                                                  0x1b23a9bd
                                                                                                                                  0x1b23a9c2
                                                                                                                                  0x1b23a9c2
                                                                                                                                  0x1b23aa3c
                                                                                                                                  0x1b23aa3f
                                                                                                                                  0x1b23aa44
                                                                                                                                  0x1b23aa46
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23aa4c
                                                                                                                                  0x1b23aa52
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23aa52
                                                                                                                                  0x1b23a98f
                                                                                                                                  0x1b23a995
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23a997
                                                                                                                                  0x1b23a997
                                                                                                                                  0x1b23a99b
                                                                                                                                  0x1b23a9a0
                                                                                                                                  0x1b23a9a6
                                                                                                                                  0x1b23a9a9
                                                                                                                                  0x1b23a9a9
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23a9a0
                                                                                                                                  0x1b23a995
                                                                                                                                  0x1b23a91a
                                                                                                                                  0x1b23a91d
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23a91d
                                                                                                                                  0x1b23a892
                                                                                                                                  0x1b23a89b
                                                                                                                                  0x1b23a89e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32 ref: 1B23A87D
                                                                                                                                  • GetModuleHandleA.KERNEL32 ref: 1B23A892
                                                                                                                                  • GetModuleFileNameA.KERNEL32 ref: 1B23A8DE
                                                                                                                                  • GetFileVersionInfoSizeA.VERSION ref: 1B23A8EE
                                                                                                                                  • GetFileVersionInfoA.VERSION ref: 1B23A911
                                                                                                                                  • VerQueryValueA.VERSION ref: 1B23A978
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileModule$HandleInfoVersion$NameQuerySizeValue
                                                                                                                                  • String ID: clr.dll$clrjit.dll
                                                                                                                                  • API String ID: 2961234045-1260128715
                                                                                                                                  • Opcode ID: 88e79ec8dcd7921bec75a8cf598a337396a812ff97dceeb06901baacfa2d8bc1
                                                                                                                                  • Instruction ID: 4fbb4502d27b3dc4c6b649e42e9b8f41e6663f9e93450d027ff626a20950ba53
                                                                                                                                  • Opcode Fuzzy Hash: 88e79ec8dcd7921bec75a8cf598a337396a812ff97dceeb06901baacfa2d8bc1
                                                                                                                                  • Instruction Fuzzy Hash: 1941B0B6F1469582DB10DB11E4D03DD23A1E78EB85F954026CF8D17BA4DB39C98EC700
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B235260 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 70stringthreadCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  C-Code - Quality: 54%
                                                                                                                                  			E1B235260(void* __ecx, intOrPtr __edx, long long __rax, long long __rcx, void* __rdx, void* __rdi, void* __rsi, void* __rbp, void* __r8, void* __r9, void* __r12, long long _a32) {
				long long _v24;
				void* __rbx;
				void* _t11;
				void* _t36;
				long long _t39;
				intOrPtr _t40;
				intOrPtr _t41;
				long long _t42;
				long long _t43;
				intOrPtr _t47;
				intOrPtr _t52;
				void* _t60;
				intOrPtr _t62;
				void* _t64;
				void* _t65;

				_t65 = __r12;
				_t64 = __r9;
				_t61 = __r8;
				_t60 = __rbp;
				_t59 = __rsi;
				_t58 = __rdi;
				_t39 = __rax;
				_v24 = 0xfffffffe;
				_t43 = __rcx;
				_t37 = __edx - 1;
				if(__edx != 1) {
					__eflags = __edx;
					if(__edx != 0) {
						return 1;
					}
					CloseHandle();
					_t47 =  *0x1b291a20; // 0x0
					__eflags = _t47;
					if(_t47 == 0) {
						return 1;
					}
					FreeLibrary();
					return 1;
				}
				 *0x1b291910 = __rcx;
				r8d = 0xff;
				E1B258FC0(_t11, __ecx, 0, 0x1b291920, __rdx, __r8);
				r8d = 0xfe;
				GetModuleFileNameA(??, ??, ??);
				lstrcatA(??, ??);
				DisableThreadLibraryCalls(??);
				E1B2595E0(0x1c0, 0, _t36, _t37, _t39, __rcx, __rdi, __rsi, __r8, _t64);
				_a32 = _t39;
				if(_t39 == 0) {
					__eflags = 0;
				} else {
					E1B234FE0(0, _t43, _t39, __rdi, __rsi, __r8, _t64);
				}
				 *0x1b291a28 = _t39;
				 *((long long*)(_t39 + 0xb0)) = _t43;
				_t40 =  *0x1b291a28; // 0x1b490cd0
				 *((long long*)(_t40 + 0xb8)) = 0;
				_t41 =  *0x1b291a28; // 0x1b490cd0
				 *((intOrPtr*)(_t41 + 0xc8)) = 0;
				_t42 =  *0x1b291a28; // 0x1b490cd0
				 *((intOrPtr*)(_t42 + 0xcc)) = 0;
				r9d = 0;
				r8d = 0;
				CreateEventA(??, ??, ??, ??);
				_t52 =  *0x1b291a28; // 0x1b490cd0
				 *((long long*)(_t52 + 0xc0)) = _t42;
				E1B233CA0(_t61);
				E1B240D80(_t42, _t43, 0x1b26dd40, _t58);
				_t62 =  *0x1b291a28; // 0x1b490cd0
				_t9 = _t62 + 0xc0; // 0x2dc
				E1B259F10(0, _t42, _t43, E1B23AB40, _t58, _t59, _t60,  *_t9, _t65); // executed
				return 1;
			}


















                                                                                                                                  0x1b235260
                                                                                                                                  0x1b235260
                                                                                                                                  0x1b235260
                                                                                                                                  0x1b235260
                                                                                                                                  0x1b235260
                                                                                                                                  0x1b235260
                                                                                                                                  0x1b235260
                                                                                                                                  0x1b235266
                                                                                                                                  0x1b23526f
                                                                                                                                  0x1b235272
                                                                                                                                  0x1b235275
                                                                                                                                  0x1b235378
                                                                                                                                  0x1b23537a
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2353b0
                                                                                                                                  0x1b23538a
                                                                                                                                  0x1b235390
                                                                                                                                  0x1b235397
                                                                                                                                  0x1b23539a
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2353a9
                                                                                                                                  0x1b23539c
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2353a2
                                                                                                                                  0x1b23527b
                                                                                                                                  0x1b235284
                                                                                                                                  0x1b235291
                                                                                                                                  0x1b235296
                                                                                                                                  0x1b2352a6
                                                                                                                                  0x1b2352ba
                                                                                                                                  0x1b2352c3
                                                                                                                                  0x1b2352ce
                                                                                                                                  0x1b2352d3
                                                                                                                                  0x1b2352db
                                                                                                                                  0x1b2352e7
                                                                                                                                  0x1b2352dd
                                                                                                                                  0x1b2352e0
                                                                                                                                  0x1b2352e0
                                                                                                                                  0x1b2352e9
                                                                                                                                  0x1b2352f0
                                                                                                                                  0x1b2352f7
                                                                                                                                  0x1b2352fe
                                                                                                                                  0x1b235309
                                                                                                                                  0x1b235310
                                                                                                                                  0x1b23531a
                                                                                                                                  0x1b235321
                                                                                                                                  0x1b23532b
                                                                                                                                  0x1b23532e
                                                                                                                                  0x1b235337
                                                                                                                                  0x1b23533d
                                                                                                                                  0x1b235344
                                                                                                                                  0x1b23534b
                                                                                                                                  0x1b235350
                                                                                                                                  0x1b235355
                                                                                                                                  0x1b23535c
                                                                                                                                  0x1b23536c
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameA.KERNEL32 ref: 1B2352A6
                                                                                                                                  • lstrcatA.KERNEL32 ref: 1B2352BA
                                                                                                                                  • DisableThreadLibraryCalls.KERNEL32 ref: 1B2352C3
                                                                                                                                  • CreateEventA.KERNEL32 ref: 1B235337
                                                                                                                                    • Part of subcall function 1B234FE0: InitializeCriticalSection.KERNEL32 ref: 1B23514B
                                                                                                                                  • CloseHandle.KERNEL32 ref: 1B23538A
                                                                                                                                  • FreeLibrary.KERNEL32 ref: 1B23539C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Library$CallsCloseCreateCriticalDisableEventFileFreeHandleInitializeModuleNameSectionThreadlstrcat
                                                                                                                                  • String ID: .log$C:\Program Files\iba\ibaAnalyzer\ibaRunTime64.dll.log
                                                                                                                                  • API String ID: 4242873765-2720814247
                                                                                                                                  • Opcode ID: 13b09bd8affc63ff254bd67bf041257d153007e3aa91efe822e0183804e41387
                                                                                                                                  • Instruction ID: 22c2579e627371addbae950df6cf74fc4da716a47f7a730e4bc46d74ff1c7cde
                                                                                                                                  • Opcode Fuzzy Hash: 13b09bd8affc63ff254bd67bf041257d153007e3aa91efe822e0183804e41387
                                                                                                                                  • Instruction Fuzzy Hash: F9317879616B5582FB08DB16E8907D933A0FB8CBAAF644529C80D477B0DF78C48DC700
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B25E700 Relevance: 7.5, APIs: 5, Instructions: 47memorythreadCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  C-Code - Quality: 18%
                                                                                                                                  			E1B25E700(void* __edx, void* __eflags, long* __rax, void* __rcx, void* __rdx, void* __rdi, void* __rsi, void* __r12, void* __r13) {
				void* __rbx;
				intOrPtr _t4;
				void* _t8;
				long _t10;
				intOrPtr _t12;
				intOrPtr _t13;
				long* _t25;
				long* _t26;
				long* _t31;
				void* _t34;

				_t35 = __r12;
				_t33 = __rsi;
				_t32 = __rdi;
				_t25 = __rax;
				E1B259A40(__eflags, __rax, __rcx, __rdx); // executed
				_t4 = E1B260550(_t26, __rdi, __rsi, _t34, __r12, __r13);
				if(_t4 == 0) {
					L5:
					_t12 =  *0x1b28ff60; // 0xc
					__eflags = _t12 - 0xffffffff;
					if(_t12 != 0xffffffff) {
						__imp__FlsFree();
						 *0x1b28ff60 = 0xffffffff;
					}
					goto L7;
				} else {
					__imp__FlsAlloc();
					 *0x1b28ff60 = _t4;
					if(_t4 == 0xffffffff) {
						L7:
						_t13 =  *0x1b28ff64; // 0xffffffff
						__eflags = _t13 - 0xffffffff;
						if(_t13 != 0xffffffff) {
							TlsFree();
							 *0x1b28ff64 = 0xffffffff;
						}
						E1B260600(_t26, _t32, _t33, _t34, _t35);
						__eflags = 0;
						return 0;
					} else {
						_t8 = E1B261130(_t25, _t26, 0x1b25e520, __rdx, _t32, _t33, _t34, _t35);
						_t26 = _t25;
						if(_t25 == 0) {
							goto L5;
						} else {
							_t31 = _t25;
							__imp__FlsSetValue();
							if(_t8 == 0) {
								goto L5;
							} else {
								E1B25E2D0(_t25, _t26, _t26, _t31, _t32, _t33);
								_t10 = GetCurrentThreadId();
								_t26[2] = 0xffffffff;
								 *_t26 = _t10;
								return 1;
							}
						}
					}
				}
			}













                                                                                                                                  0x1b25e700
                                                                                                                                  0x1b25e700
                                                                                                                                  0x1b25e700
                                                                                                                                  0x1b25e700
                                                                                                                                  0x1b25e706
                                                                                                                                  0x1b25e70b
                                                                                                                                  0x1b25e712
                                                                                                                                  0x1b25e77b
                                                                                                                                  0x1b25e77b
                                                                                                                                  0x1b25e781
                                                                                                                                  0x1b25e784
                                                                                                                                  0x1b25e786
                                                                                                                                  0x1b25e78c
                                                                                                                                  0x1b25e78c
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25e714
                                                                                                                                  0x1b25e71b
                                                                                                                                  0x1b25e724
                                                                                                                                  0x1b25e72a
                                                                                                                                  0x1b25e796
                                                                                                                                  0x1b25e796
                                                                                                                                  0x1b25e79c
                                                                                                                                  0x1b25e79f
                                                                                                                                  0x1b25e7a1
                                                                                                                                  0x1b25e7a7
                                                                                                                                  0x1b25e7a7
                                                                                                                                  0x1b25e7b1
                                                                                                                                  0x1b25e7b6
                                                                                                                                  0x1b25e7bd
                                                                                                                                  0x1b25e72c
                                                                                                                                  0x1b25e736
                                                                                                                                  0x1b25e73e
                                                                                                                                  0x1b25e741
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25e743
                                                                                                                                  0x1b25e749
                                                                                                                                  0x1b25e74c
                                                                                                                                  0x1b25e754
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25e756
                                                                                                                                  0x1b25e75b
                                                                                                                                  0x1b25e760
                                                                                                                                  0x1b25e766
                                                                                                                                  0x1b25e76e
                                                                                                                                  0x1b25e77a
                                                                                                                                  0x1b25e77a
                                                                                                                                  0x1b25e754
                                                                                                                                  0x1b25e741
                                                                                                                                  0x1b25e72a

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 1B259A40: _initp_misc_winsig.LIBCMT ref: 1B259A79
                                                                                                                                  • FlsAlloc.KERNEL32(?,?,00000000,1B25B71D), ref: 1B25E71B
                                                                                                                                    • Part of subcall function 1B261130: Sleep.KERNEL32(?,?,?,?,1B25E417,?,?,?,?,1B25BC99,?,?,?,?,1B25A86C), ref: 1B261180
                                                                                                                                  • FlsSetValue.KERNEL32(?,?,00000000,1B25B71D), ref: 1B25E74C
                                                                                                                                    • Part of subcall function 1B25E2D0: GetModuleHandleA.KERNEL32(?,?,?,?,1B25E43C,?,?,?,?,1B25BC99,?,?,?,?,1B25A86C), ref: 1B25E2F0
                                                                                                                                    • Part of subcall function 1B25E2D0: GetProcAddress.KERNEL32(?,?,?,?,1B25E43C,?,?,?,?,1B25BC99,?,?,?,?,1B25A86C), ref: 1B25E31D
                                                                                                                                    • Part of subcall function 1B25E2D0: GetProcAddress.KERNEL32(?,?,?,?,1B25E43C,?,?,?,?,1B25BC99,?,?,?,?,1B25A86C), ref: 1B25E334
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 1B25E760
                                                                                                                                  • FlsFree.KERNEL32(?,?,00000000,1B25B71D), ref: 1B25E786
                                                                                                                                  • TlsFree.KERNEL32(?,?,00000000,1B25B71D), ref: 1B25E7A1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressFreeProc$AllocCurrentHandleModuleSleepThreadValue_initp_misc_winsig
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3227885977-0
                                                                                                                                  • Opcode ID: 911567d29deb7c4c98484da89df94c6c0edc257e6d3d0064d9f18c038c4bb759
                                                                                                                                  • Instruction ID: c8d9de784483d1d1432925815c1d08797074f3a5f1f860ca650e7bdfa38a2e2d
                                                                                                                                  • Opcode Fuzzy Hash: 911567d29deb7c4c98484da89df94c6c0edc257e6d3d0064d9f18c038c4bb759
                                                                                                                                  • Instruction Fuzzy Hash: 40118B3460060683EB14BF75A885BE833A2AF5A7B0F604714CA36822F5EF3C84CDC710
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B259F10 Relevance: 6.1, APIs: 4, Instructions: 71threadCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 991 1b259f10-1b259f36 992 1b259f60-1b259f7f call 1b231670 call 1b261130 991->992 993 1b259f38-1b259f5b call 1b25bc90 call 1b259160 991->993 1003 1b259f81-1b259fcf call 1b25e480 call 1b25e2d0 CreateThread 992->1003 1004 1b259fd9-1b259fe3 call 1b25a880 992->1004 1002 1b259ff8-1b25a010 993->1002 1015 1b25a011-1b25a01d ResumeThread 1003->1015 1016 1b259fd1-1b259fd7 GetLastError 1003->1016 1009 1b259fe5-1b259fe7 call 1b25bcf0 1004->1009 1010 1b259fec 1004->1010 1009->1010 1013 1b259ff3 1010->1013 1013->1002 1017 1b25a01f-1b25a027 GetLastError 1015->1017 1018 1b25a029-1b25a02c 1015->1018 1016->1004 1017->1004 1018->1013
                                                                                                                                  C-Code - Quality: 62%
                                                                                                                                  			E1B259F10(void* __edx, long long __rax, long long __rbx, long long __rcx, long long __rdi, long long __rsi, long long __rbp, long long __r8, long long __r12, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v8;
				long long _v16;
				long long _v24;
				void* _t20;
				long _t23;
				long _t30;
				long long _t50;
				long long _t53;
				long long _t56;
				long long _t64;

				_t64 = __r12;
				_t46 = __rcx;
				_t43 = __rbx;
				_t39 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t30 = 0;
				_t38 = __rcx;
				_v8 = __r12;
				_t56 = __rcx;
				r12d = __edx;
				if(__rcx != 0) {
					_a32 = __rdi;
					E1B231670(_t20);
					E1B261130(__rax, __rbx, __rcx, _t50, __rdi, __rcx, __r8, __r12);
					__eflags = _t39;
					_t53 = _t39;
					if(_t39 == 0) {
						L5:
						_t23 = E1B25A880(_t39, _t53);
						__eflags = _t30;
						if(__eflags != 0) {
							_t23 = E1B25BCF0(_t30, __eflags, _t39, _t50);
						}
					} else {
						E1B25E480(_t39, _t43, _t46, _t50, _t53, _t56, __r8, __r8, _t64);
						E1B25E2D0(_t39, _t43, _t53,  *((intOrPtr*)(_t39 + 0xc0)), _t53, _t56);
						_t50 = _t64;
						_v16 = _t53;
						 *((long long*)(_t53 + 0x90)) = _t56;
						 *((long long*)(_t53 + 0x98)) = __r8;
						_v24 = 4;
						CreateThread(??, ??, ??, ??, ??, ??); // executed
						__eflags = _t39;
						 *((long long*)(_t53 + 8)) = _t39;
						if(_t39 != 0) {
							_t23 = ResumeThread(); // executed
							__eflags = _t23 - 0xffffffff;
							if(_t23 != 0xffffffff) {
								goto L8;
							} else {
								_t30 = GetLastError();
								goto L5;
							}
							L13:
						} else {
							_t30 = GetLastError();
							goto L5;
						}
					}
					L8:
				} else {
					E1B25BC90(_t38, __rax);
					r9d = 0;
					r8d = 0;
					_v24 = __rbx;
					 *((intOrPtr*)(__rax)) = 0x16;
					_t23 = E1B259160(__rbx, __rcx, _t50, __rdi, __rcx, __r8, __r8);
				}
				return _t23;
				goto L13;
			}













                                                                                                                                  0x1b259f10
                                                                                                                                  0x1b259f10
                                                                                                                                  0x1b259f10
                                                                                                                                  0x1b259f10
                                                                                                                                  0x1b259f14
                                                                                                                                  0x1b259f19
                                                                                                                                  0x1b259f1e
                                                                                                                                  0x1b259f23
                                                                                                                                  0x1b259f25
                                                                                                                                  0x1b259f28
                                                                                                                                  0x1b259f30
                                                                                                                                  0x1b259f33
                                                                                                                                  0x1b259f36
                                                                                                                                  0x1b259f60
                                                                                                                                  0x1b259f65
                                                                                                                                  0x1b259f74
                                                                                                                                  0x1b259f79
                                                                                                                                  0x1b259f7c
                                                                                                                                  0x1b259f7f
                                                                                                                                  0x1b259fd9
                                                                                                                                  0x1b259fdc
                                                                                                                                  0x1b259fe1
                                                                                                                                  0x1b259fe3
                                                                                                                                  0x1b259fe7
                                                                                                                                  0x1b259fe7
                                                                                                                                  0x1b259f81
                                                                                                                                  0x1b259f81
                                                                                                                                  0x1b259f90
                                                                                                                                  0x1b259f9c
                                                                                                                                  0x1b259fa4
                                                                                                                                  0x1b259fa9
                                                                                                                                  0x1b259fb0
                                                                                                                                  0x1b259fb7
                                                                                                                                  0x1b259fbf
                                                                                                                                  0x1b259fc5
                                                                                                                                  0x1b259fcb
                                                                                                                                  0x1b259fcf
                                                                                                                                  0x1b25a014
                                                                                                                                  0x1b25a01a
                                                                                                                                  0x1b25a01d
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25a01f
                                                                                                                                  0x1b25a025
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25a025
                                                                                                                                  0x00000000
                                                                                                                                  0x1b259fd1
                                                                                                                                  0x1b259fd7
                                                                                                                                  0x00000000
                                                                                                                                  0x1b259fd7
                                                                                                                                  0x1b259fcf
                                                                                                                                  0x1b259ff3
                                                                                                                                  0x1b259f38
                                                                                                                                  0x1b259f38
                                                                                                                                  0x1b259f3d
                                                                                                                                  0x1b259f40
                                                                                                                                  0x1b259f47
                                                                                                                                  0x1b259f4c
                                                                                                                                  0x1b259f52
                                                                                                                                  0x1b259f57
                                                                                                                                  0x1b25a010
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastThread$CreateResume
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2238817523-0
                                                                                                                                  • Opcode ID: b3a8ab2edce474f8bdc302bdf77bfc70dd7ebede2eae359a555d48938064aa25
                                                                                                                                  • Instruction ID: 876d3b7b51a02a854eb50d4a0fcac23b66029f40063930c2e79dfb43f27837e9
                                                                                                                                  • Opcode Fuzzy Hash: b3a8ab2edce474f8bdc302bdf77bfc70dd7ebede2eae359a555d48938064aa25
                                                                                                                                  • Instruction Fuzzy Hash: E321A131714B8586DB049FA6B9813DEB3A4F74ABE0F680229EF9D43B94CF78D4588700
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B2647F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1019 1b2647f0-1b2647fb 1020 1b264802-1b26483c GetModuleFileNameA 1019->1020 1021 1b2647fd call 1b262920 1019->1021 1023 1b264843 1020->1023 1024 1b26483e-1b264841 1020->1024 1021->1020 1025 1b264846-1b264879 call 1b2645b0 1023->1025 1024->1023 1024->1025 1028 1b2648e7-1b2648ff 1025->1028 1029 1b26487b-1b264884 1025->1029 1029->1028 1030 1b264886-1b26488d 1029->1030 1030->1028 1031 1b26488f-1b26489a call 1b2610b0 1030->1031 1031->1028 1034 1b26489c-1b2648e6 call 1b2645b0 1031->1034
                                                                                                                                  C-Code - Quality: 70%
                                                                                                                                  			E1B2647F0(long long __rbx, long long __rdi, long long __rsi, void* __r8, void* __r12, void* __r13, void* __r14, char _a8, long long _a16, long long _a24, long long _a32) {
				char _v24;
				long long _v40;
				long long _t42;
				long long _t44;
				char* _t45;
				long long _t53;
				long long _t56;
				long long _t58;
				signed long long _t59;
				void* _t62;
				void* _t63;
				void* _t67;
				void* _t68;
				void* _t69;

				_t69 = __r14;
				_t68 = __r13;
				_t67 = __r12;
				_t63 = __r8;
				_t58 = __rsi;
				_t53 = __rdi;
				_t44 = __rbx;
				if( *0x1b294ca8 == 0) {
					E1B262920(); // executed
				}
				_a16 = _t44;
				_a32 = _t53;
				r8d = 0x104;
				 *0x1b293994 = 0;
				GetModuleFileNameA(??, ??, ??);
				_t45 =  *0x1b294c88;
				 *0x1b292be0 = 0x1b293890;
				if(_t45 == 0 ||  *_t45 == 0) {
					_t45 = 0x1b293890;
				}
				r8d = 0;
				_a24 = _t58;
				_v40 =  &_v24;
				E1B2645B0(_t45, _t45, 0x1b293890, 0x1b293890, _t58, _t62, _t63,  &_a8, _t67, _t68, _t69);
				_t59 = _a8;
				if(_t59 >= 0xffffffff) {
					L10:
					return 0xffffffff;
				} else {
					_t42 = _v24;
					if(_t42 >= 0xffffffff) {
						goto L10;
					} else {
						_t49 = _t42 + _t59 * 8;
						if(_t42 + _t59 * 8 < _t42) {
							goto L10;
						} else {
							E1B2610B0(0, _t42, _t45, _t49, 0x1b293890, _t59, _t62);
							_t56 = _t42;
							if(_t42 == 0) {
								goto L10;
							} else {
								_v40 =  &_v24;
								E1B2645B0(_t45, _t45, _t56, _t56, _t59, _t62, _t42 + _t59 * 8,  &_a8, _t67, _t68, _t69);
								r11d = _a8;
								 *0x1b292bb0 = _t56;
								r11d = r11d + 0xffffffff;
								 *0x1b292ba8 = r11d;
								return 0;
							}
						}
					}
				}
			}

















                                                                                                                                  0x1b2647f0
                                                                                                                                  0x1b2647f0
                                                                                                                                  0x1b2647f0
                                                                                                                                  0x1b2647f0
                                                                                                                                  0x1b2647f0
                                                                                                                                  0x1b2647f0
                                                                                                                                  0x1b2647f0
                                                                                                                                  0x1b2647fb
                                                                                                                                  0x1b2647fd
                                                                                                                                  0x1b2647fd
                                                                                                                                  0x1b264802
                                                                                                                                  0x1b264807
                                                                                                                                  0x1b264813
                                                                                                                                  0x1b26481e
                                                                                                                                  0x1b264825
                                                                                                                                  0x1b26482b
                                                                                                                                  0x1b264835
                                                                                                                                  0x1b26483c
                                                                                                                                  0x1b264843
                                                                                                                                  0x1b264843
                                                                                                                                  0x1b264850
                                                                                                                                  0x1b264858
                                                                                                                                  0x1b26485d
                                                                                                                                  0x1b264862
                                                                                                                                  0x1b264867
                                                                                                                                  0x1b264879
                                                                                                                                  0x1b2648e7
                                                                                                                                  0x1b2648ff
                                                                                                                                  0x1b26487b
                                                                                                                                  0x1b26487b
                                                                                                                                  0x1b264884
                                                                                                                                  0x00000000
                                                                                                                                  0x1b264886
                                                                                                                                  0x1b264886
                                                                                                                                  0x1b26488d
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26488f
                                                                                                                                  0x1b26488f
                                                                                                                                  0x1b264897
                                                                                                                                  0x1b26489a
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26489c
                                                                                                                                  0x1b2648b0
                                                                                                                                  0x1b2648b5
                                                                                                                                  0x1b2648ba
                                                                                                                                  0x1b2648bf
                                                                                                                                  0x1b2648c6
                                                                                                                                  0x1b2648cc
                                                                                                                                  0x1b2648e6
                                                                                                                                  0x1b2648e6
                                                                                                                                  0x1b26489a
                                                                                                                                  0x1b26488d
                                                                                                                                  0x1b264884

                                                                                                                                  APIs
                                                                                                                                  • __initmbctable.LIBCMT ref: 1B2647FD
                                                                                                                                  • GetModuleFileNameA.KERNEL32(?,?,?,?,?,?,?,?,1B25B74D), ref: 1B264825
                                                                                                                                  Strings
                                                                                                                                  • C:\Windows\system32\regsvr32.exe, xrefs: 1B26480C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileModuleName__initmbctable
                                                                                                                                  • String ID: C:\Windows\system32\regsvr32.exe
                                                                                                                                  • API String ID: 3548084100-464481000
                                                                                                                                  • Opcode ID: 34c76cabf3ccdd721efebdfffbb5d86fd5f4aac16aa6c5e30dbd687c3d9aec00
                                                                                                                                  • Instruction ID: a4132f620332dc4a8fe123e7c310c2d9eeac7d2b8cd5d3914c0f9b7e60ad907a
                                                                                                                                  • Opcode Fuzzy Hash: 34c76cabf3ccdd721efebdfffbb5d86fd5f4aac16aa6c5e30dbd687c3d9aec00
                                                                                                                                  • Instruction Fuzzy Hash: 03212A36615B9086DA00CB55E98038AB7A6F789BF4F941716EEBD13BD8DB78D088C740
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B256E60 Relevance: 4.6, APIs: 3, Instructions: 80synchronizationCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  C-Code - Quality: 47%
                                                                                                                                  			E1B256E60(long long __rax, void* __rdx) {
				long long _v16;
				char _v24;
				void* __rbx;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t51;
				void* _t61;
				long long _t63;
				long long _t64;
				long long _t65;
				long long _t66;
				long long _t67;
				long long _t68;
				long long _t69;
				long long _t70;
				long long _t71;
				long long _t72;
				intOrPtr _t73;
				void* _t74;
				void* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t89;
				intOrPtr _t90;
				void* _t91;

				r9d = 0;
				r8d = 0;
				CreateEventA(??, ??, ??, ??);
				_v24 = __rax;
				_t61 =  <  ? 0x1b256e30 : 0x1b256af0;
				_v16 = 0x1b256af0;
				E1B259F10(0, _t61, _t74, 0x1b255140, _t85, _t86, _t87,  &_v24, _t91); // executed
				WaitForSingleObject(??, ??);
				CloseHandle(??);
				_t89 =  *0x1b2916c0; // 0x7ffa61fd0000
				 *0x1b2916a0 = _t89;
				 *0x1b2916a0 = _t61 + _t89;
				 *0x1b291698 =  *((intOrPtr*)(_t61 +  *((intOrPtr*)(_t89 + 0x3c)) + _t89 + 0x18 + 0x10));
				E1B245B20(0,  *((intOrPtr*)(_t61 +  *((intOrPtr*)(_t89 + 0x3c)) + _t89 + 0x18 + 0x14)), 0x1b291690, 0x1b291690, _t61 +  *((intOrPtr*)(_t89 + 0x3c)) + _t89 + 0x18, _t85, _t86, _t87, _t91);
				_t63 =  *0x1b2916b0; // 0x0
				_t90 =  *0x1b291a28; // 0x1b490cd0
				 *((long long*)(_t90 + 0x108)) = _t63;
				_t43 =  *0x1b2916b8; // 0x0
				 *((intOrPtr*)(_t90 + 0x110)) = _t43;
				_t64 =  *0x1b2916a0; // 0x7ffa61fd1000
				 *((long long*)(_t90 + 0xf8)) = _t64;
				_t44 =  *0x1b291698; // 0xefc00
				 *((intOrPtr*)(_t90 + 0xf0)) = _t44;
				_t65 =  *0x1b2916c0; // 0x7ffa61fd0000
				 *((long long*)(_t90 + 0x118)) = _t65;
				_t66 =  *0x1b2916d8; // 0x7ffa4dbd0000
				 *((long long*)(_t90 + 0x130)) = _t66;
				_t67 =  *0x1b2916c8; // 0x5100
				 *((long long*)(_t90 + 0x120)) = _t67;
				_t68 =  *0x1b2916d0; // 0x0
				 *((long long*)(_t90 + 0x128)) = _t68;
				_t69 =  *0x1b2916a8; // 0x7ffa620dbac0
				 *((long long*)(_t90 + 0x100)) = _t69;
				_t25 = _t90 + 0xec; // 0xefc00628c385f
				 *(_t90 + 0x140) =  *_t25 ^  *0x1b291694 ^  *0x1b2916e8;
				_t48 =  *0x1b2916f0; // 0x87654321
				 *((intOrPtr*)(_t90 + 0x148)) = _t48;
				_t70 =  *0x1b2916e0; // 0x0
				 *((long long*)(_t90 + 0x138)) = _t70;
				_t49 =  *0x1b2916bc; // 0x0
				 *((intOrPtr*)(_t90 + 0x114)) = _t49;
				_t50 =  *0x1b291700; // 0x0
				 *((intOrPtr*)(_t90 + 0x158)) = _t50;
				_t71 =  *0x1b2916f8; // 0x0
				 *((long long*)(_t90 + 0x150)) = _t71;
				_t72 =  *0x1b291708; // 0x0
				 *((long long*)(_t90 + 0x160)) = _t72;
				_t51 =  *0x1b291710; // 0x0
				 *((intOrPtr*)(_t90 + 0x168)) = _t51;
				_t73 =  *0x1b291a28; // 0x1b490cd0
				 *((long long*)(_t73 + 0x170)) = 0x1b291690;
				return _t51;
			}































                                                                                                                                  0x1b256e66
                                                                                                                                  0x1b256e69
                                                                                                                                  0x1b256e70
                                                                                                                                  0x1b256e87
                                                                                                                                  0x1b256e98
                                                                                                                                  0x1b256ea5
                                                                                                                                  0x1b256eaa
                                                                                                                                  0x1b256eb9
                                                                                                                                  0x1b256ec4
                                                                                                                                  0x1b256eca
                                                                                                                                  0x1b256ed8
                                                                                                                                  0x1b256ef8
                                                                                                                                  0x1b256f02
                                                                                                                                  0x1b256f0b
                                                                                                                                  0x1b256f10
                                                                                                                                  0x1b256f17
                                                                                                                                  0x1b256f1e
                                                                                                                                  0x1b256f25
                                                                                                                                  0x1b256f2b
                                                                                                                                  0x1b256f32
                                                                                                                                  0x1b256f39
                                                                                                                                  0x1b256f40
                                                                                                                                  0x1b256f46
                                                                                                                                  0x1b256f4d
                                                                                                                                  0x1b256f54
                                                                                                                                  0x1b256f5b
                                                                                                                                  0x1b256f62
                                                                                                                                  0x1b256f69
                                                                                                                                  0x1b256f70
                                                                                                                                  0x1b256f77
                                                                                                                                  0x1b256f7e
                                                                                                                                  0x1b256f85
                                                                                                                                  0x1b256f8c
                                                                                                                                  0x1b256f93
                                                                                                                                  0x1b256fa6
                                                                                                                                  0x1b256fad
                                                                                                                                  0x1b256fb3
                                                                                                                                  0x1b256fba
                                                                                                                                  0x1b256fc1
                                                                                                                                  0x1b256fc8
                                                                                                                                  0x1b256fce
                                                                                                                                  0x1b256fd5
                                                                                                                                  0x1b256fdb
                                                                                                                                  0x1b256fe2
                                                                                                                                  0x1b256fe9
                                                                                                                                  0x1b256ff0
                                                                                                                                  0x1b256ff7
                                                                                                                                  0x1b256ffe
                                                                                                                                  0x1b257004
                                                                                                                                  0x1b25700b
                                                                                                                                  0x1b257012
                                                                                                                                  0x1b25701e

                                                                                                                                  APIs
                                                                                                                                  • CreateEventA.KERNEL32(?,?,?,1C9C463E,1C9C463E,1B23AA57), ref: 1B256E70
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,?,?,1C9C463E,1C9C463E,1B23AA57), ref: 1B256EB9
                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,1C9C463E,1C9C463E,1B23AA57), ref: 1B256EC4
                                                                                                                                    • Part of subcall function 1B245B20: GetModuleFileNameA.KERNEL32 ref: 1B245B81
                                                                                                                                    • Part of subcall function 1B245B20: CreateFileA.KERNEL32 ref: 1B245BB1
                                                                                                                                    • Part of subcall function 1B245B20: SetFilePointer.KERNEL32 ref: 1B245BCB
                                                                                                                                    • Part of subcall function 1B245B20: ReadFile.KERNEL32 ref: 1B245BEC
                                                                                                                                    • Part of subcall function 1B245B20: SetFilePointer.KERNEL32 ref: 1B245C0E
                                                                                                                                    • Part of subcall function 1B245B20: ReadFile.KERNEL32 ref: 1B245C2D
                                                                                                                                    • Part of subcall function 1B245B20: CloseHandle.KERNEL32 ref: 1B245C36
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$CloseCreateHandlePointerRead$EventModuleNameObjectSingleWait
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1466839104-0
                                                                                                                                  • Opcode ID: 4104e615d4462387e65fa227b3f04b43ec3063c9f4641dc20cbbd6f0dc42f764
                                                                                                                                  • Instruction ID: 205deae61d9079323d17267c60c02d8a8c3235ad934862145ab8d36d52fb15c9
                                                                                                                                  • Opcode Fuzzy Hash: 4104e615d4462387e65fa227b3f04b43ec3063c9f4641dc20cbbd6f0dc42f764
                                                                                                                                  • Instruction Fuzzy Hash: 8441E67AA01B649AE754CF17E884BD933F8F74C799F65412ADA5C83320DB79C899C700
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00007FF9EE5F56F5 Relevance: 3.3, APIs: 2, Instructions: 303COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1123 7ff9ee5f56f5-7ff9ee5f574d 1126 7ff9ee5f5753-7ff9ee5f5793 RtlDecodePointer 1123->1126 1127 7ff9ee5f59ea-7ff9ee5f59fe 1123->1127 1129 7ff9ee5f5795 1126->1129 1130 7ff9ee5f579b-7ff9ee5f57e6 1126->1130 1129->1130 1133 7ff9ee5f57e8 1130->1133 1134 7ff9ee5f57ee-7ff9ee5f57fd 1130->1134 1133->1134 1135 7ff9ee5f59e5 call 7ff9ee5f5620 1134->1135 1136 7ff9ee5f5803-7ff9ee5f5806 1134->1136 1135->1127 1136->1135 1137 7ff9ee5f580c-7ff9ee5f580f 1136->1137 1137->1135 1139 7ff9ee5f5815-7ff9ee5f5819 1137->1139 1140 7ff9ee5f581b-7ff9ee5f5822 1139->1140 1141 7ff9ee5f5828-7ff9ee5f5866 1140->1141 1142 7ff9ee5f59dd-7ff9ee5f59de 1140->1142 1145 7ff9ee5f5868 1141->1145 1146 7ff9ee5f586e-7ff9ee5f5879 1141->1146 1142->1135 1145->1146 1146->1140 1147 7ff9ee5f587b-7ff9ee5f58b7 1146->1147 1150 7ff9ee5f58bf-7ff9ee5f5905 1147->1150 1151 7ff9ee5f58b9 1147->1151 1154 7ff9ee5f5907 1150->1154 1155 7ff9ee5f590d-7ff9ee5f595b RtlDecodePointer 1150->1155 1151->1150 1154->1155 1158 7ff9ee5f5963-7ff9ee5f59ae 1155->1158 1159 7ff9ee5f595d 1155->1159 1162 7ff9ee5f59b6-7ff9ee5f59c1 1158->1162 1163 7ff9ee5f59b0 1158->1163 1159->1158 1164 7ff9ee5f59c3-7ff9ee5f59c6 1162->1164 1165 7ff9ee5f59cc-7ff9ee5f59d8 1162->1165 1163->1162 1164->1140 1164->1165 1165->1140
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.666494244.00007FF9EE5E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9EE5E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff9ee5e0000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DecodePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3527080286-0
                                                                                                                                  • Opcode ID: 287fb84904350d8962c475f7f5536b12d40d108f2041bdffa48bac6bb70a8ec6
                                                                                                                                  • Instruction ID: a4b4e97ad28dd38c2840050a2ba8f4ca67641396945f2060896696452db3f490
                                                                                                                                  • Opcode Fuzzy Hash: 287fb84904350d8962c475f7f5536b12d40d108f2041bdffa48bac6bb70a8ec6
                                                                                                                                  • Instruction Fuzzy Hash: CFA1C43140DB858FE765EF2D84597647FE0FB25321F05467EC09AC3A92CBA97809CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B259E70 Relevance: 3.0, APIs: 2, Instructions: 46threadCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  C-Code - Quality: 42%
                                                                                                                                  			E1B259E70(void* __edx, intOrPtr* __rax, void* __rbx, long long __rcx, long long __rdi, long long __rsi, long long __rbp, long long __r8, long long __r12) {
				void* _v8;
				void* _v16;
				void* _v24;
				void* _v32;
				void* _v48;
				void* _v56;
				void* _v64;
				void* _t26;
				void* _t30;
				long _t33;
				void* _t42;
				long _t44;
				long _t45;
				void* _t51;
				intOrPtr* _t59;
				long long _t66;
				long long _t69;
				long long _t73;
				long long _t75;
				long long _t76;
				long long _t78;
				long long _t79;
				long long _t81;
				long long _t82;
				void* _t84;
				void* _t85;
				void* _t86;
				long long _t88;
				long long _t92;

				_t92 = __r12;
				_t88 = __r8;
				_t81 = __rbp;
				_t78 = __rsi;
				_t75 = __rdi;
				_t69 = __rcx;
				_t59 = __rax;
				_t51 = __edx;
				_push(__rbx);
				_t85 = _t84 - 0x20;
				_t66 = __rcx;
				E1B231670(_t26);
				_t45 = E1B25E260();
				L1B25E250();
				if(__rax != 0) {
					_t69 = __rcx;
					 *((long long*)(__rax + 0x90)) =  *((intOrPtr*)(__rcx + 0x90));
					 *((long long*)(__rax + 0x98)) =  *((intOrPtr*)(__rcx + 0x98));
					_t59 =  *((intOrPtr*)(__rcx + 8));
					 *((long long*)(__rax + 8)) = _t59;
					E1B25E520(_t45, __edx, _t59, __rcx, __rcx, __rdi, __rsi, __rbp);
				} else {
					_t42 = E1B25E260();
					_t73 = __rcx;
					L1B25E270();
					if(_t42 == 0) {
						_t45 = GetLastError();
						ExitThread(??);
					}
				}
				_t56 =  *0x1b27aea8;
				if( *0x1b27aea8 != 0) {
					_t69 = 0x1b27aea8;
					if(E1B260990(_t56, _t59, 0x1b27aea8) != 0) {
						 *0x1b27aea8(); // executed
					}
				}
				_t30 = E1B259E20(_t59); // executed
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t86 = _t85 - 0x38;
				 *((long long*)(_t86 + 0x40)) = _t66;
				 *((long long*)(_t86 + 0x48)) = _t81;
				 *((long long*)(_t86 + 0x50)) = _t78;
				_t44 = 0;
				_t58 = _t69;
				 *((long long*)(_t86 + 0x30)) = _t92;
				_t82 = _t88;
				_t79 = _t69;
				r12d = _t51;
				if(_t69 != 0) {
					 *((long long*)(_t86 + 0x58)) = _t75;
					E1B231670(_t30);
					E1B261130(_t59, _t66, _t69, _t73, _t75, _t79, _t82, _t92);
					__eflags = _t59;
					_t76 = _t59;
					if(_t59 == 0) {
						L13:
						_t33 = E1B25A880(_t59, _t76);
						__eflags = _t44;
						if(__eflags != 0) {
							_t33 = E1B25BCF0(_t44, __eflags, _t59, _t73);
						}
					} else {
						E1B25E480(_t59, _t66, _t69, _t73, _t76, _t79, _t82, _t88, _t92);
						E1B25E2D0(_t59, _t66, _t76,  *((intOrPtr*)(_t59 + 0xc0)), _t76, _t79);
						_t73 = _t92;
						 *((long long*)(_t86 + 0x28)) = _t76;
						 *((long long*)(_t76 + 0x90)) = _t79;
						 *((long long*)(_t76 + 0x98)) = _t82;
						 *((intOrPtr*)(_t86 + 0x20)) = 4;
						CreateThread(??, ??, ??, ??, ??, ??); // executed
						__eflags = _t59;
						 *((long long*)(_t76 + 8)) = _t59;
						if(_t59 != 0) {
							_t33 = ResumeThread(); // executed
							__eflags = _t33 - 0xffffffff;
							if(_t33 != 0xffffffff) {
								goto L16;
							} else {
								_t44 = GetLastError();
								goto L13;
							}
							L21:
						} else {
							_t44 = GetLastError();
							goto L13;
						}
					}
					L16:
				} else {
					E1B25BC90(_t58, _t59);
					r9d = 0;
					r8d = 0;
					 *((long long*)(_t86 + 0x20)) = _t66;
					 *_t59 = 0x16;
					_t33 = E1B259160(_t66, _t69, _t73, _t75, _t79, _t82, _t88);
				}
				return _t33;
				goto L21;
			}
































                                                                                                                                  0x1b259e70
                                                                                                                                  0x1b259e70
                                                                                                                                  0x1b259e70
                                                                                                                                  0x1b259e70
                                                                                                                                  0x1b259e70
                                                                                                                                  0x1b259e70
                                                                                                                                  0x1b259e70
                                                                                                                                  0x1b259e70
                                                                                                                                  0x1b259e70
                                                                                                                                  0x1b259e72
                                                                                                                                  0x1b259e76
                                                                                                                                  0x1b259e79
                                                                                                                                  0x1b259e83
                                                                                                                                  0x1b259e85
                                                                                                                                  0x1b259e90
                                                                                                                                  0x1b259ebb
                                                                                                                                  0x1b259ebe
                                                                                                                                  0x1b259ecc
                                                                                                                                  0x1b259ed3
                                                                                                                                  0x1b259ed7
                                                                                                                                  0x1b259edb
                                                                                                                                  0x1b259e92
                                                                                                                                  0x1b259e92
                                                                                                                                  0x1b259e97
                                                                                                                                  0x1b259e9c
                                                                                                                                  0x1b259ea3
                                                                                                                                  0x1b259eab
                                                                                                                                  0x1b259ead
                                                                                                                                  0x1b259ead
                                                                                                                                  0x1b259ea3
                                                                                                                                  0x1b259ee0
                                                                                                                                  0x1b259ee8
                                                                                                                                  0x1b259eea
                                                                                                                                  0x1b259ef8
                                                                                                                                  0x1b259efa
                                                                                                                                  0x1b259efa
                                                                                                                                  0x1b259ef8
                                                                                                                                  0x1b259f00
                                                                                                                                  0x1b259f05
                                                                                                                                  0x1b259f06
                                                                                                                                  0x1b259f07
                                                                                                                                  0x1b259f08
                                                                                                                                  0x1b259f09
                                                                                                                                  0x1b259f0a
                                                                                                                                  0x1b259f0b
                                                                                                                                  0x1b259f0c
                                                                                                                                  0x1b259f0d
                                                                                                                                  0x1b259f0e
                                                                                                                                  0x1b259f0f
                                                                                                                                  0x1b259f10
                                                                                                                                  0x1b259f14
                                                                                                                                  0x1b259f19
                                                                                                                                  0x1b259f1e
                                                                                                                                  0x1b259f23
                                                                                                                                  0x1b259f25
                                                                                                                                  0x1b259f28
                                                                                                                                  0x1b259f2d
                                                                                                                                  0x1b259f30
                                                                                                                                  0x1b259f33
                                                                                                                                  0x1b259f36
                                                                                                                                  0x1b259f60
                                                                                                                                  0x1b259f65
                                                                                                                                  0x1b259f74
                                                                                                                                  0x1b259f79
                                                                                                                                  0x1b259f7c
                                                                                                                                  0x1b259f7f
                                                                                                                                  0x1b259fd9
                                                                                                                                  0x1b259fdc
                                                                                                                                  0x1b259fe1
                                                                                                                                  0x1b259fe3
                                                                                                                                  0x1b259fe7
                                                                                                                                  0x1b259fe7
                                                                                                                                  0x1b259f81
                                                                                                                                  0x1b259f81
                                                                                                                                  0x1b259f90
                                                                                                                                  0x1b259f9c
                                                                                                                                  0x1b259fa4
                                                                                                                                  0x1b259fa9
                                                                                                                                  0x1b259fb0
                                                                                                                                  0x1b259fb7
                                                                                                                                  0x1b259fbf
                                                                                                                                  0x1b259fc5
                                                                                                                                  0x1b259fcb
                                                                                                                                  0x1b259fcf
                                                                                                                                  0x1b25a014
                                                                                                                                  0x1b25a01a
                                                                                                                                  0x1b25a01d
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25a01f
                                                                                                                                  0x1b25a025
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25a025
                                                                                                                                  0x00000000
                                                                                                                                  0x1b259fd1
                                                                                                                                  0x1b259fd7
                                                                                                                                  0x00000000
                                                                                                                                  0x1b259fd7
                                                                                                                                  0x1b259fcf
                                                                                                                                  0x1b259ff3
                                                                                                                                  0x1b259f38
                                                                                                                                  0x1b259f38
                                                                                                                                  0x1b259f3d
                                                                                                                                  0x1b259f40
                                                                                                                                  0x1b259f47
                                                                                                                                  0x1b259f4c
                                                                                                                                  0x1b259f52
                                                                                                                                  0x1b259f57
                                                                                                                                  0x1b25a010
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorExitLastThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1611280651-0
                                                                                                                                  • Opcode ID: a1e05c4c1bbd5933b79d8abaadd1344953be013bdb5f87f8aabdc5bdbe6b25b4
                                                                                                                                  • Instruction ID: 0e3440a4e8fb67f45ed74fd13dd2ff43858c15b7a640c2f63f914497f35e6e36
                                                                                                                                  • Opcode Fuzzy Hash: a1e05c4c1bbd5933b79d8abaadd1344953be013bdb5f87f8aabdc5bdbe6b25b4
                                                                                                                                  • Instruction Fuzzy Hash: 5201FB35701B4946DF00EFB1D8897D932A5AB59B85F284435CD4E86354FF78D88DC311
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B259DC0 Relevance: 3.0, APIs: 2, Instructions: 21threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 51%
                                                                                                                                  			E1B259DC0() {
				long* _t13;
				long long _t14;
				long* _t15;
				void* _t19;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t23;
				void* _t24;

				_t8 =  *0x1b27aeb0;
				if( *0x1b27aeb0 != 0 && E1B260990(_t8, _t13, 0x1b27aeb0) != 0) {
					 *0x1b27aeb0();
				}
				E1B25E3E0(_t13, _t14, 0x1b27aeb0, _t19, _t20, _t21, _t22, _t23, _t24);
				_t15 = _t13;
				if(_t13 != 0) {
					if( *((intOrPtr*)(_t13 + 8)) != 0xffffffff) {
						CloseHandle();
					}
					E1B25E6A0(_t13, _t15);
				}
				ExitThread();
			}












                                                                                                                                  0x1b259dc6
                                                                                                                                  0x1b259dce
                                                                                                                                  0x1b259de0
                                                                                                                                  0x1b259de0
                                                                                                                                  0x1b259de6
                                                                                                                                  0x1b259dee
                                                                                                                                  0x1b259df1
                                                                                                                                  0x1b259dfb
                                                                                                                                  0x1b259dfd
                                                                                                                                  0x1b259dfd
                                                                                                                                  0x1b259e06
                                                                                                                                  0x1b259e06
                                                                                                                                  0x1b259e0d

                                                                                                                                  APIs
                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,1B259E3C,?,?,?,?,1B259F05), ref: 1B259DFD
                                                                                                                                  • ExitThread.KERNEL32 ref: 1B259E0D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseExitHandleThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3411751092-0
                                                                                                                                  • Opcode ID: cd1dfb5c4413765cd63281ea62d236b52892f2f7d8debcd611686352d0379b03
                                                                                                                                  • Instruction ID: 6f496dd80a4739a1e2a64b24eddbbbe0878c58e1a12b4d8f8d56364b851ece4d
                                                                                                                                  • Opcode Fuzzy Hash: cd1dfb5c4413765cd63281ea62d236b52892f2f7d8debcd611686352d0379b03
                                                                                                                                  • Instruction Fuzzy Hash: EAE0ED3060294642EE44AB71D8D57E43295AB5A7B0F540325CD7A412E0EF79D48E8200
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B262DD0 Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • HeapCreate.KERNELBASE(?,?,?,?,1B25B6FC), ref: 1B262DE2
                                                                                                                                  • HeapSetInformation.KERNEL32 ref: 1B262E11
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$CreateInformation
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1774340351-0
                                                                                                                                  • Opcode ID: e50d96227761b36ac8850ba0bbcfa41612d98c100e0f6e82403d6f20cbc4c255
                                                                                                                                  • Instruction ID: cbe3131305846bb3ebaa69506dd16b58eb2e00087cc3623dd1cf027292c59ca1
                                                                                                                                  • Opcode Fuzzy Hash: e50d96227761b36ac8850ba0bbcfa41612d98c100e0f6e82403d6f20cbc4c255
                                                                                                                                  • Instruction Fuzzy Hash: ADE04FB5F2269083E7889B22A8867857250F788780F909029EE4E42754EFBDC2898B00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00007FF9EE5F5395 Relevance: 1.7, APIs: 1, Instructions: 234COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.666494244.00007FF9EE5E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9EE5E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff9ee5e0000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DecodePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3527080286-0
                                                                                                                                  • Opcode ID: a97c9e2067591258a79adfe87a29aacddda974584f6e9c83cdec057e002de0f5
                                                                                                                                  • Instruction ID: 31935142abd4d4f8255e5ed2fde71cd74fd754024f8ed369639f3d12b905c466
                                                                                                                                  • Opcode Fuzzy Hash: a97c9e2067591258a79adfe87a29aacddda974584f6e9c83cdec057e002de0f5
                                                                                                                                  • Instruction Fuzzy Hash: 9B71C23090CA8D8FEF55EF6898587E8BBE0FF16321F0501BAD049D3192DFA56845CB92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00007FF9EE5EFC99 Relevance: 1.7, APIs: 1, Instructions: 180libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.666494244.00007FF9EE5E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9EE5E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff9ee5e0000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                  • Opcode ID: 7f94743e32b9f053d8faa965b8e1d236b0fc3798c2b117957a83e4afe1f6d500
                                                                                                                                  • Instruction ID: a0f5a75c271ebe3480f2d3ee6bb5126f109c7bd0ce24e7cdc1307dfee624e4f7
                                                                                                                                  • Opcode Fuzzy Hash: 7f94743e32b9f053d8faa965b8e1d236b0fc3798c2b117957a83e4afe1f6d500
                                                                                                                                  • Instruction Fuzzy Hash: C751BF2086D3C94FDB12AB7858657A67FE4DF13229F1800AFE0D9C70A3DE992416C767
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00007FF9EE5F239D Relevance: 1.6, APIs: 1, Instructions: 137registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.666494244.00007FF9EE5E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9EE5E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff9ee5e0000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Create
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                  • Opcode ID: 18ed314656138bdd968c52bfc3bb949e6e11b090c90ebae563e5a0cf85244beb
                                                                                                                                  • Instruction ID: 1d7fb26f1081e467445418736293dfcfd3ff613060697fa4e8ce71c995ee3fa9
                                                                                                                                  • Opcode Fuzzy Hash: 18ed314656138bdd968c52bfc3bb949e6e11b090c90ebae563e5a0cf85244beb
                                                                                                                                  • Instruction Fuzzy Hash: 4A41C47090CB4C9FDB58EF5CD845AA97BE0FBA9321F00422FE049C3692CB70A851CB95
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00007FF9EE5F207A Relevance: 1.6, APIs: 1, Instructions: 123registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.666494244.00007FF9EE5E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9EE5E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff9ee5e0000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Open
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 71445658-0
                                                                                                                                  • Opcode ID: 63bc88f5ba5387a9e58678dc534fa4399c222dc002277c6afa5b3f39b02c81aa
                                                                                                                                  • Instruction ID: 4d0aa44449fc9707aa6322735cb041a4db8e02bd9c778af9bb431884e32dccef
                                                                                                                                  • Opcode Fuzzy Hash: 63bc88f5ba5387a9e58678dc534fa4399c222dc002277c6afa5b3f39b02c81aa
                                                                                                                                  • Instruction Fuzzy Hash: 3C31E63190CB485FEB58EB5CD806BF97BE0FB9A321F04426FD049D3652DB65A806CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00007FF9EE5F2FCD Relevance: 1.6, APIs: 1, Instructions: 114registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.666494244.00007FF9EE5E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9EE5E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff9ee5e0000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Value
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                  • Opcode ID: ec5dbae85f9f9bc89c44b601755434fc0cde0d017c2a57053c609dbcf3d20c43
                                                                                                                                  • Instruction ID: 17f3bb86cf4519e1d61758cf823fac42bab531001680c57303122fa2d8618cfe
                                                                                                                                  • Opcode Fuzzy Hash: ec5dbae85f9f9bc89c44b601755434fc0cde0d017c2a57053c609dbcf3d20c43
                                                                                                                                  • Instruction Fuzzy Hash: 3831C63190CB4C8FDB58EB58D845BE9BBE0FB69321F14422FD04DD3652DB70A8428B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00007FF9EE5E2B21 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.666494244.00007FF9EE5E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9EE5E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff9ee5e0000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EncodePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2118026453-0
                                                                                                                                  • Opcode ID: fa3b90733717ab9d6170bb4cd70ac97e377561383142be2331409c91922cf2f5
                                                                                                                                  • Instruction ID: 4230d9df85b3fe1755d44e3a455a361ab89815e2deab3f884a332c2f68541186
                                                                                                                                  • Opcode Fuzzy Hash: fa3b90733717ab9d6170bb4cd70ac97e377561383142be2331409c91922cf2f5
                                                                                                                                  • Instruction Fuzzy Hash: 71312D7190D74D4FE764EB2D98193B57BE4EF62310F01447FE08EC36A2DEA964058762
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00007FF9EE5F484C Relevance: 1.6, APIs: 1, Instructions: 110registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.666494244.00007FF9EE5E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9EE5E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff9ee5e0000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: RegisterType
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2778101878-0
                                                                                                                                  • Opcode ID: 3ea6ba1e876f2a6236fd93c0790ca94a2ea76fbbfc814684dec5d9365269c2f6
                                                                                                                                  • Instruction ID: c396285adf91b46b4aa47b03356f11022a4015ca9d6a144ccbb22cc0ef7f8aec
                                                                                                                                  • Opcode Fuzzy Hash: 3ea6ba1e876f2a6236fd93c0790ca94a2ea76fbbfc814684dec5d9365269c2f6
                                                                                                                                  • Instruction Fuzzy Hash: 6131EE3191CB884FDB29EB6C9C4A6F97FE0EB56321F04416FD089C3152DA65B846CB92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00007FF9EE5F467D Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.666494244.00007FF9EE5E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9EE5E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff9ee5e0000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LoadType
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3294371518-0
                                                                                                                                  • Opcode ID: b828879bb71d70f9a145bce87b42ec712c3a94916e8b8f81ee26a5c55e277688
                                                                                                                                  • Instruction ID: ea49bd2e5cbc452ccff62151ba0e925338ebe432723973d6f4ec4017d30440f2
                                                                                                                                  • Opcode Fuzzy Hash: b828879bb71d70f9a145bce87b42ec712c3a94916e8b8f81ee26a5c55e277688
                                                                                                                                  • Instruction Fuzzy Hash: D321EA3190C74C4FDB58EF9CD84A7E97BE1EB9A321F04826BD04DC7116D6749806CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00007FF9EE5E2FD0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.666494244.00007FF9EE5E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9EE5E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff9ee5e0000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EncodePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2118026453-0
                                                                                                                                  • Opcode ID: c49bd3e96ca627e8364b7281f7c0a691c6be2270cadfd518feb4a280cc97543c
                                                                                                                                  • Instruction ID: 67e204e167354cf37926fb89045c30b2a7bf13248918644dcd71d38c9296b261
                                                                                                                                  • Opcode Fuzzy Hash: c49bd3e96ca627e8364b7281f7c0a691c6be2270cadfd518feb4a280cc97543c
                                                                                                                                  • Instruction Fuzzy Hash: 37315A7190C7C85FEB19E768481A3B47FE0EF13220F04416FE099C75A2DEA52415C762
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00007FF9EE5EE149 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.666494244.00007FF9EE5E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9EE5E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff9ee5e0000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EncodePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2118026453-0
                                                                                                                                  • Opcode ID: d562d2d16e8b6465b518facb5cda275cadf6b42cefe7be1f54ef3103203f90f3
                                                                                                                                  • Instruction ID: 23291e4fab5a1b33e7ac20662da3407d7419e56824e02abe5b569adcb95de509
                                                                                                                                  • Opcode Fuzzy Hash: d562d2d16e8b6465b518facb5cda275cadf6b42cefe7be1f54ef3103203f90f3
                                                                                                                                  • Instruction Fuzzy Hash: DC31C27190C7884FE755EB68981A3A97FE0EF16320F0441AFE08DC76A3DEA96455C722
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00007FF9EE5E2FF0 Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.666494244.00007FF9EE5E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9EE5E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff9ee5e0000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EncodePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2118026453-0
                                                                                                                                  • Opcode ID: 6cc5d222ca777ce06e62b96e6fc8745ade33c3aec4bcf8c19fb5c71d95132d01
                                                                                                                                  • Instruction ID: 8bd8ed85abd4f121d62e43330be71eb104d45b93fc629f673950045cbcecdf2d
                                                                                                                                  • Opcode Fuzzy Hash: 6cc5d222ca777ce06e62b96e6fc8745ade33c3aec4bcf8c19fb5c71d95132d01
                                                                                                                                  • Instruction Fuzzy Hash: 3B214D7190C68C5FEB58E76898193B87FE0EF16210F04416FD08DC35A2DEA56415CB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00007FF9EE5E335D Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.666494244.00007FF9EE5E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9EE5E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff9ee5e0000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DecodePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3527080286-0
                                                                                                                                  • Opcode ID: 45581793ef77316bfd2abf623a2c439ae556d0229592663ad25e18fbe8cce514
                                                                                                                                  • Instruction ID: 77a4ceea20207468342e1d0e3e5d7d9887434509f91fdb5599472974a6fbdcbe
                                                                                                                                  • Opcode Fuzzy Hash: 45581793ef77316bfd2abf623a2c439ae556d0229592663ad25e18fbe8cce514
                                                                                                                                  • Instruction Fuzzy Hash: A521907190CA4C8FDB58DF58D84ABE97BE1FB6A321F00422FD049D3652DB71A416CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B25A8C0 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 51%
                                                                                                                                  			E1B25A8C0(void* __eax, long long __rbx, signed long long __rcx, long long __rdx, long long __rdi, void* __rsi, void* __rbp, intOrPtr* __r8, long long _a24, long long _a32) {
				long long _v24;
				void* _t17;
				intOrPtr* _t18;
				signed long long _t35;
				void* _t36;

				_t40 = __rcx;
				_a24 = __rbx;
				_a32 = __rdi;
				_t45 = __r8;
				_t34 = __rdx;
				if(__rcx == 0) {
					L3:
					_t35 = _t34 * _t40;
					__eflags = _t35;
					_t36 =  ==  ? 0xffffffe0 : _t35;
					do {
						_t17 = 0;
						__eflags = _t36 - 0xffffffe0;
						if(_t36 > 0xffffffe0) {
							L6:
							__eflags =  *0x1b293880;
							if( *0x1b293880 == 0) {
								__eflags = _t45;
								if(_t45 != 0) {
									 *_t45 = 0xc;
								}
								goto L13;
							} else {
								goto L7;
							}
						} else {
							_t17 = RtlAllocateHeap(); // executed
							__eflags = 0xffffffe0;
							if(0xffffffe0 != 0) {
								L13:
								return _t17;
							} else {
								goto L6;
							}
						}
						goto L14;
						L7:
						_t18 = E1B2601E0(0xffffffe0, _t36);
						__eflags = _t18;
					} while (_t18 != 0);
					__eflags = _t45;
					if(_t45 != 0) {
						 *_t45 = 0xc;
					}
					__eflags = 0;
					return 0;
				} else {
					_t30 = 0xffffffe0 - __rdx;
					if(0xffffffe0 >= __rdx) {
						goto L3;
					} else {
						E1B25BC90(_t30, 0xffffffe0);
						r9d = 0;
						r8d = 0;
						_v24 = 0;
						 *0xffffffe0 = 0xc;
						E1B259160(__rdx, __rcx, __rdx, __r8, __rsi, __rbp, __r8);
						return 0;
					}
				}
				L14:
			}








                                                                                                                                  0x1b25a8c0
                                                                                                                                  0x1b25a8c7
                                                                                                                                  0x1b25a8cc
                                                                                                                                  0x1b25a8d1
                                                                                                                                  0x1b25a8d4
                                                                                                                                  0x1b25a8d7
                                                                                                                                  0x1b25a91e
                                                                                                                                  0x1b25a91e
                                                                                                                                  0x1b25a927
                                                                                                                                  0x1b25a92a
                                                                                                                                  0x1b25a930
                                                                                                                                  0x1b25a930
                                                                                                                                  0x1b25a932
                                                                                                                                  0x1b25a936
                                                                                                                                  0x1b25a950
                                                                                                                                  0x1b25a950
                                                                                                                                  0x1b25a957
                                                                                                                                  0x1b25a981
                                                                                                                                  0x1b25a984
                                                                                                                                  0x1b25a986
                                                                                                                                  0x1b25a986
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25a938
                                                                                                                                  0x1b25a945
                                                                                                                                  0x1b25a94b
                                                                                                                                  0x1b25a94e
                                                                                                                                  0x1b25a98c
                                                                                                                                  0x1b25a99a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25a94e
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25a959
                                                                                                                                  0x1b25a95c
                                                                                                                                  0x1b25a961
                                                                                                                                  0x1b25a961
                                                                                                                                  0x1b25a965
                                                                                                                                  0x1b25a968
                                                                                                                                  0x1b25a96a
                                                                                                                                  0x1b25a96a
                                                                                                                                  0x1b25a970
                                                                                                                                  0x1b25a980
                                                                                                                                  0x1b25a8d9
                                                                                                                                  0x1b25a8e5
                                                                                                                                  0x1b25a8e8
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25a8ea
                                                                                                                                  0x1b25a8ea
                                                                                                                                  0x1b25a8ef
                                                                                                                                  0x1b25a8f2
                                                                                                                                  0x1b25a8f9
                                                                                                                                  0x1b25a902
                                                                                                                                  0x1b25a908
                                                                                                                                  0x1b25a91d
                                                                                                                                  0x1b25a91d
                                                                                                                                  0x1b25a8e8
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(?,?,1B259EE0), ref: 1B25A945
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                  • Opcode ID: 184f0caac6d076e0325447f723c24c281803cff0a9aee8e304ee7b8ea8e3bde4
                                                                                                                                  • Instruction ID: 66d0eb7acb21b14edd622de20ca6b7c69c4c5ee3368f4a0cb50d02b1eb126796
                                                                                                                                  • Opcode Fuzzy Hash: 184f0caac6d076e0325447f723c24c281803cff0a9aee8e304ee7b8ea8e3bde4
                                                                                                                                  • Instruction Fuzzy Hash: B211813570479281EF048B61EA827C6F391AB89BF4F594725DEAD43BD4EBBCC0588700
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B25A7B0 Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 80%
                                                                                                                                  			E1B25A7B0(intOrPtr* __rax, long long __rbx, void* __rcx, long long __rdi, long long __rsi, long long _a16, long long _a24, long long _a32) {
				void* _t11;
				void* _t13;
				void* _t29;
				intOrPtr _t33;
				void* _t36;
				void* _t40;
				void* _t42;
				void* _t43;
				void* _t44;
				void* _t45;

				_t37 = __rdi;
				_t26 = __rax;
				_a16 = __rbx;
				_t29 = __rcx;
				if(__rcx > 0xffffffe0) {
					E1B2601E0(__rax, __rcx);
					E1B25BC90(__eflags, __rax);
					 *__rax = 0xc;
					__eflags = 0;
					return 0;
				} else {
					_a24 = __rsi;
					_t40 =  !=  ? __rcx : __rsi;
					_a32 = __rdi;
					while(1) {
						_t33 =  *0x1b293878; // 0x1b490000
						_t22 = _t33;
						if(_t33 == 0) {
							E1B260220(E1B260460(_t22, _t26, _t29, _t33, _t36, _t37, _t42, _t43, _t44, _t45), 0x1e, 0, _t29, _t33, _t36, _t37, _t40, _t42, _t43, _t44, _t45);
							E1B2596B0();
						}
						_t42 = _t40;
						_t11 = RtlAllocateHeap(??, ??, ??); // executed
						_t37 = _t26;
						if(_t26 != 0) {
							break;
						}
						if( *0x1b293880 == _t11) {
							E1B25BC90(__eflags, _t26);
							 *_t26 = 0xc;
							goto L9;
						} else {
							_t13 = E1B2601E0(_t26, _t29);
							_t25 = _t13;
							if(_t13 != 0) {
								continue;
							} else {
								L9:
								_t11 = E1B25BC90(_t25, _t26);
								 *_t26 = 0xc;
							}
						}
						break;
					}
					return _t11;
				}
			}













                                                                                                                                  0x1b25a7b0
                                                                                                                                  0x1b25a7b0
                                                                                                                                  0x1b25a7b8
                                                                                                                                  0x1b25a7bd
                                                                                                                                  0x1b25a7c0
                                                                                                                                  0x1b25a862
                                                                                                                                  0x1b25a867
                                                                                                                                  0x1b25a871
                                                                                                                                  0x1b25a877
                                                                                                                                  0x1b25a87d
                                                                                                                                  0x1b25a7c6
                                                                                                                                  0x1b25a7c6
                                                                                                                                  0x1b25a7d3
                                                                                                                                  0x1b25a7d7
                                                                                                                                  0x1b25a7e0
                                                                                                                                  0x1b25a7e0
                                                                                                                                  0x1b25a7e7
                                                                                                                                  0x1b25a7ea
                                                                                                                                  0x1b25a7f6
                                                                                                                                  0x1b25a800
                                                                                                                                  0x1b25a805
                                                                                                                                  0x1b25a80c
                                                                                                                                  0x1b25a811
                                                                                                                                  0x1b25a81a
                                                                                                                                  0x1b25a81d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25a825
                                                                                                                                  0x1b25a835
                                                                                                                                  0x1b25a83a
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25a827
                                                                                                                                  0x1b25a82a
                                                                                                                                  0x1b25a82f
                                                                                                                                  0x1b25a831
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25a833
                                                                                                                                  0x1b25a840
                                                                                                                                  0x1b25a840
                                                                                                                                  0x1b25a845
                                                                                                                                  0x1b25a845
                                                                                                                                  0x1b25a831
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25a825
                                                                                                                                  0x1b25a861
                                                                                                                                  0x1b25a861

                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(?,?,?,?,1B2610DA,?,?,?,?,1B260723,?,?,?,?,1B2607F7), ref: 1B25A811
                                                                                                                                    • Part of subcall function 1B2596B0: GetModuleHandleA.KERNEL32(?,?,00000028,1B25A805,?,?,?,?,1B2610DA,?,?,?,?,1B260723), ref: 1B2596BF
                                                                                                                                    • Part of subcall function 1B2596B0: GetProcAddress.KERNEL32(?,?,00000028,1B25A805,?,?,?,?,1B2610DA,?,?,?,?,1B260723), ref: 1B2596D4
                                                                                                                                    • Part of subcall function 1B2596B0: ExitProcess.KERNEL32 ref: 1B2596E5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressAllocateExitHandleHeapModuleProcProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3260311492-0
                                                                                                                                  • Opcode ID: 9bf79c1e8de6b7f5c784485147fddc01f76517541d3b3adf2c657c4262adb691
                                                                                                                                  • Instruction ID: 83d6c284951510e22236e20141d027d158849bef47ce4bd4974c07d8d4b1a288
                                                                                                                                  • Opcode Fuzzy Hash: 9bf79c1e8de6b7f5c784485147fddc01f76517541d3b3adf2c657c4262adb691
                                                                                                                                  • Instruction Fuzzy Hash: FA118E35B0134186EE049F62A8C63DA37A0BB89BD4F540621EE5A477C4DF3CD48A8B40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B259A40 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E1B259A40(void* __eflags, long long __rax, void* __rcx, void* __rdx) {
				void* _t2;
				void* _t11;
				long long _t13;

				_t13 = __rax;
				_t2 = E1B25E180(__rax); // executed
				E1B231670(E1B260C30(E1B260F30(E1B260F40(E1B2590B0(E1B260F50(E1B2601D0(_t2, __rax), __rax), __rax), __rax), __rax), __rax));
				_t11 = E1B25E110(E1B2600F0(__rax), __rax, 0x1b259a20);
				 *0x1b28fdc0 = _t13;
				return _t11;
			}






                                                                                                                                  0x1b259a40
                                                                                                                                  0x1b259a46
                                                                                                                                  0x1b259a81
                                                                                                                                  0x1b259a95
                                                                                                                                  0x1b259a9a
                                                                                                                                  0x1b259aa6

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 1B25E180: FlsGetValue.KERNEL32(?,?,?,?,1B266BCD), ref: 1B25E18F
                                                                                                                                  • _initp_misc_winsig.LIBCMT ref: 1B259A79
                                                                                                                                    • Part of subcall function 1B25E110: FlsGetValue.KERNEL32(?,?,00000000,1B266C20), ref: 1B25E124
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Value$_initp_misc_winsig
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3644512426-0
                                                                                                                                  • Opcode ID: d23e1ff8fd191cc15da3283a423ce02ea1351b3423aaceaafe785acc53605e76
                                                                                                                                  • Instruction ID: 9041600f27cac2b1103cf005ed2ae1e37ecba60ca1b396df461b99dc9d9e4bed
                                                                                                                                  • Opcode Fuzzy Hash: d23e1ff8fd191cc15da3283a423ce02ea1351b3423aaceaafe785acc53605e76
                                                                                                                                  • Instruction Fuzzy Hash: 12E07528BA160642DD1CFB726CE26EB12605B9EBD4F5864318D1B0A354DE7CE49D9390
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B261130 Relevance: 1.3, APIs: 1, Instructions: 37sleepCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Sleep.KERNEL32(?,?,?,?,1B25E417,?,?,?,?,1B25BC99,?,?,?,?,1B25A86C), ref: 1B261180
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Sleep
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                  • Opcode ID: a4e264dce14bbe9333f5ecc293230aac5842ad72068805f81e576baf46a20b44
                                                                                                                                  • Instruction ID: 59b83b2dbb29c05d77044ace94a7113e96a6c44fec5c63dd01b0dca8ece392b2
                                                                                                                                  • Opcode Fuzzy Hash: a4e264dce14bbe9333f5ecc293230aac5842ad72068805f81e576baf46a20b44
                                                                                                                                  • Instruction Fuzzy Hash: A7014477624AC596D6149F12A88038AB375F389BD1F682115FF8D47B54CB3DD495CB00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B2610B0 Relevance: 1.3, APIs: 1, Instructions: 30sleepCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 1B25A7B0: RtlAllocateHeap.NTDLL(?,?,?,?,1B2610DA,?,?,?,?,1B260723,?,?,?,?,1B2607F7), ref: 1B25A811
                                                                                                                                  • Sleep.KERNEL32(?,?,?,?,1B260723,?,?,?,?,1B2607F7,?,?,?,?,1B25E5B3), ref: 1B2610EC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeapSleep
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4201116106-0
                                                                                                                                  • Opcode ID: 0228bf1c7e5d7d4f1e7fa3a1eb96be69864592e6dabbf4909e9af17261341f99
                                                                                                                                  • Instruction ID: 97d2a0c6f343e03c6f531b96ff673af5d74ecbce1a8d29845f2f10caf0a4dd69
                                                                                                                                  • Opcode Fuzzy Hash: 0228bf1c7e5d7d4f1e7fa3a1eb96be69864592e6dabbf4909e9af17261341f99
                                                                                                                                  • Instruction Fuzzy Hash: A9F06876A157C587CA049F16A88028DB375F389BD1F641115EF8D53B54CF3DD8958B00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 1B262FF0 Relevance: 29.0, APIs: 19, Instructions: 489COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 51%
                                                                                                                                  			E1B262FF0(signed int __ebx, signed int __ecx, signed int __edx, long long __rbx, signed int __rdx, signed long long __rdi, long long __rsi, long long __rbp, signed short* __r8, signed int* __r9, long long __r12, signed int __r13, long long __r14, long long __r15, void* _a32) {
				void* _v8;
				void* _v16;
				void* _v24;
				void* _v32;
				long long _v40;
				void* _v48;
				long long _v56;
				signed int _v72;
				char _v424;
				char _v1464;
				char _v1480;
				signed long long _v1488;
				signed int _v1496;
				signed int _v1500;
				signed int _v1504;
				signed int _v1508;
				signed int _v1512;
				signed long long _v1520;
				signed long long _v1528;
				intOrPtr _v1536;
				signed long long _v1544;
				signed int _t149;
				signed int _t150;
				signed int _t162;
				signed int _t163;
				signed int _t166;
				int _t168;
				long _t169;
				signed int _t171;
				int _t172;
				signed int _t177;
				int _t178;
				int _t183;
				int _t184;
				signed int _t185;
				void* _t186;
				signed int _t190;
				void* _t191;
				int _t193;
				int _t194;
				signed int _t196;
				int _t197;
				void* _t199;
				void* _t200;
				signed int _t211;
				signed int _t212;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed long long _t229;
				signed long long _t230;
				intOrPtr* _t232;
				signed int* _t244;
				signed int* _t246;
				signed int _t248;
				void* _t249;
				intOrPtr _t251;
				signed int _t252;
				signed int* _t256;
				intOrPtr _t265;
				intOrPtr _t267;
				signed short* _t278;
				signed short* _t279;
				signed char* _t280;
				signed long long _t285;
				signed int* _t288;
				signed long long _t293;
				signed int _t295;
				signed long long _t298;
				signed long long _t304;

				_t288 = __r9;
				_t286 = __r8;
				_t283 = __rbp;
				_t281 = __rsi;
				_t276 = __rdi;
				_t274 = __rdx;
				_t218 = __edx;
				_t215 = __ecx;
				_t211 = __ebx;
				_t293 = _t285;
				_t229 =  *0x1b28fd98; // 0x6f0cc7c64fc9
				_t230 = _t229 ^ _t285;
				_v72 = _t230;
				 *((long long*)(_t293 + 0x20)) = __rbx;
				 *((long long*)(_t293 - 8)) = __rbp;
				 *((long long*)(_t293 - 0x10)) = __rsi;
				 *((long long*)(_t293 - 0x18)) = __rdi;
				 *((long long*)(_t293 - 0x20)) = __r12;
				 *((long long*)(_t293 - 0x30)) = __r14;
				_t226 = r8d;
				r14d = 0;
				_t225 = 0;
				_t295 = __rdx;
				_t242 = __ecx;
				if(r8d != 0) {
					__eflags = __rdx;
					if(__eflags != 0) {
						_v40 = __r13;
						_v56 = __r15;
						r13b = __ebx;
						r13d = r13d & 0x0000001f;
						_t304 = __ecx >> 5;
						_t298 = __r13 << 6;
						_t251 =  *((intOrPtr*)(0x1b293a60 + _t304 * 8));
						_v1496 = _t304;
						_v1488 = _t298;
						_t224 =  *(_t298 + 0x1b293a98) & 0x000000ff;
						dil = dil + dil;
						dil = dil >> 1;
						__eflags = dil - 2;
						if(dil == 2) {
							L6:
							__eflags =  !_t226 & 0x00000001;
							if(__eflags != 0) {
								L8:
								__eflags =  *(_t298 + _t251 + 8) & 0x00000020;
								if(( *(_t298 + _t251 + 8) & 0x00000020) != 0) {
									_t218 = 0;
									__eflags = 0;
									_t24 = _t274 + 2; // 0x2
									r8d = _t24;
									E1B265FC0(_t211, _t211, 0, 0, _t230, _t242, _t274, _t276, _t281, _t283, _t286);
								}
								_t215 = _t211;
								_t149 = E1B266260(_t215, _t230, _t242, _t251, _t276, _t281, _t283);
								__eflags = _t149;
								if(_t149 == 0) {
									_t275 = 0x1b293a60;
									goto L51;
								} else {
									_t275 = 0x1b293a60;
									_t230 =  *((intOrPtr*)(0x1b293a60 + _t304 * 8));
									__eflags =  *(_t298 + _t230 + 8) & 0x00000080;
									if(( *(_t298 + _t230 + 8) & 0x00000080) == 0) {
										L51:
										_t252 =  *((intOrPtr*)(_t275 + _t304 * 8));
										__eflags =  *(_t298 + _t252 + 8) & 0x00000080;
										if(( *(_t298 + _t252 + 8) & 0x00000080) == 0) {
											r8d = _t226;
											_t275 = _t295;
											_v1544 = _t281;
											_t150 = WriteFile(??, ??, ??, ??, ??);
											__eflags = _t150;
											if(_t150 == 0) {
												r15d = GetLastError();
												L98:
												__eflags = r15d;
												if(r15d == 0) {
													_t298 = _v1488;
													_t275 = 0x1b293a60;
													L103:
													_t232 =  *((intOrPtr*)(_t275 + _v1496 * 8));
													__eflags =  *(_t298 + _t232 + 8) & 0x00000040;
													if(__eflags == 0) {
														L106:
														E1B25BC90(__eflags, _t232);
														 *_t232 = 0x1c;
														E1B25BCC0(__eflags, _t232);
														 *_t232 = 0;
														L107:
														L108:
														L109:
														return E1B258680(_t215, _v72 ^ _t285);
													}
													__eflags =  *_t295 - 0x1a;
													if(__eflags != 0) {
														goto L106;
													}
													goto L108;
												}
												__eflags = r15d - 5;
												if(__eflags != 0) {
													_t215 = r15d;
													E1B25BCF0(r15d, __eflags, _t230, _t275);
												} else {
													E1B25BC90(__eflags, _t230);
													 *_t230 = 9;
													E1B25BCC0(__eflags, _t230);
													 *_t230 = r15d;
												}
												goto L107;
											}
											r14d = _v1508;
											r15d = 0;
											__eflags = r15d;
											L95:
											__eflags = r14d;
											if(r14d == 0) {
												goto L98;
											}
											r14d = r14d - _t225;
											goto L108;
										}
										r15d = 0;
										__eflags = dil;
										if(dil != 0) {
											__eflags = dil - 2;
											if(dil != 2) {
												__eflags = _t226;
												_t278 = _t295;
												if(_t226 == 0) {
													goto L103;
												}
												do {
													_t256 =  &_v424;
													__eflags = 0;
													do {
														_t162 = _t224 - r12d;
														__eflags = _t162 - _t226;
														if(_t162 >= _t226) {
															break;
														}
														_t162 =  *_t278 & 0x0000ffff;
														_t278 =  &(_t278[1]);
														__eflags = _t162 - 0xa;
														if(_t162 == 0xa) {
															 *_t256 = 0xd;
															_t256 =  &(_t256[0]);
															_t275 = _t275 + 2;
															__eflags = _t275;
														}
														_t275 = _t275 + 2;
														 *_t256 = _t162;
														_t256 =  &(_t256[0]);
														__eflags = _t275 - 0x152;
													} while (_t275 < 0x152);
													_v1520 = _t281;
													_v1528 = _t281;
													_v1536 = 0x2ab;
													_t163 = _t215 - _t162;
													_t215 = 0xfde9;
													asm("cdq");
													r9d = _t163 >> 1;
													_t230 =  &_v1464;
													_v1544 = _t230;
													_t166 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
													__eflags = _t166;
													r13d = _t166;
													if(_t166 == 0) {
														r15d = GetLastError();
														goto L95;
													}
													_t212 = 0;
													__eflags = 0;
													while(1) {
														r8d = r13d;
														_t275 = _t285 + _t212 + 0x70;
														_t230 = _v1488;
														r8d = r8d - _t212;
														_v1544 = _t281;
														_t168 = WriteFile(??, ??, ??, ??, ??);
														__eflags = _t168;
														if(_t168 == 0) {
															break;
														}
														_t212 = _t212 + _v1508;
														__eflags = r13d - _t212;
														if(r13d > _t212) {
															continue;
														}
														goto L90;
													}
													_t169 = GetLastError();
													__eflags = r13d - _t212;
													r15d = _t169;
													if(r13d > _t212) {
														goto L95;
													}
													L90:
													r14d = _t224;
													r14d = r14d - r12d;
													__eflags = r14d - _t226;
												} while (r14d < _t226);
												goto L95;
											}
											__eflags = _t226;
											_t279 = _t295;
											if(_t226 == 0) {
												goto L103;
											}
											do {
												_t244 =  &_v1464;
												_t215 = 0;
												__eflags = 0;
												do {
													_t171 = _t224 - r12d;
													__eflags = _t171 - _t226;
													if(_t171 >= _t226) {
														break;
													}
													_t171 =  *_t279 & 0x0000ffff;
													_t279 =  &(_t279[1]);
													__eflags = _t171 - 0xa;
													if(_t171 == 0xa) {
														 *_t244 = 0xd;
														_t244 =  &(_t244[0]);
														_t225 = _t225 + 2;
														_t252 = _t252 + 2;
														__eflags = _t252;
													}
													_t252 = _t252 + 2;
													 *_t244 = _t171;
													_t244 =  &(_t244[0]);
													__eflags = _t252 - 0x3ff;
												} while (_t252 < 0x3ff);
												r8d = _t211;
												r8d = r8d - _t171;
												_t230 = _v1496;
												_v1544 = _t304;
												_t275 =  &_v1464;
												_t172 = WriteFile(??, ??, ??, ??, ??);
												__eflags = _t172;
												if(_t172 == 0) {
													r15d = GetLastError();
													goto L95;
												}
												_t230 = _v1508;
												_t252 =  &_v1464;
												r14d = r14d + _t172;
												__eflags = _t230 - _t244 - _t252;
												if(_t230 < _t244 - _t252) {
													goto L95;
												}
												_t275 = 0x1b293a60;
												__eflags = _t224 - r12d - _t226;
											} while (_t224 - r12d < _t226);
											goto L95;
										}
										__eflags = _t226;
										_t280 = _t295;
										if(_t226 == 0) {
											goto L103;
										} else {
											goto L54;
										}
										do {
											L54:
											_t246 =  &_v1464;
											_t215 = 0;
											__eflags = 0;
											do {
												_t177 = _t224 - r12d;
												__eflags = _t177 - _t226;
												if(_t177 >= _t226) {
													break;
												}
												_t177 =  *_t280 & 0x000000ff;
												_t280 =  &(_t280[1]);
												__eflags = _t177 - 0xa;
												if(_t177 == 0xa) {
													 *_t246 = 0xd;
													_t246 =  &(_t246[0]);
													_t225 = _t225 + 1;
													_t252 = _t252 + 1;
													__eflags = _t252;
												}
												_t252 = _t252 + 1;
												 *_t246 = _t177;
												_t246 =  &(_t246[0]);
												__eflags = _t252 - 0x400;
											} while (_t252 < 0x400);
											r8d = _t211;
											r8d = r8d - _t177;
											_t230 = _v1496;
											_v1544 = _t304;
											_t275 =  &_v1464;
											_t178 = WriteFile(??, ??, ??, ??, ??);
											__eflags = _t178;
											if(_t178 == 0) {
												r15d = GetLastError();
												goto L95;
											}
											_t230 = _v1508;
											_t252 =  &_v1464;
											r14d = r14d + _t178;
											__eflags = _t230 - _t246 - _t252;
											if(_t230 < _t246 - _t252) {
												goto L95;
											}
											_t275 = 0x1b293a60;
											__eflags = _t224 - r12d - _t226;
										} while (_t224 - r12d < _t226);
										goto L95;
									}
									E1B25E480(_t230, _t242, _t251, 0x1b293a60, _t276, _t281, _t283, _t286, _t295);
									_t275 =  &_v1504;
									_t265 =  *((intOrPtr*)(_t230 + 0xc0));
									_t230 = 0x1b293a60;
									__eflags =  *(_t265 + 0x14);
									_t267 =  *((intOrPtr*)(_t298 +  *((intOrPtr*)(0x1b293a60 + _t304 * 8))));
									_t211 = 0 |  *(_t265 + 0x14) == 0x00000000;
									_t183 = GetConsoleMode(??, ??);
									__eflags = _t183;
									if(_t183 == 0) {
										_t275 = 0x1b293a60;
										goto L51;
									}
									__eflags = _t211;
									if(_t211 == 0) {
										L15:
										_t184 = GetConsoleCP();
										__eflags = _t226;
										_v1500 = _t225;
										r13d = _t184;
										_v1504 = _t184;
										_t248 = _t295;
										if(_t226 == 0) {
											r15d = _v1504;
											goto L98;
										}
										r15d = _v1504;
										do {
											__eflags = dil;
											if(dil != 0) {
												__eflags = dil - 1;
												if(dil == 1) {
													L34:
													_t185 =  *_t248 & 0x0000ffff;
													r15d = 0;
													__eflags = _t185 - 0xa;
													_v1512 = _t185;
													r15b = _t185 == 0xa;
													_t248 = _t248 + 2;
													__eflags = _t248;
													L35:
													__eflags = dil - 1;
													if(dil == 1) {
														L37:
														_t215 = _v1512 & 0x0000ffff;
														_t186 = E1B2684F0(_v1512 & 0x0000ffff, _t218);
														__eflags = _t186 - _v1512;
														if(_t186 != _v1512) {
															r15d = GetLastError();
															goto L95;
														}
														r14d = r14d + 1;
														__eflags = r15d;
														if(r15d == 0) {
															goto L41;
														}
														_t215 = 0xd;
														_v1512 = 0xd;
														_t200 = E1B2684F0(0xd, _t218);
														__eflags = _t200 - _v1512;
														if(_t200 != _v1512) {
															r15d = GetLastError();
															goto L95;
														}
														r14d = r14d + 1;
														_t225 = _t225 + 1;
														__eflags = _t225;
														goto L41;
													}
													__eflags = dil - 2;
													if(dil != 2) {
														goto L41;
													}
													goto L37;
												}
												__eflags = dil - 2;
												if(dil != 2) {
													goto L35;
												}
												goto L34;
											}
											_t215 =  *_t248;
											r15d = 0;
											__eflags =  *_t248 - 0xa;
											r15b =  *_t248 == 0xa;
											_t190 = E1B2666F0( *_t248, _t230, _t248, _t267, _t276, _t281, _t283, _t286, _t295);
											__eflags = _t190;
											if(_t190 != 0) {
												_t230 = _t283 - _t248 + _t295;
												__eflags = _t230 - 1;
												if(_t230 <= 1) {
													L20:
													r15d = _v1504;
													goto L95;
												}
												r8d = 2;
												_t275 = _t248;
												_t191 = E1B2688A0(_t215, _t224, _t225, _t230, _t248,  &_v1512, _t248, _t276, _t281, _t283, _t286, _t288, _t295);
												__eflags = _t191 - 0xffffffff;
												if(_t191 == 0xffffffff) {
													goto L20;
												}
												_t248 = _t248 + 1;
												__eflags = _t248;
												L24:
												_t286 =  &_v1512;
												r9d = 1;
												_v1520 = _t230;
												_v1528 = _t230;
												_t230 =  &_v1480;
												_t218 = 0;
												_t215 = r13d;
												_v1536 = 5;
												_v1544 = _t230;
												_t248 = _t248 + 1;
												_t193 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
												__eflags = _t193;
												r13d = _t193;
												if(_t193 == 0) {
													goto L20;
												}
												_t288 =  &_v1500;
												_t230 = _v1488;
												_t275 =  &_v1480;
												_t267 =  *((intOrPtr*)(_t230 +  *((intOrPtr*)(0x1b293a60 + _v1496 * 8))));
												r8d = r13d;
												_v1544 = 0;
												_t194 = WriteFile(??, ??, ??, ??, ??);
												__eflags = _t194;
												if(_t194 == 0) {
													r15d = GetLastError();
													goto L95;
												}
												_t196 = _v1500;
												r14d = r14d + _t196;
												__eflags = _t196 - r13d;
												if(_t196 < r13d) {
													goto L20;
												}
												__eflags = r15d;
												if(r15d == 0) {
													r13d = _v1504;
													goto L41;
												}
												_v1480 = 0xd;
												_t230 = _v1488;
												_t288 =  &_v1500;
												_t267 =  *((intOrPtr*)(_t230 +  *((intOrPtr*)(0x1b293a60 + _v1496 * 8))));
												_t275 =  &_v1480;
												r8d = 1;
												_v1544 = 0;
												_t197 = WriteFile(??, ??, ??, ??, ??);
												__eflags = _t197;
												if(_t197 == 0) {
													r15d = GetLastError();
													goto L95;
												}
												__eflags = _v1500 - 1;
												if(_v1500 < 1) {
													goto L20;
												}
												r13d = _v1504;
												_t225 = _t225 + 1;
												r14d = r14d + 1;
												goto L41;
											}
											_t42 = _t230 + 1; // 0x1
											r8d = _t42;
											_t275 = _t248;
											_t199 = E1B2688A0(_t215, _t224, _t225, _t230, _t248,  &_v1512, _t248, _t276, _t281, _t283, _t286, _t288, _t295);
											__eflags = _t199 - 0xffffffff;
											if(_t199 != 0xffffffff) {
												goto L24;
											}
											goto L20;
											L41:
											__eflags = _t211 - r12d - _t226;
										} while (_t211 - r12d < _t226);
										r15d = _v1504;
										goto L95;
									}
									__eflags = dil;
									if(dil == 0) {
										_t275 = 0x1b293a60;
										goto L51;
									}
									goto L15;
								}
							}
							E1B25BCC0(__eflags, _t230);
							 *_t230 = 0;
							E1B25BC90(__eflags, _t230);
							r9d = 0;
							r8d = 0;
							_t215 = 0;
							 *_t230 = 0x16;
							_v1544 = _t242;
							E1B259160(_t242, _t251, _t274, _t276, _t281, _t283, _t286);
							goto L107;
						}
						__eflags = dil - 1;
						if(dil != 1) {
							goto L8;
						}
						goto L6;
					}
					E1B25BCC0(__eflags, _t230);
					 *_t230 = 0;
					E1B25BC90(__eflags, _t230);
					r9d = 0;
					r8d = 0;
					_t215 = 0;
					 *_t230 = 0x16;
					_v1544 = __rdi;
					E1B259160(__ecx, _t249, __rdx, __rdi, __rsi, __rbp, __r8);
					goto L109;
				}
				goto L109;
			}









































































                                                                                                                                  0x1b262ff0
                                                                                                                                  0x1b262ff0
                                                                                                                                  0x1b262ff0
                                                                                                                                  0x1b262ff0
                                                                                                                                  0x1b262ff0
                                                                                                                                  0x1b262ff0
                                                                                                                                  0x1b262ff0
                                                                                                                                  0x1b262ff0
                                                                                                                                  0x1b262ff0
                                                                                                                                  0x1b262ff0
                                                                                                                                  0x1b262ffa
                                                                                                                                  0x1b263001
                                                                                                                                  0x1b263004
                                                                                                                                  0x1b26300c
                                                                                                                                  0x1b263010
                                                                                                                                  0x1b263014
                                                                                                                                  0x1b263018
                                                                                                                                  0x1b263021
                                                                                                                                  0x1b263025
                                                                                                                                  0x1b263029
                                                                                                                                  0x1b26302c
                                                                                                                                  0x1b26302f
                                                                                                                                  0x1b263031
                                                                                                                                  0x1b263034
                                                                                                                                  0x1b263037
                                                                                                                                  0x1b263040
                                                                                                                                  0x1b263043
                                                                                                                                  0x1b263075
                                                                                                                                  0x1b26307d
                                                                                                                                  0x1b263085
                                                                                                                                  0x1b263088
                                                                                                                                  0x1b263096
                                                                                                                                  0x1b26309a
                                                                                                                                  0x1b26309e
                                                                                                                                  0x1b2630a2
                                                                                                                                  0x1b2630a7
                                                                                                                                  0x1b2630ac
                                                                                                                                  0x1b2630b2
                                                                                                                                  0x1b2630b5
                                                                                                                                  0x1b2630b8
                                                                                                                                  0x1b2630bc
                                                                                                                                  0x1b2630c4
                                                                                                                                  0x1b2630c8
                                                                                                                                  0x1b2630ca
                                                                                                                                  0x1b2630f9
                                                                                                                                  0x1b2630f9
                                                                                                                                  0x1b2630ff
                                                                                                                                  0x1b263101
                                                                                                                                  0x1b263101
                                                                                                                                  0x1b263105
                                                                                                                                  0x1b263105
                                                                                                                                  0x1b263109
                                                                                                                                  0x1b263109
                                                                                                                                  0x1b26310e
                                                                                                                                  0x1b263110
                                                                                                                                  0x1b263115
                                                                                                                                  0x1b263117
                                                                                                                                  0x1b2633c0
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26311d
                                                                                                                                  0x1b26311d
                                                                                                                                  0x1b263124
                                                                                                                                  0x1b263128
                                                                                                                                  0x1b26312e
                                                                                                                                  0x1b2633d9
                                                                                                                                  0x1b2633d9
                                                                                                                                  0x1b2633dd
                                                                                                                                  0x1b2633e3
                                                                                                                                  0x1b2636aa
                                                                                                                                  0x1b2636ad
                                                                                                                                  0x1b2636b0
                                                                                                                                  0x1b2636b5
                                                                                                                                  0x1b2636bb
                                                                                                                                  0x1b2636bd
                                                                                                                                  0x1b2636da
                                                                                                                                  0x1b2636dd
                                                                                                                                  0x1b2636dd
                                                                                                                                  0x1b2636e0
                                                                                                                                  0x1b263707
                                                                                                                                  0x1b26370c
                                                                                                                                  0x1b263713
                                                                                                                                  0x1b263718
                                                                                                                                  0x1b26371c
                                                                                                                                  0x1b263722
                                                                                                                                  0x1b26372f
                                                                                                                                  0x1b26372f
                                                                                                                                  0x1b263734
                                                                                                                                  0x1b26373a
                                                                                                                                  0x1b26373f
                                                                                                                                  0x1b263745
                                                                                                                                  0x1b26374a
                                                                                                                                  0x1b26375a
                                                                                                                                  0x1b2637a1
                                                                                                                                  0x1b2637a1
                                                                                                                                  0x1b263724
                                                                                                                                  0x1b263729
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26372b
                                                                                                                                  0x1b2636e2
                                                                                                                                  0x1b2636e6
                                                                                                                                  0x1b2636fd
                                                                                                                                  0x1b263700
                                                                                                                                  0x1b2636e8
                                                                                                                                  0x1b2636e8
                                                                                                                                  0x1b2636ed
                                                                                                                                  0x1b2636f3
                                                                                                                                  0x1b2636f8
                                                                                                                                  0x1b2636f8
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2636e6
                                                                                                                                  0x1b2636bf
                                                                                                                                  0x1b2636c4
                                                                                                                                  0x1b2636c4
                                                                                                                                  0x1b2636c7
                                                                                                                                  0x1b2636c7
                                                                                                                                  0x1b2636ca
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2636cc
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2636cf
                                                                                                                                  0x1b2633e9
                                                                                                                                  0x1b2633ec
                                                                                                                                  0x1b2633ef
                                                                                                                                  0x1b2634ae
                                                                                                                                  0x1b2634b2
                                                                                                                                  0x1b263583
                                                                                                                                  0x1b263585
                                                                                                                                  0x1b263588
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263590
                                                                                                                                  0x1b263590
                                                                                                                                  0x1b263598
                                                                                                                                  0x1b2635a0
                                                                                                                                  0x1b2635a2
                                                                                                                                  0x1b2635a5
                                                                                                                                  0x1b2635a7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2635a9
                                                                                                                                  0x1b2635ac
                                                                                                                                  0x1b2635b0
                                                                                                                                  0x1b2635b4
                                                                                                                                  0x1b2635b6
                                                                                                                                  0x1b2635bb
                                                                                                                                  0x1b2635bf
                                                                                                                                  0x1b2635bf
                                                                                                                                  0x1b2635bf
                                                                                                                                  0x1b2635c3
                                                                                                                                  0x1b2635c7
                                                                                                                                  0x1b2635ca
                                                                                                                                  0x1b2635ce
                                                                                                                                  0x1b2635ce
                                                                                                                                  0x1b2635df
                                                                                                                                  0x1b2635e4
                                                                                                                                  0x1b2635f3
                                                                                                                                  0x1b2635fb
                                                                                                                                  0x1b2635fd
                                                                                                                                  0x1b263602
                                                                                                                                  0x1b263609
                                                                                                                                  0x1b26360c
                                                                                                                                  0x1b263611
                                                                                                                                  0x1b263616
                                                                                                                                  0x1b26361c
                                                                                                                                  0x1b26361e
                                                                                                                                  0x1b263621
                                                                                                                                  0x1b26369b
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26369b
                                                                                                                                  0x1b263623
                                                                                                                                  0x1b263623
                                                                                                                                  0x1b263630
                                                                                                                                  0x1b263638
                                                                                                                                  0x1b26363b
                                                                                                                                  0x1b263650
                                                                                                                                  0x1b263655
                                                                                                                                  0x1b26365c
                                                                                                                                  0x1b263661
                                                                                                                                  0x1b263667
                                                                                                                                  0x1b263669
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26366b
                                                                                                                                  0x1b26366f
                                                                                                                                  0x1b263672
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263674
                                                                                                                                  0x1b263676
                                                                                                                                  0x1b26367c
                                                                                                                                  0x1b26367f
                                                                                                                                  0x1b263682
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263684
                                                                                                                                  0x1b263684
                                                                                                                                  0x1b263687
                                                                                                                                  0x1b26368a
                                                                                                                                  0x1b26368a
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263693
                                                                                                                                  0x1b2634b8
                                                                                                                                  0x1b2634ba
                                                                                                                                  0x1b2634bd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2634d0
                                                                                                                                  0x1b2634d0
                                                                                                                                  0x1b2634d5
                                                                                                                                  0x1b2634d5
                                                                                                                                  0x1b2634d7
                                                                                                                                  0x1b2634d9
                                                                                                                                  0x1b2634dc
                                                                                                                                  0x1b2634de
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2634e0
                                                                                                                                  0x1b2634e3
                                                                                                                                  0x1b2634e7
                                                                                                                                  0x1b2634eb
                                                                                                                                  0x1b2634ed
                                                                                                                                  0x1b2634f2
                                                                                                                                  0x1b2634f6
                                                                                                                                  0x1b2634f9
                                                                                                                                  0x1b2634f9
                                                                                                                                  0x1b2634f9
                                                                                                                                  0x1b2634fd
                                                                                                                                  0x1b263501
                                                                                                                                  0x1b263504
                                                                                                                                  0x1b263508
                                                                                                                                  0x1b263508
                                                                                                                                  0x1b263516
                                                                                                                                  0x1b26351e
                                                                                                                                  0x1b263521
                                                                                                                                  0x1b263526
                                                                                                                                  0x1b26352f
                                                                                                                                  0x1b263539
                                                                                                                                  0x1b26353f
                                                                                                                                  0x1b263541
                                                                                                                                  0x1b26357b
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26357b
                                                                                                                                  0x1b263543
                                                                                                                                  0x1b263548
                                                                                                                                  0x1b263550
                                                                                                                                  0x1b263553
                                                                                                                                  0x1b263556
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26355e
                                                                                                                                  0x1b263568
                                                                                                                                  0x1b263568
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263570
                                                                                                                                  0x1b2633f5
                                                                                                                                  0x1b2633f7
                                                                                                                                  0x1b2633fa
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263400
                                                                                                                                  0x1b263400
                                                                                                                                  0x1b263400
                                                                                                                                  0x1b263405
                                                                                                                                  0x1b263405
                                                                                                                                  0x1b263407
                                                                                                                                  0x1b263409
                                                                                                                                  0x1b26340c
                                                                                                                                  0x1b26340e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263410
                                                                                                                                  0x1b263413
                                                                                                                                  0x1b263417
                                                                                                                                  0x1b263419
                                                                                                                                  0x1b26341b
                                                                                                                                  0x1b26341e
                                                                                                                                  0x1b263422
                                                                                                                                  0x1b263425
                                                                                                                                  0x1b263425
                                                                                                                                  0x1b263425
                                                                                                                                  0x1b263429
                                                                                                                                  0x1b26342d
                                                                                                                                  0x1b26342f
                                                                                                                                  0x1b263433
                                                                                                                                  0x1b263433
                                                                                                                                  0x1b263441
                                                                                                                                  0x1b263449
                                                                                                                                  0x1b26344c
                                                                                                                                  0x1b263451
                                                                                                                                  0x1b26345a
                                                                                                                                  0x1b263464
                                                                                                                                  0x1b26346a
                                                                                                                                  0x1b26346c
                                                                                                                                  0x1b2634a6
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2634a6
                                                                                                                                  0x1b26346e
                                                                                                                                  0x1b263473
                                                                                                                                  0x1b26347b
                                                                                                                                  0x1b26347e
                                                                                                                                  0x1b263481
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263489
                                                                                                                                  0x1b263493
                                                                                                                                  0x1b263493
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26349b
                                                                                                                                  0x1b263134
                                                                                                                                  0x1b26313b
                                                                                                                                  0x1b263140
                                                                                                                                  0x1b263147
                                                                                                                                  0x1b26314e
                                                                                                                                  0x1b263155
                                                                                                                                  0x1b26315a
                                                                                                                                  0x1b26315d
                                                                                                                                  0x1b263163
                                                                                                                                  0x1b263165
                                                                                                                                  0x1b2633d2
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2633d2
                                                                                                                                  0x1b26316b
                                                                                                                                  0x1b26316d
                                                                                                                                  0x1b263178
                                                                                                                                  0x1b263178
                                                                                                                                  0x1b26317e
                                                                                                                                  0x1b263180
                                                                                                                                  0x1b263184
                                                                                                                                  0x1b263187
                                                                                                                                  0x1b26318b
                                                                                                                                  0x1b26318e
                                                                                                                                  0x1b2633b6
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2633b6
                                                                                                                                  0x1b263194
                                                                                                                                  0x1b2631a0
                                                                                                                                  0x1b2631a0
                                                                                                                                  0x1b2631a3
                                                                                                                                  0x1b263300
                                                                                                                                  0x1b263304
                                                                                                                                  0x1b26330c
                                                                                                                                  0x1b26330c
                                                                                                                                  0x1b26330f
                                                                                                                                  0x1b263312
                                                                                                                                  0x1b263316
                                                                                                                                  0x1b26331b
                                                                                                                                  0x1b26331f
                                                                                                                                  0x1b26331f
                                                                                                                                  0x1b263323
                                                                                                                                  0x1b263323
                                                                                                                                  0x1b263327
                                                                                                                                  0x1b26332f
                                                                                                                                  0x1b26332f
                                                                                                                                  0x1b263334
                                                                                                                                  0x1b263339
                                                                                                                                  0x1b26333e
                                                                                                                                  0x1b2633ae
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2633ae
                                                                                                                                  0x1b263340
                                                                                                                                  0x1b263344
                                                                                                                                  0x1b263347
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263349
                                                                                                                                  0x1b26334d
                                                                                                                                  0x1b263354
                                                                                                                                  0x1b263359
                                                                                                                                  0x1b26335e
                                                                                                                                  0x1b2633a0
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2633a0
                                                                                                                                  0x1b263360
                                                                                                                                  0x1b263364
                                                                                                                                  0x1b263364
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263364
                                                                                                                                  0x1b263329
                                                                                                                                  0x1b26332d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26332d
                                                                                                                                  0x1b263306
                                                                                                                                  0x1b26330a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26330a
                                                                                                                                  0x1b2631a9
                                                                                                                                  0x1b2631ac
                                                                                                                                  0x1b2631af
                                                                                                                                  0x1b2631b2
                                                                                                                                  0x1b2631b6
                                                                                                                                  0x1b2631bb
                                                                                                                                  0x1b2631bd
                                                                                                                                  0x1b2631e5
                                                                                                                                  0x1b2631e8
                                                                                                                                  0x1b2631ec
                                                                                                                                  0x1b2631d5
                                                                                                                                  0x1b2631d5
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2631d5
                                                                                                                                  0x1b2631f3
                                                                                                                                  0x1b2631f9
                                                                                                                                  0x1b2631fc
                                                                                                                                  0x1b263201
                                                                                                                                  0x1b263204
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263206
                                                                                                                                  0x1b263206
                                                                                                                                  0x1b26320a
                                                                                                                                  0x1b26320c
                                                                                                                                  0x1b263211
                                                                                                                                  0x1b263217
                                                                                                                                  0x1b26321c
                                                                                                                                  0x1b263221
                                                                                                                                  0x1b263226
                                                                                                                                  0x1b263228
                                                                                                                                  0x1b26322b
                                                                                                                                  0x1b263233
                                                                                                                                  0x1b263238
                                                                                                                                  0x1b26323c
                                                                                                                                  0x1b263242
                                                                                                                                  0x1b263244
                                                                                                                                  0x1b263247
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263255
                                                                                                                                  0x1b26325e
                                                                                                                                  0x1b263263
                                                                                                                                  0x1b263268
                                                                                                                                  0x1b26326c
                                                                                                                                  0x1b26326f
                                                                                                                                  0x1b263278
                                                                                                                                  0x1b26327e
                                                                                                                                  0x1b263280
                                                                                                                                  0x1b263392
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263392
                                                                                                                                  0x1b263286
                                                                                                                                  0x1b26328a
                                                                                                                                  0x1b26328d
                                                                                                                                  0x1b263290
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263296
                                                                                                                                  0x1b263299
                                                                                                                                  0x1b2632f9
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2632f9
                                                                                                                                  0x1b2632a0
                                                                                                                                  0x1b2632b0
                                                                                                                                  0x1b2632b5
                                                                                                                                  0x1b2632ba
                                                                                                                                  0x1b2632be
                                                                                                                                  0x1b2632c3
                                                                                                                                  0x1b2632c9
                                                                                                                                  0x1b2632d2
                                                                                                                                  0x1b2632d8
                                                                                                                                  0x1b2632da
                                                                                                                                  0x1b263384
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263384
                                                                                                                                  0x1b2632e0
                                                                                                                                  0x1b2632e5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2632eb
                                                                                                                                  0x1b2632f0
                                                                                                                                  0x1b2632f3
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2632f3
                                                                                                                                  0x1b2631bf
                                                                                                                                  0x1b2631bf
                                                                                                                                  0x1b2631c8
                                                                                                                                  0x1b2631cb
                                                                                                                                  0x1b2631d0
                                                                                                                                  0x1b2631d3
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263367
                                                                                                                                  0x1b26336c
                                                                                                                                  0x1b26336c
                                                                                                                                  0x1b263374
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263374
                                                                                                                                  0x1b26316f
                                                                                                                                  0x1b263172
                                                                                                                                  0x1b2633c9
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2633c9
                                                                                                                                  0x00000000
                                                                                                                                  0x1b263172
                                                                                                                                  0x1b263117
                                                                                                                                  0x1b2630cc
                                                                                                                                  0x1b2630d3
                                                                                                                                  0x1b2630d5
                                                                                                                                  0x1b2630da
                                                                                                                                  0x1b2630dd
                                                                                                                                  0x1b2630e2
                                                                                                                                  0x1b2630e4
                                                                                                                                  0x1b2630ea
                                                                                                                                  0x1b2630ef
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2630ef
                                                                                                                                  0x1b2630be
                                                                                                                                  0x1b2630c2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2630c2
                                                                                                                                  0x1b263045
                                                                                                                                  0x1b26304a
                                                                                                                                  0x1b26304c
                                                                                                                                  0x1b263051
                                                                                                                                  0x1b263054
                                                                                                                                  0x1b263059
                                                                                                                                  0x1b26305b
                                                                                                                                  0x1b263061
                                                                                                                                  0x1b263066
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26306b
                                                                                                                                  0x00000000

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 828f933dbd0dec7aee32a453b859488c2f9e64a7b4a7d71353fa955169078c1c
                                                                                                                                  • Instruction ID: 7058971ecca539c4e6d5630ef68e4137bccee38e1d84c9f5f30a398cf772d9ac
                                                                                                                                  • Opcode Fuzzy Hash: 828f933dbd0dec7aee32a453b859488c2f9e64a7b4a7d71353fa955169078c1c
                                                                                                                                  • Instruction Fuzzy Hash: 8C12A072B18A8686DB108F2DE4C43DAB7A1F789BC4F545116DE8A87798DF39C48DCB04
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B260220 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 143fileCOMMONLIBRARYCODECrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 70%
                                                                                                                                  			E1B260220(int __eax, void* __ecx, void* __edx, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9, long long __r12, void* __r13) {
				int _t28;
				void* _t29;
				long _t32;
				long _t34;
				long _t38;
				long _t40;
				long _t43;
				void* _t44;
				void* _t57;
				void* _t63;
				long _t68;
				void* _t71;
				void* _t85;
				long long _t94;
				void* _t96;
				void* _t99;
				void* _t100;
				void* _t109;
				void* _t115;

				_t115 = __r13;
				_t109 = __r9;
				_t100 = __r8;
				_t94 = __rsi;
				_t90 = __rdi;
				_t85 = __rdx;
				_t71 = __rcx;
				_t69 = __rbx;
				_t44 = __ecx;
				_t28 = __eax;
				 *((long long*)(_t99 + 0x50)) = __rbx;
				 *((long long*)(_t99 + 0x60)) = __rsi;
				 *((long long*)(_t99 + 0x68)) = __rdi;
				 *((long long*)(_t99 + 0x40)) = __r12;
				_t68 = 0x1b28ffa0;
				_t63 = __ecx;
				_t43 = 0;
				while(_t44 !=  *_t68) {
					_t43 = _t43 + 1;
					_t68 = _t68 + 0x10;
					if(_t43 < 0x17) {
						continue;
					} else {
						L25:
						return _t28;
					}
				}
				__eflags = _t43 - 0x17;
				if(_t43 >= 0x17) {
					goto L25;
				}
				_t29 = E1B266FC0(3, _t68, _t69, _t71, _t85, _t90, _t94, _t96, _t100);
				__eflags = _t29 - 1;
				if(_t29 == 1) {
					L22:
					_t28 = GetStdHandle();
					__eflags = _t68;
					if(_t68 != 0) {
						__eflags = _t68 - 0xffffffff;
						if(_t68 != 0xffffffff) {
							__eflags = _t43 + _t43;
							 *((long long*)(_t99 + 0x20)) = _t94;
							asm("repne scasb");
							_t28 = WriteFile(??, ??, ??, ??, ??);
						}
					}
					goto L25;
				}
				_t28 = E1B266FC0(3, _t68, _t69, _t71, _t85, _t90, _t94, _t96, _t100);
				__eflags = _t28;
				if(_t28 != 0) {
					L8:
					__eflags = _t63 - 0xfc;
					if(_t63 != 0xfc) {
						_t87 = 0x1b2931d9;
						r8d = 0x104;
						 *0x1b2932dd = sil;
						_t32 = GetModuleFileNameA(??, ??, ??);
						__eflags = _t32;
						if(_t32 == 0) {
							_t40 = E1B260120(_t68, _t69, 0x1b2931d9, 0x1b2931d9, _t90, _t94, 0x1b2931c0, "<program name unknown>");
							__eflags = _t40;
							if(_t40 != 0) {
								r9d = 0;
								r8d = 0;
								__eflags = 0;
								 *((long long*)(_t99 + 0x20)) = _t94;
								E1B2590C0(0, 0x1b2931d9, "<program name unknown>");
							}
						}
						asm("repne scasb");
						__eflags = 0xffffffff - 0x3c;
						if(0xffffffff > 0x3c) {
							_t10 = _t68 + 3; // 0x3
							r9d = _t10;
							_t87 = 0x1b2934d5;
							_t38 = E1B266EA0(_t68, _t69, 0x1be40d4a, 0x1b2934d5, 0x1b2931d9, _t94, 0x1b2931c0, "...", _t109);
							__eflags = _t38;
							if(_t38 != 0) {
								r9d = 0;
								r8d = 0;
								__eflags = 0;
								 *((long long*)(_t99 + 0x20)) = _t94;
								E1B2590C0(0, 0x1b2934d5, "...");
							}
						}
						_t103 = "\n\n";
						_t34 = E1B266DE0(_t68, _t69, 0x1b2931c0, _t87, 0x1b2931d9, _t94, 0x1b2931c0, "\n\n");
						__eflags = _t34;
						if(_t34 != 0) {
							r9d = 0;
							r8d = 0;
							__eflags = 0;
							 *((long long*)(_t99 + 0x20)) = _t94;
							E1B2590C0(0, _t87, _t103);
						}
						_t57 = 0x314;
						_t106 =  *((intOrPtr*)(0x1b28ffa0 + 8 + (_t43 + _t43) * 8));
						__eflags = E1B266DE0(_t68, _t69, 0x1b2931c0, _t87, 0x1b2931d9, _t94, 0x1b2931c0,  *((intOrPtr*)(0x1b28ffa0 + 8 + (_t43 + _t43) * 8)));
						if(__eflags != 0) {
							r9d = 0;
							r8d = 0;
							_t57 = 0;
							__eflags = 0;
							 *((long long*)(_t99 + 0x20)) = _t94;
							E1B2590C0(0, _t87, _t106);
						}
						r8d = 0x12010;
						_t28 = E1B266BA0(_t57, __eflags, _t69, 0x1b2931c0, "Microsoft Visual C++ Runtime Library", 0x1b2931d9, _t94, 0x1b2931c0, _t106, _t109, 0x1b28ffa0, _t115);
					}
					goto L25;
				}
				__eflags =  *0x1b292c10 - 1;
				if( *0x1b292c10 == 1) {
					goto L22;
				}
				goto L8;
			}






















                                                                                                                                  0x1b260220
                                                                                                                                  0x1b260220
                                                                                                                                  0x1b260220
                                                                                                                                  0x1b260220
                                                                                                                                  0x1b260220
                                                                                                                                  0x1b260220
                                                                                                                                  0x1b260220
                                                                                                                                  0x1b260220
                                                                                                                                  0x1b260220
                                                                                                                                  0x1b260220
                                                                                                                                  0x1b260224
                                                                                                                                  0x1b260229
                                                                                                                                  0x1b26022e
                                                                                                                                  0x1b260233
                                                                                                                                  0x1b260241
                                                                                                                                  0x1b260244
                                                                                                                                  0x1b260246
                                                                                                                                  0x1b260248
                                                                                                                                  0x1b26024c
                                                                                                                                  0x1b26024f
                                                                                                                                  0x1b260256
                                                                                                                                  0x00000000
                                                                                                                                  0x1b260258
                                                                                                                                  0x1b26043e
                                                                                                                                  0x1b260456
                                                                                                                                  0x1b260456
                                                                                                                                  0x1b260256
                                                                                                                                  0x1b26025d
                                                                                                                                  0x1b260260
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26026b
                                                                                                                                  0x1b260270
                                                                                                                                  0x1b260273
                                                                                                                                  0x1b2603f2
                                                                                                                                  0x1b2603f7
                                                                                                                                  0x1b2603fd
                                                                                                                                  0x1b260403
                                                                                                                                  0x1b260405
                                                                                                                                  0x1b260409
                                                                                                                                  0x1b260415
                                                                                                                                  0x1b260418
                                                                                                                                  0x1b26042c
                                                                                                                                  0x1b260438
                                                                                                                                  0x1b260438
                                                                                                                                  0x1b260409
                                                                                                                                  0x00000000
                                                                                                                                  0x1b260403
                                                                                                                                  0x1b26027e
                                                                                                                                  0x1b260283
                                                                                                                                  0x1b260285
                                                                                                                                  0x1b260294
                                                                                                                                  0x1b260294
                                                                                                                                  0x1b26029a
                                                                                                                                  0x1b2602d8
                                                                                                                                  0x1b2602df
                                                                                                                                  0x1b2602e7
                                                                                                                                  0x1b2602ee
                                                                                                                                  0x1b2602f4
                                                                                                                                  0x1b2602f6
                                                                                                                                  0x1b26030b
                                                                                                                                  0x1b260310
                                                                                                                                  0x1b260312
                                                                                                                                  0x1b260314
                                                                                                                                  0x1b260317
                                                                                                                                  0x1b26031c
                                                                                                                                  0x1b26031e
                                                                                                                                  0x1b260323
                                                                                                                                  0x1b260323
                                                                                                                                  0x1b260312
                                                                                                                                  0x1b260338
                                                                                                                                  0x1b26033d
                                                                                                                                  0x1b260341
                                                                                                                                  0x1b26034f
                                                                                                                                  0x1b26034f
                                                                                                                                  0x1b26035a
                                                                                                                                  0x1b26035d
                                                                                                                                  0x1b260362
                                                                                                                                  0x1b260364
                                                                                                                                  0x1b260366
                                                                                                                                  0x1b260369
                                                                                                                                  0x1b26036e
                                                                                                                                  0x1b260370
                                                                                                                                  0x1b260375
                                                                                                                                  0x1b260375
                                                                                                                                  0x1b260364
                                                                                                                                  0x1b26037a
                                                                                                                                  0x1b260389
                                                                                                                                  0x1b26038e
                                                                                                                                  0x1b260390
                                                                                                                                  0x1b260392
                                                                                                                                  0x1b260395
                                                                                                                                  0x1b26039a
                                                                                                                                  0x1b26039c
                                                                                                                                  0x1b2603a1
                                                                                                                                  0x1b2603a1
                                                                                                                                  0x1b2603a9
                                                                                                                                  0x1b2603b4
                                                                                                                                  0x1b2603be
                                                                                                                                  0x1b2603c0
                                                                                                                                  0x1b2603c2
                                                                                                                                  0x1b2603c5
                                                                                                                                  0x1b2603c8
                                                                                                                                  0x1b2603ca
                                                                                                                                  0x1b2603cc
                                                                                                                                  0x1b2603d1
                                                                                                                                  0x1b2603d1
                                                                                                                                  0x1b2603dd
                                                                                                                                  0x1b2603e6
                                                                                                                                  0x1b2603eb
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26029a
                                                                                                                                  0x1b260287
                                                                                                                                  0x1b26028e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameA.KERNEL32(?,?,?,?,?,?,?,?,1B26053F,?,?,?,?,?,?,1B25A7F1), ref: 1B2602EE
                                                                                                                                  • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,1B26053F,?,?,?,?,?,?,1B25A7F1), ref: 1B2603F7
                                                                                                                                  • WriteFile.KERNEL32(?,?,?,?,?,?,?,?,1B26053F,?,?,?,?,?,?,1B25A7F1), ref: 1B260438
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$HandleModuleNameWrite
                                                                                                                                  • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                  • API String ID: 3784150691-4022980321
                                                                                                                                  • Opcode ID: 3a0103f402953ab3323abda44634e14f9f2aa516449dcf4ee886cfbb5957895c
                                                                                                                                  • Instruction ID: d062b7af310e2baac138e24da9613a306dd1bbeb54122f14c3b6186fcf6461b4
                                                                                                                                  • Opcode Fuzzy Hash: 3a0103f402953ab3323abda44634e14f9f2aa516449dcf4ee886cfbb5957895c
                                                                                                                                  • Instruction Fuzzy Hash: 9D51BD3531469183EB24CB66A8E07DB7365EB897E0F901216EEA943AD4DF3CC59EC704
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B25DD3F Relevance: 12.1, APIs: 8, Instructions: 57COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RtlCaptureContext.KERNEL32 ref: 1B25DD53
                                                                                                                                  • RtlLookupFunctionEntry.KERNEL32 ref: 1B25DD72
                                                                                                                                  • RtlVirtualUnwind.KERNEL32 ref: 1B25DDBE
                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 1B25DE30
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32 ref: 1B25DE48
                                                                                                                                  • UnhandledExceptionFilter.KERNEL32 ref: 1B25DE55
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 1B25DE6E
                                                                                                                                  • TerminateProcess.KERNEL32 ref: 1B25DE7C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3778485334-0
                                                                                                                                  • Opcode ID: ff45192614416483374cc38076b23e946d087d3d2d532266f83ed94da3a78008
                                                                                                                                  • Instruction ID: 405dc42640c5b8a8d1906606f6fc89494c990fb0b25a8b208f522b8c3bdbc0a4
                                                                                                                                  • Opcode Fuzzy Hash: ff45192614416483374cc38076b23e946d087d3d2d532266f83ed94da3a78008
                                                                                                                                  • Instruction Fuzzy Hash: 0E31E835105B849AEB109B65F8843CA77A4FB89B98F500226DA8D83B79DF7CC49DC740
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B246890 Relevance: 9.1, APIs: 6, Instructions: 107COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Resource$ByteCharMultiWide$FindLoadLockSizeof
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1289833662-0
                                                                                                                                  • Opcode ID: 35475d284531f803e749409a840433f548315f14f67c4900ef939a9cbeaa3279
                                                                                                                                  • Instruction ID: cf3f3847309ea868c955c0a66f21b7ffa467acd8d1f20398cf17e283701d6c71
                                                                                                                                  • Opcode Fuzzy Hash: 35475d284531f803e749409a840433f548315f14f67c4900ef939a9cbeaa3279
                                                                                                                                  • Instruction Fuzzy Hash: D541AE36714BD0C6DB149F26A98039AB3A1F789BC8F248119EF8A47B58DF7CD459CB00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B3929AB Relevance: 1.9, Strings: 1, Instructions: 672COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 29%
                                                                                                                                  			E1B3929AB(void* __eax, signed int __ecx, void* __edx, signed int __edi, signed int __esi, void* __ebp, signed int __esp, signed int __rbx, signed int __rcx, signed int* __rdx, long long __rdi, signed int __rsi, signed int __r8, signed int __r9, signed int __r10, void* __r14, void* __r15, long long _a24, long long _a32) {
				signed int _t269;
				unsigned int _t270;
				signed char _t307;
				void* _t348;
				signed long long _t395;
				signed long long _t401;
				signed long long _t405;
				signed long long _t406;
				signed long long _t408;
				signed long long _t410;
				signed long long _t411;
				signed long long _t417;
				unsigned long long _t418;

				_a24 = __rbx;
				asm("stc");
				r8w = r8w >> __ecx;
				asm("dec ebp");
				_t269 =  *(__rcx + 0x10) ^  *__rdx;
				asm("inc sp");
				_a32 = __rdi;
				asm("inc bp");
				r9d =  ~r9d;
				asm("cmc");
				r9b = r9b >> __ecx;
				r9b = r9b >> __ecx;
				r9d = _t269 >> 0x00000010 & 0x000000ff;
				asm("dec esp");
				r8d =  ==  ? __ecx : r8d;
				r10b =  !r10b;
				r10d =  *(__rcx + 0x458 + __r9 * 4);
				asm("inc ebp");
				asm("dec esp");
				r8d = _t269 >> 0x00000018 & 0x000000ff;
				r10d = r10d +  *((intOrPtr*)(__rcx + 0x58 + __r8 * 4));
				r8b = r8b & 0x000000fe;
				_t395 = r14w;
				r10d = r10d ^  *(__rcx + 0x858 + ((__rcx << 0x00000020 | __r10) << 0xe1) * 4);
				r8w = bpl;
				r10d = r10d +  *((intOrPtr*)(__rcx + 0xc58 + _t395 * 4));
				r10d = r10d ^  *(__rcx + 0x14);
				asm("ror ecx, 0x4d");
				r10d = r10d ^ __rdx[1];
				asm("cmc");
				asm("cdq");
				asm("clc");
				r8d =  *(__rcx + 0x458 + (r11w & 0xffffffff) * 4);
				asm("btc edx, 0x5d");
				asm("xadd cl, ch");
				_t405 = r13b & 0x0000ffff;
				asm("rdtsc");
				asm("dec ecx");
				r8d = r8d +  *((intOrPtr*)(__rcx + 0x58 + _t405 * 4));
				asm("clc");
				asm("btc cx, ax");
				asm("rcl ax, 0x5c");
				r8d = r8d ^  *(__rcx + 0x858 + _t405 * 4);
				asm("rol ch, cl");
				asm("dec eax");
				asm("dec eax");
				r8d = r8d +  *((intOrPtr*)(__rcx + 0xc58 + _t395 * 4));
				asm("dec esp");
				r8d = r8d ^  *(__rcx + 0x18);
				asm("sbb eax, edx");
				asm("rcr al, cl");
				_t270 = _t269 ^ r8d;
				asm("inc ebp");
				asm("ror ch, cl");
				r8d =  *(__rcx + 0x458 + __esi * 4);
				asm("rcl cx, 0x23");
				asm("btr cx, si");
				asm("rcl cx, cl");
				asm("cwd");
				asm("stc");
				asm("bswap edx");
				r8d = r8d +  *((intOrPtr*)(__rcx + 0x58 + _t405 * 4));
				asm("sbb ecx, 0x29864738");
				asm("dec esp");
				asm("btc dx, si");
				asm("dec eax");
				r8d = r8d ^  *(__rcx + 0x858 + _t405 * 4);
				r8d = r8d +  *((intOrPtr*)(__rcx + 0xc58 + _t395 * 4));
				r8d = r8d ^  *(__rcx + 0x1c);
				r10d = r10d ^ r8d;
				asm("inc cx");
				r8d =  *(__rcx + 0x458 + __esi * 4);
				asm("ror ah, 0x2f");
				asm("cdq");
				asm("ror dx, cl");
				r8d = r8d +  *((intOrPtr*)(__rcx + 0x58 + _t405 * 4));
				_t406 =  <=  ? __r15 : _t405;
				asm("bt cx, bx");
				asm("cwd");
				asm("lahf");
				asm("rcr dh, 0xb3");
				_t417 = r8d;
				r8d = r8d ^  *(__rcx + 0x858 + _t406 * 4);
				r8d = r8d +  *((intOrPtr*)(__rcx + 0xc58 + _t270 * 4));
				asm("inc eax");
				r8d = r8d ^  *(__rcx + 0x20);
				asm("dec eax");
				asm("sbb cx, 0x49c5");
				asm("btr cx, sp");
				asm("rcr cx, 0xe8");
				asm("adc dh, 0x51");
				r8w =  !r8w;
				asm("inc ecx");
				asm("dec eax");
				r8b = r8b & 0x000000ec;
				asm("inc ebp");
				r8d =  *(__rcx + 0x458 + _t417 * 4);
				asm("stc");
				r8d = r8d +  *((intOrPtr*)(__rcx + 0x58 + _t406 * 4));
				asm("inc ecx");
				asm("dec eax");
				asm("clc");
				r8d = r8d ^  *(__rcx + 0x858 + _t406 * 4);
				asm("dec eax");
				_t348 =  >=  ? r12w : __esi;
				r8d = r8d +  *((intOrPtr*)(__rcx + 0xc58 + (r10w & 0xffffffff) * 4));
				asm("dec eax");
				r8d = r8d ^  *(__rcx + 0x24);
				r10d = r10d ^ r8d;
				r8w = r9b;
				r8w = r8w & r13w;
				_t418 =  !=  ? (__r8 << (r13w ^ 0x00000062) << (_t270 >> 0x00000008 & 0x000000ff)) - 0x609131a2 : _t417;
				asm("ror cx, 0xca");
				r8d =  *(__rcx + 0x458 + _t418 * 4);
				asm("sbb cl, 0x68");
				asm("stc");
				asm("ror dh, cl");
				asm("sbb dl, 0xba");
				r8d = r8d +  *((intOrPtr*)(__rcx + 0x58 + _t406 * 4));
				asm("rcl cl, 0xfe");
				asm("bt cx, dx");
				asm("btc ecx, ebp");
				asm("stc");
				asm("rcl dx, 0x56");
				r8d = r8d ^  *(__rcx + 0x858 + _t406 * 4);
				asm("inc sp");
				_t352 =  <  ? __ebp : ((r10d >> 0x00000010 & 0x000000ff) >> 0x29) + 1;
				r8d = r8d +  *((intOrPtr*)(__rcx + 0xc58 + __edi * 4));
				r8d = r8d ^  *(__rcx + 0x28);
				asm("rcr al, cl");
				asm("ror dl, cl");
				r8d = ( <  ? __ebp : ((r10d >> 0x00000010 & 0x000000ff) >> 0x29) + 1) & 0x0000ffff;
				_t307 = (r10d >> 0x00000008 & 0x000000ff) + 1;
				asm("cdq");
				asm("adc dx, cx");
				_t401 = (r14w & 0xffffffff) << 0x7a;
				r8b = r8b >> _t307;
				asm("dec eax");
				r8d =  *(__rcx + 0x458 + (_t418 >> 0xbb) * 4);
				asm("dec ecx");
				asm("cmc");
				_t408 = (__edi & 0x0000ffff) << _t307 + r12b;
				asm("rdtsc");
				r8d = r8d +  *((intOrPtr*)(__rcx + 0x58 + _t408 * 4));
				asm("cmc");
				asm("clc");
				asm("rol dx, 0x26");
				asm("btr ax, 0xc8");
				r8d = r8d ^  *(__rcx + 0x858 + _t408 * 4);
				r8d = r8d +  *((intOrPtr*)(__rcx + 0xc58 + _t401 * 4));
				r8d = r8d ^  *(__rcx + 0x2c);
				r10d = r10d ^ r8d;
				asm("dec eax");
				asm("inc esp");
				asm("clc");
				r8d =  *(__rcx + 0x458);
				asm("cwd");
				asm("inc sp");
				_t410 = (__rsi << 0x00000020 | _t408 >> 0x00000099) >> 0x87;
				asm("bswap eax");
				asm("dec eax");
				asm("xadd ah, dl");
				r8d = r8d +  *((intOrPtr*)(__rcx + 0x58 + _t410 * 4));
				asm("btc ax, 0x5c");
				asm("cwd");
				asm("dec eax");
				r8d = r8d ^  *(__rcx + 0x858 + _t410 * 4);
				asm("cwd");
				r8d = r8d +  *((intOrPtr*)(__rcx + 0xc58 + _t401 * 4));
				asm("dec esp");
				asm("rcr ax, 0x5");
				r8d = r8d ^  *(__rcx + 0x30);
				asm("cmc");
				r8b = r8b << 0x38;
				asm("bts ecx, esp");
				asm("bts cx, bx");
				asm("adc al, 0x7");
				asm("bt cx, 0xb6");
				r8d =  *(__rcx + 0x458);
				asm("sbb cl, 0xfa");
				asm("stc");
				asm("inc eax");
				asm("cdq");
				r8d = r8d +  *((intOrPtr*)(__rcx + 0x58 + _t410 * 4));
				asm("cwd");
				asm("xadd cl, dh");
				asm("dec eax");
				asm("cmc");
				r8d = r8d ^  *(__rcx + 0x858 + _t410 * 4);
				r8d = r8d +  *((intOrPtr*)(__rcx + 0xc58 + _t401 * 4));
				r8d = r8d ^  *(__rcx + 0x34);
				asm("cbw");
				asm("ror dx, cl");
				r10d = r10d ^ r8d;
				asm("inc cx");
				_t411 =  !=  ? __r10 : _t410;
				r8d = __esp & 0x0000ffff;
				r8b = r8b | 0x000000b6;
				r8d =  *(__rcx + 0x458 + __esi * 4);
				r8d = r8d +  *((intOrPtr*)(__rcx + 0x58 + _t411 * 4));
				asm("btc cx, di");
				asm("inc sp");
				r8d = r8d ^  *(__rcx + 0x858 + ((_t411 << 0x00000020 | __rbx) << 0x19) * 4);
				r8d = r8d +  *((intOrPtr*)(__rcx + 0xc58 + _t401 * 4));
				asm("ror dh, 0x6a");
				r8d = r8d ^  *(__rcx + 0x38);
				r8w = r8w & 0x00006f24;
			}
















                                                                                                                                  0x1b3929ae
                                                                                                                                  0x1b3929b3
                                                                                                                                  0x1b3929b4
                                                                                                                                  0x1b3929bf
                                                                                                                                  0x1b3929c6
                                                                                                                                  0x1b3929c8
                                                                                                                                  0x1b3929cd
                                                                                                                                  0x1b3929d2
                                                                                                                                  0x1b3929d6
                                                                                                                                  0x1b3929de
                                                                                                                                  0x1b3929df
                                                                                                                                  0x1b3929e5
                                                                                                                                  0x1b3929e8
                                                                                                                                  0x1b3929ec
                                                                                                                                  0x1b3929f2
                                                                                                                                  0x1b3929f6
                                                                                                                                  0x1b3929f9
                                                                                                                                  0x1b392a01
                                                                                                                                  0x1b392a05
                                                                                                                                  0x1b392a0c
                                                                                                                                  0x1b392a16
                                                                                                                                  0x1b392a28
                                                                                                                                  0x1b392a2f
                                                                                                                                  0x1b392a36
                                                                                                                                  0x1b392a45
                                                                                                                                  0x1b392a4a
                                                                                                                                  0x1b392a52
                                                                                                                                  0x1b392a59
                                                                                                                                  0x1b392a5f
                                                                                                                                  0x1b392a69
                                                                                                                                  0x1b392a77
                                                                                                                                  0x1b392a7d
                                                                                                                                  0x1b392a84
                                                                                                                                  0x1b392a97
                                                                                                                                  0x1b392a9b
                                                                                                                                  0x1b392a9e
                                                                                                                                  0x1b392aa9
                                                                                                                                  0x1b392aae
                                                                                                                                  0x1b392ab2
                                                                                                                                  0x1b392aba
                                                                                                                                  0x1b392abb
                                                                                                                                  0x1b392ac6
                                                                                                                                  0x1b392ad4
                                                                                                                                  0x1b392adc
                                                                                                                                  0x1b392ade
                                                                                                                                  0x1b392ae3
                                                                                                                                  0x1b392ae5
                                                                                                                                  0x1b392aed
                                                                                                                                  0x1b392af4
                                                                                                                                  0x1b392af8
                                                                                                                                  0x1b392afa
                                                                                                                                  0x1b392afc
                                                                                                                                  0x1b392aff
                                                                                                                                  0x1b392b16
                                                                                                                                  0x1b392b18
                                                                                                                                  0x1b392b20
                                                                                                                                  0x1b392b24
                                                                                                                                  0x1b392b28
                                                                                                                                  0x1b392b2e
                                                                                                                                  0x1b392b33
                                                                                                                                  0x1b392b3c
                                                                                                                                  0x1b392b3f
                                                                                                                                  0x1b392b44
                                                                                                                                  0x1b392b4a
                                                                                                                                  0x1b392b58
                                                                                                                                  0x1b392b5f
                                                                                                                                  0x1b392b64
                                                                                                                                  0x1b392b6c
                                                                                                                                  0x1b392b74
                                                                                                                                  0x1b392b7b
                                                                                                                                  0x1b392b9a
                                                                                                                                  0x1b392b9f
                                                                                                                                  0x1b392bba
                                                                                                                                  0x1b392bbd
                                                                                                                                  0x1b392bbe
                                                                                                                                  0x1b392bc4
                                                                                                                                  0x1b392bc9
                                                                                                                                  0x1b392bcd
                                                                                                                                  0x1b392bd1
                                                                                                                                  0x1b392be6
                                                                                                                                  0x1b392beb
                                                                                                                                  0x1b392bf3
                                                                                                                                  0x1b392bf6
                                                                                                                                  0x1b392c00
                                                                                                                                  0x1b392c0b
                                                                                                                                  0x1b392c0e
                                                                                                                                  0x1b392c12
                                                                                                                                  0x1b392c15
                                                                                                                                  0x1b392c27
                                                                                                                                  0x1b392c2b
                                                                                                                                  0x1b392c2f
                                                                                                                                  0x1b392c38
                                                                                                                                  0x1b392c3c
                                                                                                                                  0x1b392c43
                                                                                                                                  0x1b392c53
                                                                                                                                  0x1b392c57
                                                                                                                                  0x1b392c5d
                                                                                                                                  0x1b392c65
                                                                                                                                  0x1b392c6e
                                                                                                                                  0x1b392c82
                                                                                                                                  0x1b392c8c
                                                                                                                                  0x1b392c91
                                                                                                                                  0x1b392c92
                                                                                                                                  0x1b392c9a
                                                                                                                                  0x1b392ca1
                                                                                                                                  0x1b392ca6
                                                                                                                                  0x1b392cae
                                                                                                                                  0x1b392cb8
                                                                                                                                  0x1b392cc3
                                                                                                                                  0x1b392cc6
                                                                                                                                  0x1b392cd1
                                                                                                                                  0x1b392cd8
                                                                                                                                  0x1b392cdc
                                                                                                                                  0x1b392ce9
                                                                                                                                  0x1b392cf1
                                                                                                                                  0x1b392cfb
                                                                                                                                  0x1b392d02
                                                                                                                                  0x1b392d04
                                                                                                                                  0x1b392d07
                                                                                                                                  0x1b392d0c
                                                                                                                                  0x1b392d15
                                                                                                                                  0x1b392d1b
                                                                                                                                  0x1b392d21
                                                                                                                                  0x1b392d22
                                                                                                                                  0x1b392d2d
                                                                                                                                  0x1b392d35
                                                                                                                                  0x1b392d3a
                                                                                                                                  0x1b392d3e
                                                                                                                                  0x1b392d4c
                                                                                                                                  0x1b392d50
                                                                                                                                  0x1b392d52
                                                                                                                                  0x1b392d57
                                                                                                                                  0x1b392d5d
                                                                                                                                  0x1b392d60
                                                                                                                                  0x1b392d64
                                                                                                                                  0x1b392d6a
                                                                                                                                  0x1b392d77
                                                                                                                                  0x1b392d7a
                                                                                                                                  0x1b392d7d
                                                                                                                                  0x1b392d8b
                                                                                                                                  0x1b392d95
                                                                                                                                  0x1b392d96
                                                                                                                                  0x1b392d9c
                                                                                                                                  0x1b392da3
                                                                                                                                  0x1b392db0
                                                                                                                                  0x1b392db1
                                                                                                                                  0x1b392db2
                                                                                                                                  0x1b392db9
                                                                                                                                  0x1b392dca
                                                                                                                                  0x1b392dd2
                                                                                                                                  0x1b392dde
                                                                                                                                  0x1b392de7
                                                                                                                                  0x1b392dfe
                                                                                                                                  0x1b392e04
                                                                                                                                  0x1b392e08
                                                                                                                                  0x1b392e09
                                                                                                                                  0x1b392e14
                                                                                                                                  0x1b392e19
                                                                                                                                  0x1b392e20
                                                                                                                                  0x1b392e28
                                                                                                                                  0x1b392e2b
                                                                                                                                  0x1b392e2e
                                                                                                                                  0x1b392e34
                                                                                                                                  0x1b392e44
                                                                                                                                  0x1b392e49
                                                                                                                                  0x1b392e52
                                                                                                                                  0x1b392e57
                                                                                                                                  0x1b392e68
                                                                                                                                  0x1b392e6a
                                                                                                                                  0x1b392e72
                                                                                                                                  0x1b392e76
                                                                                                                                  0x1b392e7a
                                                                                                                                  0x1b392e86
                                                                                                                                  0x1b392e8b
                                                                                                                                  0x1b392e8f
                                                                                                                                  0x1b392e95
                                                                                                                                  0x1b392ea3
                                                                                                                                  0x1b392ea5
                                                                                                                                  0x1b392eac
                                                                                                                                  0x1b392eb4
                                                                                                                                  0x1b392ebb
                                                                                                                                  0x1b392ec2
                                                                                                                                  0x1b392eca
                                                                                                                                  0x1b392ecd
                                                                                                                                  0x1b392ed2
                                                                                                                                  0x1b392ed4
                                                                                                                                  0x1b392ee0
                                                                                                                                  0x1b392eeb
                                                                                                                                  0x1b392ef3
                                                                                                                                  0x1b392efe
                                                                                                                                  0x1b392f08
                                                                                                                                  0x1b392f0c
                                                                                                                                  0x1b392f0e
                                                                                                                                  0x1b392f16
                                                                                                                                  0x1b392f20
                                                                                                                                  0x1b392f26
                                                                                                                                  0x1b392f2d
                                                                                                                                  0x1b392f34
                                                                                                                                  0x1b392f42
                                                                                                                                  0x1b392f62
                                                                                                                                  0x1b392f79
                                                                                                                                  0x1b392f80
                                                                                                                                  0x1b392f85
                                                                                                                                  0x1b392f91
                                                                                                                                  0x1b392f9d
                                                                                                                                  0x1b392fa0
                                                                                                                                  0x1b392fb1

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,`d
                                                                                                                                  • API String ID: 0-4233615012
                                                                                                                                  • Opcode ID: 7644445e0d8d93c014d440c314c0c686932a7924531dcd2fbc1897b6a1d23506
                                                                                                                                  • Instruction ID: 29592fe7510e406184fa763192fa8f5bb0025eb591d16f6847806f843491b740
                                                                                                                                  • Opcode Fuzzy Hash: 7644445e0d8d93c014d440c314c0c686932a7924531dcd2fbc1897b6a1d23506
                                                                                                                                  • Instruction Fuzzy Hash: 32229BB272047547E714562E98A4BFA3391F31536AF924329E7B147AC5CE3FB84E8B10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B2622B0 Relevance: 1.8, APIs: 1, Instructions: 279COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 80%
                                                                                                                                  			E1B2622B0(signed long long __ecx, void* __eflags, long long __rbx, long long __rdx, signed long long __rdi, long long __rsi, signed long long __rbp, signed char* __r8, signed long long __r10, long long __r12, long long __r13, void* _a24, void* _a32) {
				void* _v8;
				void* _v16;
				long long _v24;
				long long _v32;
				signed int _v48;
				char _v66;
				char _v72;
				signed long long _t118;
				signed char _t120;
				signed long long _t133;
				signed int _t136;
				signed int _t137;
				signed char _t145;
				signed int _t147;
				signed int _t148;
				signed int _t154;
				signed int _t158;
				signed long long _t164;
				signed long long _t165;
				signed long long _t166;
				signed long long _t167;
				signed long long _t168;
				signed long long _t177;
				intOrPtr* _t179;
				signed char* _t181;
				signed char* _t182;
				signed long long _t188;
				void* _t192;
				void* _t194;
				signed long long _t195;
				void* _t197;
				signed char* _t202;
				signed long long _t205;
				void* _t209;
				void* _t210;
				signed long long _t211;
				signed long long _t213;
				signed char* _t214;
				signed long long _t215;
				signed long long _t216;
				signed long long _t219;
				signed long long _t224;
				signed long long _t225;
				signed char* _t226;
				long long _t227;
				signed long long _t228;

				_t227 = __r12;
				_t224 = __r10;
				_t214 = __r8;
				_t211 = __rbp;
				_t207 = __rsi;
				_t205 = __rdi;
				_t198 = __rdx;
				_t151 = __ecx;
				_t225 = _t213;
				_t177 =  *0x1b28fd98; // 0x6f0cc7c64fc9
				_v48 = _t177 ^ _t213;
				 *((long long*)(_t225 + 0x18)) = __rbx;
				 *((long long*)(_t225 + 0x20)) = __rbp;
				 *((long long*)(_t225 - 8)) = __rsi;
				 *((long long*)(_t225 - 0x10)) = __rdi;
				_t184 = __rdx;
				_t118 = E1B2621A0(__ecx, _t177 ^ _t213, __rdx, __rdi, __rsi, __rbp, __r8, __r12);
				_t164 = _t118;
				if(_t118 != 0) {
					_v24 = _t227;
					_t168 = 0;
					__eflags = 0;
					_v32 = __r13;
					_t151 = 0;
					_t228 = _t211;
					_t179 = 0x1b290d50;
					while(1) {
						__eflags =  *_t179 - _t164;
						if( *_t179 == _t164) {
							break;
						}
						_t151 = _t151 + 1;
						_t228 = _t228 + 1;
						_t179 = _t179 + 0x30;
						__eflags = _t151 - 5;
						if(_t151 < 5) {
							continue;
						}
						_t151 = _t164;
						_t133 = GetCPInfo(??, ??);
						__eflags = _t133;
						if(_t133 == 0) {
							__eflags =  *0x1b293830 - _t168; // 0x0
							if(__eflags == 0) {
								L57:
								goto L58;
							}
							_t59 = _t184 + 0x1c; // 0x1c
							_t209 = _t59;
							_t215 = _t205;
							E1B258FC0(_t133, _t151, 0, _t209,  &_v72, _t215);
							 *(_t184 + 4) = _t168;
							 *(_t184 + 8) = _t168;
							 *(_t184 + 0xc) = _t168;
							 *(_t184 + 0x10) = _t211;
							__eflags = 0x1b290910;
							 *(_t184 + 0x18) = _t168;
							do {
								_t136 =  *(_t209 + 0x1b290910) & 0x000000ff;
								_t209 = _t209 + 1;
								_t205 = _t205 - 1;
								__eflags = _t205;
								 *(_t209 - 1) = _t136;
							} while (_t205 != 0);
							_t67 = _t184 + 0x11d; // 0x11d
							_t194 = _t67;
							r8d = 0x80;
							__eflags = 0x1b290911;
							do {
								_t137 =  *(_t194 + 0x1b290910) & 0x000000ff;
								_t194 = _t194 + 2;
								_t215 = _t215 - 1;
								__eflags = _t215;
								 *(_t194 - 2) = _t137;
								 *((char*)(_t194 - 1)) =  *(_t194 + 0x1b29090f) & 0x000000ff;
							} while (_t215 != 0);
							L56:
							__eflags = 0;
							goto L57;
						}
						_t23 = _t184 + 0x1c; // 0x1c
						_t195 = _t23;
						r8d = 0x101;
						E1B258FC0(_t133, _t151, 0, _t195,  &_v72, _t214);
						__eflags = _v72 - 1;
						 *(_t184 + 4) = _t164;
						 *(_t184 + 0xc) = _t168;
						if(_v72 <= 1) {
							 *(_t184 + 8) = _t168;
							 *(_t184 + 0x10) = _t211;
							 *(_t184 + 0x18) = _t168;
							L55:
							E1B261E80(_t184, _t184, _t205, _t207, _t214);
							goto L56;
						}
						__eflags = _v66 - bpl;
						_t202 =  &_v66;
						if(_v66 == bpl) {
							L18:
							_t32 = _t184 + 0x1f; // 0x1f
							_t181 = _t32;
							do {
								 *(_t181 - 1) =  *(_t181 - 1) | 0x00000008;
								 *_t181 =  *_t181 | 0x00000008;
								_t181 =  &(_t181[2]);
								_t195 = _t195 - 1;
								__eflags = _t195;
							} while (_t195 != 0);
							_t151 =  *(_t184 + 4) - 0x3a4;
							__eflags = _t151;
							if(_t151 == 0) {
								 *(_t184 + 8) = 1;
								 *(_t184 + 0xc) = 0x411;
								 *(_t184 + 0x10) = _t211;
								 *(_t184 + 0x18) = _t168;
							} else {
								_t151 = _t151 - 4;
								__eflags = _t151;
								if(_t151 == 0) {
									 *(_t184 + 8) = 1;
									 *(_t184 + 0xc) = 0x804;
									 *(_t184 + 0x10) = _t211;
									 *(_t184 + 0x18) = _t168;
								} else {
									_t151 = _t151 - 0xd;
									__eflags = _t151;
									if(_t151 == 0) {
										 *(_t184 + 8) = 1;
										 *(_t184 + 0xc) = 0x412;
										 *(_t184 + 0x10) = _t211;
										 *(_t184 + 0x18) = _t168;
									} else {
										__eflags = _t151 - 1;
										if(_t151 == 1) {
											 *(_t184 + 8) = 1;
											 *(_t184 + 0xc) = 0x404;
											 *(_t184 + 0x10) = _t211;
											 *(_t184 + 0x18) = _t168;
										} else {
											 *(_t184 + 0xc) = _t168;
											 *(_t184 + 8) = 1;
											 *(_t184 + 0x10) = _t211;
											 *(_t184 + 0x18) = _t168;
										}
									}
								}
							}
							goto L55;
						} else {
							while(1) {
								_t145 = _t202[1] & 0x000000ff;
								__eflags = _t145;
								if(_t145 == 0) {
									goto L18;
								}
								r8d =  *_t202 & 0x000000ff;
								_t154 = _t145 & 0x000000ff;
								__eflags = r8d - _t154;
								if(r8d > _t154) {
									L17:
									_t202 =  &(_t202[2]);
									__eflags =  *_t202 - bpl;
									if( *_t202 != bpl) {
										continue;
									}
									goto L18;
								} else {
									_t31 = _t184 + 0x1d; // 0x1d
									_t182 =  &(_t214[_t31]);
									__eflags = _t154 - r8d + 1;
									do {
										 *_t182 =  *_t182 | 0x00000004;
										_t182 =  &(_t182[1]);
										_t195 = _t195 - 1;
										__eflags = _t195;
									} while (_t195 != 0);
									goto L17;
								}
							}
							goto L18;
						}
					}
					_t73 = _t184 + 0x1c; // 0x1c
					r8d = 0x101;
					E1B258FC0(_t118, _t151, 0, _t73, _t198, _t214);
					_t226 = 0x1b290d48;
					r10d = 4;
					_t219 = (_t228 + _t228 * 2 << 4) + 0x1b290d60;
					__eflags = _t219;
					do {
						__eflags =  *_t219 - bpl;
						_t214 = _t219;
						if( *_t219 == bpl) {
							goto L45;
						}
						while(1) {
							_t120 = _t214[1] & 0x000000ff;
							__eflags = _t120;
							if(_t120 == 0) {
								goto L45;
							}
							_t158 =  *_t214 & 0x000000ff;
							__eflags = _t158 - (_t120 & 0x000000ff);
							if(_t158 > (_t120 & 0x000000ff)) {
								L44:
								_t214 =  &(_t214[2]);
								__eflags =  *_t214 - bpl;
								if( *_t214 != bpl) {
									continue;
								}
								goto L45;
							}
							_t78 = _t184 + 0x1d; // 0x21
							_t192 = _t198 + _t78;
							do {
								_t158 = _t158 + 1;
								_t192 = _t192 + 1;
								 *(_t192 - 1) =  *(_t192 - 1) |  *_t226 & 0x000000ff;
								__eflags = _t158 - (_t214[1] & 0x000000ff);
							} while (_t158 <= (_t214[1] & 0x000000ff));
							goto L44;
						}
						L45:
						_t219 = _t219 + 8;
						_t226 =  &(_t226[1]);
						_t224 = _t224 - 1;
						__eflags = _t224;
					} while (_t224 != 0);
					 *(_t184 + 4) = _t164;
					_t165 = _t164 - 0x3a4;
					__eflags = _t165;
					 *(_t184 + 8) = 1;
					if(_t165 == 0) {
						_t168 = 0x411;
					} else {
						_t166 = _t165 - 4;
						__eflags = _t166;
						if(_t166 == 0) {
							_t168 = 0x804;
						} else {
							_t167 = _t166 - 0xd;
							__eflags = _t167;
							if(_t167 == 0) {
								_t168 = 0x412;
							} else {
								__eflags = _t167 - 1;
								if(_t167 == 1) {
									_t168 = 0x404;
								}
							}
						}
					}
					 *(_t184 + 0xc) = _t168;
					_t188 = _t228 + _t228 * 2 + _t228 + _t228 * 2;
					__eflags = _t188;
					 *(_t184 + 0x10) =  *(0x1b290d50 + 4 + _t188 * 8) & 0x0000ffff;
					 *((short*)(_t184 + 0x12)) =  *(0x1b290d50 + 6 + _t188 * 8) & 0x0000ffff;
					 *((short*)(_t184 + 0x14)) =  *(0x1b290d50 + 8 + _t188 * 8) & 0x0000ffff;
					 *((short*)(_t184 + 0x16)) =  *(0x1b290d50 + 0xa + _t188 * 8) & 0x0000ffff;
					 *(_t184 + 0x18) =  *(0x1b290d50 + 0xc + _t188 * 8) & 0x0000ffff;
					 *((short*)(_t184 + 0x1a)) =  *(0x1b290d50 + 0xe + _t188 * 8) & 0x0000ffff;
					goto L55;
				} else {
					_t6 = _t184 + 0x1c; // 0x1c
					_t210 = _t6;
					_t216 = _t205;
					E1B258FC0(_t118, __ecx, 0, _t210, __rdx, _t216);
					 *((intOrPtr*)(__rdx + 4)) = 0;
					 *((intOrPtr*)(__rdx + 8)) = 0;
					 *((intOrPtr*)(__rdx + 0xc)) = 0;
					 *(__rdx + 0x10) = _t211;
					 *((intOrPtr*)(__rdx + 0x18)) = 0;
					goto L2;
					do {
						L4:
						_t148 =  *(_t197 + 0x1b290910) & 0x000000ff;
						_t197 = _t197 + 2;
						_t216 = _t216 - 1;
						 *(_t197 - 2) = _t148;
						 *((char*)(_t197 - 1)) =  *(0x1b290911 + _t197 - 2) & 0x000000ff;
					} while (_t216 != 0);
					L58:
					return E1B258680(_t151, _v48 ^ _t213);
					L2:
					_t147 =  *(0x1b290910 + _t210) & 0x000000ff;
					_t210 = _t210 + 1;
					_t205 = _t205 - 1;
					 *(_t210 - 1) = _t147;
					if(_t205 != 0) {
						goto L2;
					} else {
						_t14 = _t184 + 0x11d; // 0x11d
						_t197 = _t14;
						r8d = 0x80;
						goto L4;
					}
				}
			}

















































                                                                                                                                  0x1b2622b0
                                                                                                                                  0x1b2622b0
                                                                                                                                  0x1b2622b0
                                                                                                                                  0x1b2622b0
                                                                                                                                  0x1b2622b0
                                                                                                                                  0x1b2622b0
                                                                                                                                  0x1b2622b0
                                                                                                                                  0x1b2622b0
                                                                                                                                  0x1b2622b0
                                                                                                                                  0x1b2622b7
                                                                                                                                  0x1b2622c1
                                                                                                                                  0x1b2622c6
                                                                                                                                  0x1b2622ca
                                                                                                                                  0x1b2622ce
                                                                                                                                  0x1b2622d2
                                                                                                                                  0x1b2622d6
                                                                                                                                  0x1b2622d9
                                                                                                                                  0x1b2622e0
                                                                                                                                  0x1b2622e2
                                                                                                                                  0x1b262371
                                                                                                                                  0x1b262376
                                                                                                                                  0x1b262376
                                                                                                                                  0x1b262378
                                                                                                                                  0x1b262384
                                                                                                                                  0x1b262386
                                                                                                                                  0x1b262389
                                                                                                                                  0x1b262390
                                                                                                                                  0x1b262390
                                                                                                                                  0x1b262392
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b262398
                                                                                                                                  0x1b26239b
                                                                                                                                  0x1b26239f
                                                                                                                                  0x1b2623a3
                                                                                                                                  0x1b2623a6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2623ad
                                                                                                                                  0x1b2623af
                                                                                                                                  0x1b2623b5
                                                                                                                                  0x1b2623b7
                                                                                                                                  0x1b2624ee
                                                                                                                                  0x1b2624f4
                                                                                                                                  0x1b2626a9
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2626ae
                                                                                                                                  0x1b2624fa
                                                                                                                                  0x1b2624fa
                                                                                                                                  0x1b262508
                                                                                                                                  0x1b26250b
                                                                                                                                  0x1b262510
                                                                                                                                  0x1b262513
                                                                                                                                  0x1b262516
                                                                                                                                  0x1b262520
                                                                                                                                  0x1b262524
                                                                                                                                  0x1b262527
                                                                                                                                  0x1b262530
                                                                                                                                  0x1b262530
                                                                                                                                  0x1b262534
                                                                                                                                  0x1b262538
                                                                                                                                  0x1b262538
                                                                                                                                  0x1b26253c
                                                                                                                                  0x1b26253c
                                                                                                                                  0x1b262548
                                                                                                                                  0x1b262548
                                                                                                                                  0x1b26254f
                                                                                                                                  0x1b262555
                                                                                                                                  0x1b262560
                                                                                                                                  0x1b262560
                                                                                                                                  0x1b262564
                                                                                                                                  0x1b262568
                                                                                                                                  0x1b262568
                                                                                                                                  0x1b26256c
                                                                                                                                  0x1b262575
                                                                                                                                  0x1b262575
                                                                                                                                  0x1b2626a7
                                                                                                                                  0x1b2626a7
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2626a7
                                                                                                                                  0x1b2623bd
                                                                                                                                  0x1b2623bd
                                                                                                                                  0x1b2623c1
                                                                                                                                  0x1b2623c9
                                                                                                                                  0x1b2623ce
                                                                                                                                  0x1b2623d3
                                                                                                                                  0x1b2623d6
                                                                                                                                  0x1b2623d9
                                                                                                                                  0x1b2624df
                                                                                                                                  0x1b2624e2
                                                                                                                                  0x1b2624e6
                                                                                                                                  0x1b26269f
                                                                                                                                  0x1b2626a2
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2626a2
                                                                                                                                  0x1b2623df
                                                                                                                                  0x1b2623e4
                                                                                                                                  0x1b2623e9
                                                                                                                                  0x1b262426
                                                                                                                                  0x1b262426
                                                                                                                                  0x1b262426
                                                                                                                                  0x1b262430
                                                                                                                                  0x1b262430
                                                                                                                                  0x1b262434
                                                                                                                                  0x1b262437
                                                                                                                                  0x1b26243b
                                                                                                                                  0x1b26243b
                                                                                                                                  0x1b26243b
                                                                                                                                  0x1b262444
                                                                                                                                  0x1b262444
                                                                                                                                  0x1b26244a
                                                                                                                                  0x1b2624c4
                                                                                                                                  0x1b2624d0
                                                                                                                                  0x1b2624d3
                                                                                                                                  0x1b2624d7
                                                                                                                                  0x1b26244c
                                                                                                                                  0x1b26244c
                                                                                                                                  0x1b26244c
                                                                                                                                  0x1b26244f
                                                                                                                                  0x1b2624a9
                                                                                                                                  0x1b2624b5
                                                                                                                                  0x1b2624b8
                                                                                                                                  0x1b2624bc
                                                                                                                                  0x1b262451
                                                                                                                                  0x1b262451
                                                                                                                                  0x1b262451
                                                                                                                                  0x1b262454
                                                                                                                                  0x1b26248e
                                                                                                                                  0x1b26249a
                                                                                                                                  0x1b26249d
                                                                                                                                  0x1b2624a1
                                                                                                                                  0x1b262456
                                                                                                                                  0x1b262456
                                                                                                                                  0x1b262459
                                                                                                                                  0x1b262473
                                                                                                                                  0x1b26247f
                                                                                                                                  0x1b262482
                                                                                                                                  0x1b262486
                                                                                                                                  0x1b26245b
                                                                                                                                  0x1b26245b
                                                                                                                                  0x1b26245e
                                                                                                                                  0x1b262465
                                                                                                                                  0x1b262469
                                                                                                                                  0x1b26246c
                                                                                                                                  0x1b262459
                                                                                                                                  0x1b262454
                                                                                                                                  0x1b26244f
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2623f0
                                                                                                                                  0x1b2623f0
                                                                                                                                  0x1b2623f0
                                                                                                                                  0x1b2623f4
                                                                                                                                  0x1b2623f6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2623f8
                                                                                                                                  0x1b2623fc
                                                                                                                                  0x1b2623ff
                                                                                                                                  0x1b262402
                                                                                                                                  0x1b26241d
                                                                                                                                  0x1b26241d
                                                                                                                                  0x1b262421
                                                                                                                                  0x1b262424
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b262404
                                                                                                                                  0x1b262407
                                                                                                                                  0x1b262407
                                                                                                                                  0x1b26240c
                                                                                                                                  0x1b262410
                                                                                                                                  0x1b262410
                                                                                                                                  0x1b262413
                                                                                                                                  0x1b262417
                                                                                                                                  0x1b262417
                                                                                                                                  0x1b262417
                                                                                                                                  0x00000000
                                                                                                                                  0x1b262410
                                                                                                                                  0x1b262402
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2623f0
                                                                                                                                  0x1b2623e9
                                                                                                                                  0x1b262589
                                                                                                                                  0x1b26258d
                                                                                                                                  0x1b262595
                                                                                                                                  0x1b2625a9
                                                                                                                                  0x1b2625b0
                                                                                                                                  0x1b2625b6
                                                                                                                                  0x1b2625b6
                                                                                                                                  0x1b2625c0
                                                                                                                                  0x1b2625c0
                                                                                                                                  0x1b2625c3
                                                                                                                                  0x1b2625c6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2625d0
                                                                                                                                  0x1b2625d0
                                                                                                                                  0x1b2625d5
                                                                                                                                  0x1b2625d7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2625d9
                                                                                                                                  0x1b2625e0
                                                                                                                                  0x1b2625e2
                                                                                                                                  0x1b262607
                                                                                                                                  0x1b262607
                                                                                                                                  0x1b26260b
                                                                                                                                  0x1b26260e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26260e
                                                                                                                                  0x1b2625e4
                                                                                                                                  0x1b2625e4
                                                                                                                                  0x1b2625f0
                                                                                                                                  0x1b2625f4
                                                                                                                                  0x1b2625f7
                                                                                                                                  0x1b2625fb
                                                                                                                                  0x1b262603
                                                                                                                                  0x1b262603
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2625f0
                                                                                                                                  0x1b262610
                                                                                                                                  0x1b262610
                                                                                                                                  0x1b262614
                                                                                                                                  0x1b262618
                                                                                                                                  0x1b262618
                                                                                                                                  0x1b262618
                                                                                                                                  0x1b26261e
                                                                                                                                  0x1b262621
                                                                                                                                  0x1b262621
                                                                                                                                  0x1b262627
                                                                                                                                  0x1b26262e
                                                                                                                                  0x1b262654
                                                                                                                                  0x1b262630
                                                                                                                                  0x1b262630
                                                                                                                                  0x1b262630
                                                                                                                                  0x1b262633
                                                                                                                                  0x1b26264d
                                                                                                                                  0x1b262635
                                                                                                                                  0x1b262635
                                                                                                                                  0x1b262635
                                                                                                                                  0x1b262638
                                                                                                                                  0x1b262646
                                                                                                                                  0x1b26263a
                                                                                                                                  0x1b26263a
                                                                                                                                  0x1b26263d
                                                                                                                                  0x1b26263f
                                                                                                                                  0x1b26263f
                                                                                                                                  0x1b26263d
                                                                                                                                  0x1b262638
                                                                                                                                  0x1b262633
                                                                                                                                  0x1b262659
                                                                                                                                  0x1b262660
                                                                                                                                  0x1b262660
                                                                                                                                  0x1b262669
                                                                                                                                  0x1b262673
                                                                                                                                  0x1b26267d
                                                                                                                                  0x1b262687
                                                                                                                                  0x1b262691
                                                                                                                                  0x1b26269b
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2622e8
                                                                                                                                  0x1b2622e8
                                                                                                                                  0x1b2622e8
                                                                                                                                  0x1b2622f6
                                                                                                                                  0x1b2622f9
                                                                                                                                  0x1b262307
                                                                                                                                  0x1b26230a
                                                                                                                                  0x1b26230d
                                                                                                                                  0x1b262310
                                                                                                                                  0x1b262317
                                                                                                                                  0x1b262317
                                                                                                                                  0x1b262350
                                                                                                                                  0x1b262350
                                                                                                                                  0x1b262350
                                                                                                                                  0x1b262354
                                                                                                                                  0x1b262358
                                                                                                                                  0x1b26235c
                                                                                                                                  0x1b262365
                                                                                                                                  0x1b262365
                                                                                                                                  0x1b2626b3
                                                                                                                                  0x1b2626de
                                                                                                                                  0x1b262320
                                                                                                                                  0x1b262320
                                                                                                                                  0x1b262324
                                                                                                                                  0x1b262328
                                                                                                                                  0x1b26232c
                                                                                                                                  0x1b26232f
                                                                                                                                  0x00000000
                                                                                                                                  0x1b262331
                                                                                                                                  0x1b262338
                                                                                                                                  0x1b262338
                                                                                                                                  0x1b26233f
                                                                                                                                  0x00000000
                                                                                                                                  0x1b262345
                                                                                                                                  0x1b26232f

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 1B2621A0: GetOEMCP.KERNEL32(?,?,?,?,1B262725,?,?,?,?,?,?,?,?,1B262937), ref: 1B262248
                                                                                                                                  • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,1B26276B), ref: 1B2623AF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Info
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1807457897-0
                                                                                                                                  • Opcode ID: ba4f4ed6627319334d1b0f62f37035f12c7e936aaa127373970146d7ebfb7ae2
                                                                                                                                  • Instruction ID: d4e0cf67e3003bddf359823a0935f4e77d5565104d0c5517773ea4601e8202ad
                                                                                                                                  • Opcode Fuzzy Hash: ba4f4ed6627319334d1b0f62f37035f12c7e936aaa127373970146d7ebfb7ae2
                                                                                                                                  • Instruction Fuzzy Hash: 02B1D0B6A187D58AD704CF35D4843ADBBA0F71AF88F54801ADF8847388DB79D698CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B232C00 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                  • String ID: map/set<T> too long
                                                                                                                                  • API String ID: 3997070919-1285458680
                                                                                                                                  • Opcode ID: 6ad3477f2528f4d4a2abac54d73359956c776e38586ebd04fa8fbb2862e804d4
                                                                                                                                  • Instruction ID: 9918afce7697adbc945688e4701f77a85db608fd53a8fbcd251556ee53cb807a
                                                                                                                                  • Opcode Fuzzy Hash: 6ad3477f2528f4d4a2abac54d73359956c776e38586ebd04fa8fbb2862e804d4
                                                                                                                                  • Instruction Fuzzy Hash: ABC1C0B6205F89C5CB11CF19E0803887BA5F389F99F658516DA9C4B7A4DF79C8AAC340
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B26A83E Relevance: .2, Instructions: 181COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 73b71cf0747e596dce55580c3c0a05e6b03f249fe9704b44da360f0cbb665991
                                                                                                                                  • Instruction ID: 936daddb89b6a2d343980b4139a2e09049e11843014cac8b2269976d3c931fa7
                                                                                                                                  • Opcode Fuzzy Hash: 73b71cf0747e596dce55580c3c0a05e6b03f249fe9704b44da360f0cbb665991
                                                                                                                                  • Instruction Fuzzy Hash: C061D6B7A287C5C6D711CF2BD0807E9B7A2F7927C4F905106EE8943A98DB79C589CB01
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B26AAD1 Relevance: .2, Instructions: 173COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a26006e72ef4115472f2a1b77c51d677f4d19f589019911f610275f5e35ea081
                                                                                                                                  • Instruction ID: 74822afd4333c2cba8163a9db5b9c2c5bdd7912a2c30bc9270870e2c8c513cdc
                                                                                                                                  • Opcode Fuzzy Hash: a26006e72ef4115472f2a1b77c51d677f4d19f589019911f610275f5e35ea081
                                                                                                                                  • Instruction Fuzzy Hash: 9A61C4B7A286D5C6D710CF1AD0807DAB7A2F3927C0F905106EE8943A98DB79D8C9CF01
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B26A8FE Relevance: .2, Instructions: 169COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 719876896706da8800c402d9fab5dc6e1ed1ea66996dbeaf68cadf052c928312
                                                                                                                                  • Instruction ID: 7ea7f435ba480adf3f32312c583ccf1c45a9648eebf033802360e4b8dce2624f
                                                                                                                                  • Opcode Fuzzy Hash: 719876896706da8800c402d9fab5dc6e1ed1ea66996dbeaf68cadf052c928312
                                                                                                                                  • Instruction Fuzzy Hash: 2161A5726286D5C6D710CF16D0807DAB762F3967C4F905106EE8983A98EB3DD5C9CB01
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B26A96C Relevance: .2, Instructions: 162COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a15711690a530a58ffe09976f3963a615e3202c4818a06175402488346c6dab4
                                                                                                                                  • Instruction ID: 4a1e216237b1995e76dea77b671a0afe6c55731dbafde21c31e1cd54bfaa4cbb
                                                                                                                                  • Opcode Fuzzy Hash: a15711690a530a58ffe09976f3963a615e3202c4818a06175402488346c6dab4
                                                                                                                                  • Instruction Fuzzy Hash: 305195B7A297D586D7208F2BD0807DAB7A2F3927C0F505106EE8943A98DB79C5C9CF01
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B26A9E4 Relevance: .2, Instructions: 162COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 13393d59b88161e6183abd9d4694ee97a7d07ce8665e566359e5087ed343ed31
                                                                                                                                  • Instruction ID: a8f8e0ec99d8ca6866166e2c4e84eb58f4286091679d8b207b8c458a76a5b95f
                                                                                                                                  • Opcode Fuzzy Hash: 13393d59b88161e6183abd9d4694ee97a7d07ce8665e566359e5087ed343ed31
                                                                                                                                  • Instruction Fuzzy Hash: 6B517477A287D5C6D720CF1AD4807DAB7B2F396780F905106EE8983A98DB79D489CF01
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B26A9AC Relevance: .2, Instructions: 157COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b32b907fabeedbf8d29ee0a488682230193fc6229b4833257ff963c5f19965df
                                                                                                                                  • Instruction ID: e7bd4ec8abc114037e30ab78bee8929c3799dc171bd6d366e4051fbcad0569f4
                                                                                                                                  • Opcode Fuzzy Hash: b32b907fabeedbf8d29ee0a488682230193fc6229b4833257ff963c5f19965df
                                                                                                                                  • Instruction Fuzzy Hash: 335195776286D5C6D710CF1BD4807DAB7A2F3927C0F505106EE8943A58EB39D489CF01
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B26A8D9 Relevance: .2, Instructions: 153COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d7411fd643d699404a192c9933812ef79bf9066082e99e354fbbba9e4dfbc0d0
                                                                                                                                  • Instruction ID: 5f2d475e7774efb87537c18be85f2da569f05764bc9a50cdca38f97feb814f0b
                                                                                                                                  • Opcode Fuzzy Hash: d7411fd643d699404a192c9933812ef79bf9066082e99e354fbbba9e4dfbc0d0
                                                                                                                                  • Instruction Fuzzy Hash: AB5194B76287D5C6D720CF1BD4807DAB7A2F396780F905106EE8943A98DB79D489CF01
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B26AA2C Relevance: .1, Instructions: 146COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 12227cfd181375c041159521606165315b0f5f10a3ffbc2f4f5089e9eb38feee
                                                                                                                                  • Instruction ID: e80eb42846d5a9ebca22f9fbe959f64f693d85b036d2e74b87c5a9320f4244f8
                                                                                                                                  • Opcode Fuzzy Hash: 12227cfd181375c041159521606165315b0f5f10a3ffbc2f4f5089e9eb38feee
                                                                                                                                  • Instruction Fuzzy Hash: 7151B3B7A287D5C6C720CF1AE0807DAB7A2F392780F505106EE8943A58DB79D489CF01
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B237B80 Relevance: .1, Instructions: 127COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e8a6ac774f685350f88681e3e5bbc434544f4c31443a993fb8ca1602a5b5a3f9
                                                                                                                                  • Instruction ID: 56e01006d4d25779369760c23be1f0f1801359bfa5c6924c5ea33714e04aa846
                                                                                                                                  • Opcode Fuzzy Hash: e8a6ac774f685350f88681e3e5bbc434544f4c31443a993fb8ca1602a5b5a3f9
                                                                                                                                  • Instruction Fuzzy Hash: 28511366605B8A86DF00CF26E4C0799B3A5F349F88F289516DB8C47B78DF38D49AC340
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B238340 Relevance: .1, Instructions: 117COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a0ed45303c3725c9eac46cfffacb9d7cc3ac6a1f483730237c8ecf2de89a291c
                                                                                                                                  • Instruction ID: 0f24ff0c557644564894f0973452ba5e9e086247d0c3de40883982365ee1014e
                                                                                                                                  • Opcode Fuzzy Hash: a0ed45303c3725c9eac46cfffacb9d7cc3ac6a1f483730237c8ecf2de89a291c
                                                                                                                                  • Instruction Fuzzy Hash: 27411E76619BC895D7808F16E4C038DBBA5F389F99F545416EB8D0BBB5CBB8C0A8C704
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B258BA0 Relevance: .1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f0dc7e3a765498b99f12106e95142b900e9fccc9f8eeee5d709c67f17a39d481
                                                                                                                                  • Instruction ID: 232aa2cd4cfdd637aa709a3ee0441df2cfdda5937189ff534e8e3ed8e14a7af2
                                                                                                                                  • Opcode Fuzzy Hash: f0dc7e3a765498b99f12106e95142b900e9fccc9f8eeee5d709c67f17a39d481
                                                                                                                                  • Instruction Fuzzy Hash: D441BC73A11B82C2CB24CF18D4C069EB764F785B99B618302DBA98B7D4DBB5D05ACB00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B242310 Relevance: .1, Instructions: 83COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bb0ece489894b048fc2bfd4e9641c23d792a098f4450ffc90cd3aa1cdc424295
                                                                                                                                  • Instruction ID: 2a8d70d610e5d5b6c132992416e5937245e72fdc7a148ff40121aacd85b60d1b
                                                                                                                                  • Opcode Fuzzy Hash: bb0ece489894b048fc2bfd4e9641c23d792a098f4450ffc90cd3aa1cdc424295
                                                                                                                                  • Instruction Fuzzy Hash: 3D21C5777247D087CB18CF16D1C01ADBBB4FB4AB85BA01526DB8A57F04DB25D598CB40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B23DF19 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 213COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 47%
                                                                                                                                  			E1B23DF19(long long __r14, long long _a32, long long _a48, intOrPtr* _a56, intOrPtr* _a64, intOrPtr* _a80, long long _a88, char _a112, intOrPtr* _a120, intOrPtr* _a128, intOrPtr* _a152, intOrPtr* _a160, long long _a168, void* _a176, void* _a184, char _a224, long long _a256, void* _a272, void* _a296, char _a320, void* _a344, char _a408, char _a432, void* _a480, void* _a488, void* _a496, void* _a512, void* _a520, void* _a528, void* _a536) {
				void* _t77;
				void* _t89;
				void* _t90;
				void* _t91;
				void* _t92;
				long long _t120;
				long long _t129;
				intOrPtr* _t131;
				void* _t132;
				intOrPtr* _t139;
				intOrPtr* _t140;
				intOrPtr* _t142;
				intOrPtr* _t146;
				intOrPtr* _t147;
				intOrPtr* _t148;
				intOrPtr* _t149;
				void* _t161;
				long long _t166;
				long long _t169;
				void* _t172;
				void* _t175;
				void* _t180;
				void* _t181;
				void* _t182;
				intOrPtr* _t184;
				intOrPtr* _t186;
				long long _t188;
				long long _t190;
				long long _t191;

				_t188 = __r14;
				r14d = 0;
				_t92 = r14d;
				_t186 = _a64;
				_t184 = _a56;
				_t166 = _a48;
				_t129 = _a32;
				_t169 = _a168;
				_t120 =  &_a224;
				_a256 = _t120;
				E1B2595E0(0x18, _t89, _t91, _t92, _t120, _t132, _t166, _t169, _t175, _t180);
				_t190 = _t120;
				_a88 = _t120;
				if(_t120 == 0) {
					_t190 = __r14;
				} else {
					 *((long long*)(_t120 + 8)) = __r14;
					 *((intOrPtr*)(_t120 + 0x10)) = 1;
					E1B257E40(0x18, _t89, _t90, _t91, _t129, 0x1b26e52c, _t161, _t166, _t169, _t175, _t180, _t181, _t182, _t184);
					 *_t190 = _t120;
				}
				_a224 = _t190;
				if(_t190 == 0) {
					E1B257D80();
				}
				_t133 = _a80;
				if(_a80 == 0) {
					E1B257D80();
					_t133 = _a80;
				}
				E1B23C510(_t89, _t90, _t129, _t133,  &_a176, _t166, _t169,  &_a224);
				_t134 = _a176;
				_t96 = _a176;
				if(_a176 == 0) {
					E1B257D80();
					_t134 = _a176;
				}
				r9d = 0;
				E1B23BC00(_t129, _t134,  &_a408, _t166, _t169, _t172,  &_a320, _t180);
				__imp__#9();
				_a256 =  &_a112;
				E1B2595E0(0x18, _t89, _t91, _t96, _t120,  &_a408, _t166, _t169,  &_a320, _t180);
				_t191 = _t120;
				_a88 = _t120;
				if(_t120 == 0) {
					_t191 = _t188;
				} else {
					 *((long long*)(_t120 + 8)) = _t188;
					 *((intOrPtr*)(_t120 + 0x10)) = 1;
					E1B257E40(0x18, _t89, _t90, _t91, _t129, 0x1b26e528,  &_a408, _t166, _t169,  &_a320, _t180, _t181,  &_a112, _t184);
					 *_t191 = _t120;
				}
				_a112 = _t191;
				if(_t191 == 0) {
					E1B257D80();
				}
				_t136 = _a80;
				if(_a80 == 0) {
					E1B257D80();
					_t136 = _a80;
				}
				E1B23C510(_t89, _t90, _t129, _t136,  &_a184, _t166, _t169,  &_a112);
				_t137 = _a184;
				if(_a184 == 0) {
					E1B257D80();
					_t137 = _a184;
				}
				r9d = 0;
				_t77 = E1B23BC00(_t129, _t137,  &_a432, _t166, _t169, _t172,  &_a320, _t180);
				__imp__#9();
				r15d = 0xffffffff;
				_t121 =  *0x1b291a28; // 0x1b490cd0
				 *((intOrPtr*)(_t121 + 4)) = 1;
				_t139 = _a184;
				if(_t139 != 0) {
					_t121 =  *_t139;
					_t77 =  *((intOrPtr*)( *_t139 + 0x10))();
				}
				_t140 = _a176;
				if(_t140 != 0) {
					_t121 =  *_t140;
					_t77 =  *((intOrPtr*)( *_t140 + 0x10))();
				}
				if(_t169 != 0) {
					__imp__#22();
					if(_t77 >= 0) {
						__imp__#16();
						_t171 =  >=  ? _t188 : _t169;
						_a168 =  >=  ? _t188 : _t169;
					}
				}
				if(_t129 != 0) {
					asm("lock inc esp");
					r15d = r15d + 0xffffffff;
					if(r15d == 0) {
						_t131 = _a32;
						if( *_t131 != 0) {
							__imp__#6();
						}
						_t155 =  *((intOrPtr*)(_t131 + 8));
						if( *((intOrPtr*)(_t131 + 8)) != 0) {
							L1B259C50(_t121, _t155);
						}
						_t77 = L1B240E40(_t121, _t131);
					}
					_a32 = _t188;
					_t186 = _a64;
					_t184 = _a56;
					_t166 = _a48;
				}
				__imp__#9();
				_t142 = _a128;
				if(_t142 != 0) {
					_t77 =  *((intOrPtr*)( *_t142 + 0x10))();
				}
				if(_t166 != 0) {
					__imp__#22();
					if(_t77 >= 0) {
						__imp__#16();
						_t168 =  >=  ? _t188 : _t166;
						_a48 =  >=  ? _t188 : _t166;
					}
				}
				__imp__#9();
				__imp__#9();
				__imp__#9();
				_t146 = _a152;
				if(_t146 != 0) {
					_t77 =  *((intOrPtr*)( *_t146 + 0x10))();
				}
				_t147 = _a160;
				if(_t147 != 0) {
					_t77 =  *((intOrPtr*)( *_t147 + 0x10))();
				}
				_t148 = _a80;
				if(_t148 != 0) {
					_t77 =  *((intOrPtr*)( *_t148 + 0x10))();
				}
				_t149 = _a120;
				if(_t149 != 0) {
					_t77 =  *((intOrPtr*)( *_t149 + 0x10))();
				}
				if(_t184 != 0) {
					_t77 =  *((intOrPtr*)( *_t184 + 0x10))();
				}
				if(_t186 != 0) {
					_t77 =  *((intOrPtr*)( *_t186 + 0x10))();
				}
				return _t77;
			}
































                                                                                                                                  0x1b23df19
                                                                                                                                  0x1b23df19
                                                                                                                                  0x1b23df19
                                                                                                                                  0x1b23df1c
                                                                                                                                  0x1b23df21
                                                                                                                                  0x1b23df26
                                                                                                                                  0x1b23df2b
                                                                                                                                  0x1b23df30
                                                                                                                                  0x1b23df38
                                                                                                                                  0x1b23df40
                                                                                                                                  0x1b23df4d
                                                                                                                                  0x1b23df52
                                                                                                                                  0x1b23df55
                                                                                                                                  0x1b23df5d
                                                                                                                                  0x1b23df7b
                                                                                                                                  0x1b23df5f
                                                                                                                                  0x1b23df5f
                                                                                                                                  0x1b23df63
                                                                                                                                  0x1b23df71
                                                                                                                                  0x1b23df76
                                                                                                                                  0x1b23df76
                                                                                                                                  0x1b23df7e
                                                                                                                                  0x1b23df89
                                                                                                                                  0x1b23df90
                                                                                                                                  0x1b23df90
                                                                                                                                  0x1b23df96
                                                                                                                                  0x1b23df9e
                                                                                                                                  0x1b23dfa5
                                                                                                                                  0x1b23dfaa
                                                                                                                                  0x1b23dfaa
                                                                                                                                  0x1b23dfbf
                                                                                                                                  0x1b23dfc5
                                                                                                                                  0x1b23dfcd
                                                                                                                                  0x1b23dfd0
                                                                                                                                  0x1b23dfd7
                                                                                                                                  0x1b23dfdc
                                                                                                                                  0x1b23dfdc
                                                                                                                                  0x1b23dfe4
                                                                                                                                  0x1b23dff7
                                                                                                                                  0x1b23e005
                                                                                                                                  0x1b23e010
                                                                                                                                  0x1b23e01d
                                                                                                                                  0x1b23e022
                                                                                                                                  0x1b23e025
                                                                                                                                  0x1b23e02d
                                                                                                                                  0x1b23e04b
                                                                                                                                  0x1b23e02f
                                                                                                                                  0x1b23e02f
                                                                                                                                  0x1b23e033
                                                                                                                                  0x1b23e041
                                                                                                                                  0x1b23e046
                                                                                                                                  0x1b23e046
                                                                                                                                  0x1b23e04e
                                                                                                                                  0x1b23e056
                                                                                                                                  0x1b23e05d
                                                                                                                                  0x1b23e05d
                                                                                                                                  0x1b23e063
                                                                                                                                  0x1b23e06b
                                                                                                                                  0x1b23e072
                                                                                                                                  0x1b23e077
                                                                                                                                  0x1b23e077
                                                                                                                                  0x1b23e089
                                                                                                                                  0x1b23e08f
                                                                                                                                  0x1b23e09a
                                                                                                                                  0x1b23e0a1
                                                                                                                                  0x1b23e0a6
                                                                                                                                  0x1b23e0a6
                                                                                                                                  0x1b23e0ae
                                                                                                                                  0x1b23e0c1
                                                                                                                                  0x1b23e0cf
                                                                                                                                  0x1b23e0d6
                                                                                                                                  0x1b23e101
                                                                                                                                  0x1b23e108
                                                                                                                                  0x1b23e10f
                                                                                                                                  0x1b23e11a
                                                                                                                                  0x1b23e11c
                                                                                                                                  0x1b23e11f
                                                                                                                                  0x1b23e11f
                                                                                                                                  0x1b23e123
                                                                                                                                  0x1b23e12e
                                                                                                                                  0x1b23e130
                                                                                                                                  0x1b23e133
                                                                                                                                  0x1b23e133
                                                                                                                                  0x1b23e13a
                                                                                                                                  0x1b23e13f
                                                                                                                                  0x1b23e147
                                                                                                                                  0x1b23e14c
                                                                                                                                  0x1b23e154
                                                                                                                                  0x1b23e158
                                                                                                                                  0x1b23e158
                                                                                                                                  0x1b23e147
                                                                                                                                  0x1b23e163
                                                                                                                                  0x1b23e165
                                                                                                                                  0x1b23e16b
                                                                                                                                  0x1b23e16f
                                                                                                                                  0x1b23e171
                                                                                                                                  0x1b23e17c
                                                                                                                                  0x1b23e17e
                                                                                                                                  0x1b23e17e
                                                                                                                                  0x1b23e184
                                                                                                                                  0x1b23e18b
                                                                                                                                  0x1b23e18d
                                                                                                                                  0x1b23e18d
                                                                                                                                  0x1b23e195
                                                                                                                                  0x1b23e195
                                                                                                                                  0x1b23e19a
                                                                                                                                  0x1b23e19f
                                                                                                                                  0x1b23e1a4
                                                                                                                                  0x1b23e1a9
                                                                                                                                  0x1b23e1a9
                                                                                                                                  0x1b23e1b6
                                                                                                                                  0x1b23e1bd
                                                                                                                                  0x1b23e1c8
                                                                                                                                  0x1b23e1cd
                                                                                                                                  0x1b23e1cd
                                                                                                                                  0x1b23e1d4
                                                                                                                                  0x1b23e1d9
                                                                                                                                  0x1b23e1e1
                                                                                                                                  0x1b23e1e6
                                                                                                                                  0x1b23e1ee
                                                                                                                                  0x1b23e1f2
                                                                                                                                  0x1b23e1f2
                                                                                                                                  0x1b23e1e1
                                                                                                                                  0x1b23e1ff
                                                                                                                                  0x1b23e20e
                                                                                                                                  0x1b23e21d
                                                                                                                                  0x1b23e224
                                                                                                                                  0x1b23e22f
                                                                                                                                  0x1b23e234
                                                                                                                                  0x1b23e234
                                                                                                                                  0x1b23e238
                                                                                                                                  0x1b23e243
                                                                                                                                  0x1b23e248
                                                                                                                                  0x1b23e248
                                                                                                                                  0x1b23e24c
                                                                                                                                  0x1b23e254
                                                                                                                                  0x1b23e259
                                                                                                                                  0x1b23e259
                                                                                                                                  0x1b23e25d
                                                                                                                                  0x1b23e265
                                                                                                                                  0x1b23e26a
                                                                                                                                  0x1b23e26a
                                                                                                                                  0x1b23e271
                                                                                                                                  0x1b23e27a
                                                                                                                                  0x1b23e27a
                                                                                                                                  0x1b23e281
                                                                                                                                  0x1b23e28a
                                                                                                                                  0x1b23e28a
                                                                                                                                  0x1b23e2cc

                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ArrayClearSafeVariant$DestroyUnlock
                                                                                                                                  • String ID: End$Flush
                                                                                                                                  • API String ID: 2360822920-3886760719
                                                                                                                                  • Opcode ID: 63a8cc408fc65a921913188aaaa38d84cda1b229669368ece49e3487d0f1df2f
                                                                                                                                  • Instruction ID: ffaa68316a250b7065aa276c3d10a1f0c7abdb182ba243d16212e03c3c8eb62a
                                                                                                                                  • Opcode Fuzzy Hash: 63a8cc408fc65a921913188aaaa38d84cda1b229669368ece49e3487d0f1df2f
                                                                                                                                  • Instruction Fuzzy Hash: 68912476306B8686DA24EB62E4903EAB360FBC9F85F114415DE8E57B68CF78C44DCB41
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B245D80 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 79memorysleeplibraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HandleModule$Virtual$Protect$AddressEventProcQuerySleep
                                                                                                                                  • String ID: getJit$mscorjit.dll$mscorwks.dll
                                                                                                                                  • API String ID: 1621864188-1843636318
                                                                                                                                  • Opcode ID: 1e5e2ae84f21dc2aff793bb38be810a78433aee76b6268ff7c464312163916d1
                                                                                                                                  • Instruction ID: b8d15419e8383c5f754ebc9441ec3532bc633a6f3211234a5208be0a10272ebc
                                                                                                                                  • Opcode Fuzzy Hash: 1e5e2ae84f21dc2aff793bb38be810a78433aee76b6268ff7c464312163916d1
                                                                                                                                  • Instruction Fuzzy Hash: 9631C536616F4992EB54DF25E88439A73A0FB88B90F541115DF8E43B68DF3CD499CB00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B24A320 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 76memorysleeplibraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HandleModule$Virtual$Protect$AddressEventProcQuerySleep
                                                                                                                                  • String ID: getJit$mscorjit.dll$mscorwks.dll
                                                                                                                                  • API String ID: 1621864188-1843636318
                                                                                                                                  • Opcode ID: 73ff29efac7e270052e6e972c5c622fc430e18d8a25a077795ae566aee051462
                                                                                                                                  • Instruction ID: 64e9ee8ddb15e4635cd29b24970c8d4c1e8459f0afcd375acbb7942f603f6653
                                                                                                                                  • Opcode Fuzzy Hash: 73ff29efac7e270052e6e972c5c622fc430e18d8a25a077795ae566aee051462
                                                                                                                                  • Instruction Fuzzy Hash: F531E235616F4992EB44CF66F88439973A0F789B85F64142ADA8E43B68DF3CC49DCB00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B266BA0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 140libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 47%
                                                                                                                                  			E1B266BA0(void* __edx, void* __eflags, long long __rbx, void* __rcx, char* __rdx, long long __rdi, long long __rsi, long long __rbp, char* __r8, void* __r9, long long __r12, long long __r13, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _v8;
				void* _v16;
				signed int _v32;
				char _v40;
				char _v48;
				char _v52;
				char _v56;
				long long _v72;
				signed int _t28;
				void* _t30;
				void* _t34;
				_Unknown_base(*)()* _t37;
				void* _t52;
				void* _t54;
				long long _t56;
				long long _t57;
				long long _t60;
				long long _t61;
				long long _t62;
				long long _t64;
				long long _t67;
				long long _t89;
				long long _t95;

				_t96 = __r8;
				_t82 = __rdx;
				_t57 = __rbx;
				_t56 = _t95;
				 *((long long*)(_t56 + 8)) = __rbx;
				 *((long long*)(_t56 + 0x10)) = __rbp;
				 *((long long*)(_t56 + 0x18)) = __rsi;
				 *((long long*)(_t56 + 0x20)) = __rdi;
				 *((long long*)(_t56 - 8)) = __r12;
				 *((long long*)(_t56 - 0x10)) = __r13;
				_t52 = r8d;
				_t28 = E1B25E180(_t56);
				_t54 =  *0x1b293a18 - _t57; // 0x0
				_t89 = _t56;
				_v56 = 0;
				_v52 = 0;
				if(_t54 != 0) {
					L9:
					_t60 =  *0x1b293a30; // 0x0
					__eflags = _t60 - _t89;
					if(_t60 == _t89) {
						L19:
						_t61 =  *0x1b293a20; // 0x0
						__eflags = _t61 - _t89;
						if(_t61 != _t89) {
							E1B25E1E0(_t28, _t56, _t61);
							_t28 =  *_t56();
							__eflags = _t56;
							_t57 = _t56;
							if(_t56 != 0) {
								_t64 =  *0x1b293a28; // 0x0
								__eflags = _t64 - _t89;
								if(_t64 != _t89) {
									E1B25E1E0(_t28, _t56, _t64);
									_t28 =  *_t56();
									_t57 = _t56;
								}
							}
						}
						L23:
						_t62 =  *0x1b293a18; // 0x0
						E1B25E1E0(_t28, _t56, _t62);
						r9d = _t52;
						_t30 =  *_t56();
						L24:
						return _t30;
					}
					__eflags =  *0x1b293a38 - _t89; // 0x0
					if(__eflags == 0) {
						goto L19;
					}
					E1B25E1E0(_t28, _t56, _t60);
					_t34 =  *_t56();
					__eflags = _t56;
					if(_t56 == 0) {
						L14:
						_t28 = E1B2597B0(_t56,  &_v52);
						__eflags = _t28;
						if(_t28 != 0) {
							r9d = 0;
							r8d = 0;
							__eflags = 0;
							_v72 = _t57;
							_t28 = E1B2590C0(0, _t82, _t96);
						}
						__eflags = _v52 - 4;
						if(_v52 < 4) {
							asm("bts edi, 0x12");
						} else {
							asm("bts edi, 0x15");
						}
						goto L23;
					}
					_t67 =  *0x1b293a38; // 0x0
					E1B25E1E0(_t34, _t56, _t67);
					r9d = 0xc;
					_v72 =  &_v48;
					_t96 =  &_v40;
					_t28 =  *_t56();
					__eflags = _t28;
					if(_t28 == 0) {
						goto L14;
					}
					__eflags = _v32 & 0x00000001;
					if((_v32 & 0x00000001) != 0) {
						goto L19;
					}
					goto L14;
				}
				LoadLibraryA();
				if(_t56 != 0) {
					_t37 = GetProcAddress();
					__eflags = _t56;
					if(_t56 == 0) {
						goto L2;
					} else {
						E1B25E110(_t37, _t56, _t56);
						 *0x1b293a18 = _t56;
						E1B25E110(GetProcAddress(??, ??), _t56, _t56);
						_t82 = "GetLastActivePopup";
						 *0x1b293a20 = _t56;
						E1B25E110(GetProcAddress(??, ??), _t56, _t56);
						 *0x1b293a28 = _t56;
						_t28 = E1B259760(_t56,  &_v56);
						__eflags = _t28;
						if(_t28 != 0) {
							r9d = 0;
							r8d = 0;
							__eflags = 0;
							_v72 = __rbx;
							_t28 = E1B2590C0(0, "GetLastActivePopup", __r8);
						}
						__eflags = _v56 - 2;
						if(_v56 == 2) {
							_t82 = "GetUserObjectInformationA";
							_t28 = E1B25E110(GetProcAddress(??, ??), _t56, _t56);
							__eflags = _t56;
							 *0x1b293a38 = _t56;
							if(_t56 != 0) {
								_t82 = "GetProcessWindowStation";
								_t28 = E1B25E110(GetProcAddress(??, ??), _t56, _t56);
								 *0x1b293a30 = _t56;
							}
						}
						goto L9;
					}
				}
				L2:
				_t30 = 0;
				goto L24;
			}


























                                                                                                                                  0x1b266ba0
                                                                                                                                  0x1b266ba0
                                                                                                                                  0x1b266ba0
                                                                                                                                  0x1b266ba0
                                                                                                                                  0x1b266ba7
                                                                                                                                  0x1b266bab
                                                                                                                                  0x1b266baf
                                                                                                                                  0x1b266bb3
                                                                                                                                  0x1b266bb7
                                                                                                                                  0x1b266bbb
                                                                                                                                  0x1b266bc2
                                                                                                                                  0x1b266bc8
                                                                                                                                  0x1b266bcf
                                                                                                                                  0x1b266bd6
                                                                                                                                  0x1b266bd9
                                                                                                                                  0x1b266bdd
                                                                                                                                  0x1b266be1
                                                                                                                                  0x1b266cd1
                                                                                                                                  0x1b266cd1
                                                                                                                                  0x1b266cd8
                                                                                                                                  0x1b266cdb
                                                                                                                                  0x1b266d63
                                                                                                                                  0x1b266d63
                                                                                                                                  0x1b266d6a
                                                                                                                                  0x1b266d6d
                                                                                                                                  0x1b266d6f
                                                                                                                                  0x1b266d74
                                                                                                                                  0x1b266d76
                                                                                                                                  0x1b266d79
                                                                                                                                  0x1b266d7c
                                                                                                                                  0x1b266d7e
                                                                                                                                  0x1b266d85
                                                                                                                                  0x1b266d88
                                                                                                                                  0x1b266d8a
                                                                                                                                  0x1b266d92
                                                                                                                                  0x1b266d94
                                                                                                                                  0x1b266d94
                                                                                                                                  0x1b266d88
                                                                                                                                  0x1b266d7c
                                                                                                                                  0x1b266d97
                                                                                                                                  0x1b266d97
                                                                                                                                  0x1b266d9e
                                                                                                                                  0x1b266da3
                                                                                                                                  0x1b266daf
                                                                                                                                  0x1b266db1
                                                                                                                                  0x1b266dd9
                                                                                                                                  0x1b266dd9
                                                                                                                                  0x1b266ce1
                                                                                                                                  0x1b266ce8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b266cea
                                                                                                                                  0x1b266cef
                                                                                                                                  0x1b266cf1
                                                                                                                                  0x1b266cf7
                                                                                                                                  0x1b266d2e
                                                                                                                                  0x1b266d33
                                                                                                                                  0x1b266d38
                                                                                                                                  0x1b266d3a
                                                                                                                                  0x1b266d3c
                                                                                                                                  0x1b266d3f
                                                                                                                                  0x1b266d44
                                                                                                                                  0x1b266d46
                                                                                                                                  0x1b266d4b
                                                                                                                                  0x1b266d4b
                                                                                                                                  0x1b266d50
                                                                                                                                  0x1b266d55
                                                                                                                                  0x1b266d5d
                                                                                                                                  0x1b266d57
                                                                                                                                  0x1b266d57
                                                                                                                                  0x1b266d57
                                                                                                                                  0x00000000
                                                                                                                                  0x1b266d55
                                                                                                                                  0x1b266cf9
                                                                                                                                  0x1b266d00
                                                                                                                                  0x1b266d0a
                                                                                                                                  0x1b266d10
                                                                                                                                  0x1b266d19
                                                                                                                                  0x1b266d21
                                                                                                                                  0x1b266d23
                                                                                                                                  0x1b266d25
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b266d27
                                                                                                                                  0x1b266d2c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b266d2c
                                                                                                                                  0x1b266bee
                                                                                                                                  0x1b266bfa
                                                                                                                                  0x1b266c0d
                                                                                                                                  0x1b266c13
                                                                                                                                  0x1b266c16
                                                                                                                                  0x00000000
                                                                                                                                  0x1b266c18
                                                                                                                                  0x1b266c1b
                                                                                                                                  0x1b266c2a
                                                                                                                                  0x1b266c3a
                                                                                                                                  0x1b266c3f
                                                                                                                                  0x1b266c49
                                                                                                                                  0x1b266c59
                                                                                                                                  0x1b266c63
                                                                                                                                  0x1b266c6a
                                                                                                                                  0x1b266c6f
                                                                                                                                  0x1b266c71
                                                                                                                                  0x1b266c73
                                                                                                                                  0x1b266c76
                                                                                                                                  0x1b266c7b
                                                                                                                                  0x1b266c7d
                                                                                                                                  0x1b266c82
                                                                                                                                  0x1b266c82
                                                                                                                                  0x1b266c87
                                                                                                                                  0x1b266c8c
                                                                                                                                  0x1b266c8e
                                                                                                                                  0x1b266ca1
                                                                                                                                  0x1b266ca6
                                                                                                                                  0x1b266ca9
                                                                                                                                  0x1b266cb0
                                                                                                                                  0x1b266cb2
                                                                                                                                  0x1b266cc5
                                                                                                                                  0x1b266cca
                                                                                                                                  0x1b266cca
                                                                                                                                  0x1b266cb0
                                                                                                                                  0x00000000
                                                                                                                                  0x1b266c8c
                                                                                                                                  0x1b266c16
                                                                                                                                  0x1b266bfc
                                                                                                                                  0x1b266bfc
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 1B25E180: FlsGetValue.KERNEL32(?,?,?,?,1B266BCD), ref: 1B25E18F
                                                                                                                                  • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,1B2603EB), ref: 1B266BEE
                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,1B2603EB), ref: 1B266C0D
                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,1B2603EB), ref: 1B266C31
                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,1B2603EB), ref: 1B266C50
                                                                                                                                  • GetProcAddress.KERNEL32 ref: 1B266C98
                                                                                                                                  • GetProcAddress.KERNEL32 ref: 1B266CBC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$LibraryLoadValue
                                                                                                                                  • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                                                                                                  • API String ID: 3789089765-232180764
                                                                                                                                  • Opcode ID: a46ed963fd9bdb8350db49bb735e9f4287fc6829544d9f195919bc75e55c8fb4
                                                                                                                                  • Instruction ID: e848ca06f0c510092f04624aa008bc62a65ba6428e55a548b49d3007d8d6b250
                                                                                                                                  • Opcode Fuzzy Hash: a46ed963fd9bdb8350db49bb735e9f4287fc6829544d9f195919bc75e55c8fb4
                                                                                                                                  • Instruction Fuzzy Hash: BF518935611B5286EE24EF62B8D13DA33A4BB85BC4F545125EE8E43B54EF38D98DC700
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B23CB80 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 381COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 40%
                                                                                                                                  			E1B23CB80(void* __edi, long long __rbx, long long* __rcx, long long* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r9, void* __r10, long long __r12, long long __r13, signed int __r14, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _v8;
				void* _v16;
				void* _v24;
				signed int _v40;
				signed int _v48;
				long long _v56;
				void* _v64;
				signed int _v72;
				signed int _v80;
				signed int _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				signed int _v104;
				char _v112;
				char _v120;
				intOrPtr* _v128;
				intOrPtr _v136;
				signed int _v144;
				signed int _v152;
				signed int _t128;
				signed int _t129;
				signed int _t130;
				signed int _t140;
				signed int _t142;
				intOrPtr _t188;
				intOrPtr _t199;
				signed int _t207;
				intOrPtr* _t227;
				signed int _t229;
				intOrPtr* _t231;
				intOrPtr* _t232;
				intOrPtr* _t240;
				intOrPtr* _t241;
				intOrPtr* _t242;
				intOrPtr* _t243;
				intOrPtr* _t245;
				intOrPtr* _t248;
				intOrPtr* _t254;
				intOrPtr* _t255;
				intOrPtr* _t259;
				intOrPtr* _t260;
				intOrPtr* _t261;
				intOrPtr* _t262;
				intOrPtr* _t267;
				intOrPtr* _t268;
				intOrPtr* _t269;
				intOrPtr* _t273;
				intOrPtr* _t274;
				intOrPtr* _t275;
				intOrPtr* _t276;
				intOrPtr* _t277;
				intOrPtr* _t278;
				intOrPtr* _t292;
				intOrPtr* _t294;
				intOrPtr* _t297;
				intOrPtr* _t299;
				intOrPtr* _t301;
				intOrPtr* _t303;
				long long* _t310;
				void* _t312;
				signed int* _t317;
				void* _t320;
				void* _t321;
				void* _t322;
				long long* _t324;
				signed int _t327;
				signed int _t329;

				_t329 = __r14;
				_t321 = __r10;
				_t320 = __r9;
				_t307 = __rsi;
				_t305 = __rdi;
				_t322 = _t312;
				_v56 = 0xfffffffe;
				 *((long long*)(_t322 + 8)) = __rbx;
				 *((long long*)(_t322 + 0x10)) = __rbp;
				 *((long long*)(_t322 + 0x18)) = __rsi;
				 *((long long*)(_t322 + 0x20)) = __rdi;
				 *((long long*)(_t322 - 8)) = __r12;
				 *((long long*)(_t322 - 0x10)) = __r13;
				 *((long long*)(_t322 - 0x18)) = __r14;
				_t324 = __rdx;
				_t310 = __rcx;
				r14d = 0;
				 *((long long*)(_t322 - 0x80)) = __r14;
				_v144 = __r14;
				_t231 =  *0x1b2918d8; // 0x0
				if( *((intOrPtr*)( *_t231 + 0xa8))() >= 0) {
					_t232 = _v144;
					__eflags = _t232;
					if(_t232 != 0) {
						 *((intOrPtr*)( *_t232 + 0x10))();
					}
					_v144 = _t329;
					_t128 =  *((intOrPtr*)( *_v128))();
					__eflags = _t128;
					if(_t128 >= 0) {
						_t227 = _v144;
						__eflags = _t227;
						if(_t227 == 0) {
							_t181 = 0x80004003;
							E1B257D80();
							_t227 = _v144;
						}
						_v80 = _t329;
						_t129 =  *((intOrPtr*)( *_t227 + 0x1c8))();
						__eflags = _t129;
						if(_t129 < 0) {
							_t181 = _t129;
							E1B257D90(_t129, _t227, _t227, _t305, _t307, 0x1b26e2b8);
						}
						_t327 = _v80;
						__eflags = _t327;
						if(_t327 != 0) {
							__imp__#17();
							__imp__#18();
							_v96 = r14d;
							_v136 = r14d;
							__imp__#19();
							__imp__#20();
							_t188 = _v96;
							__eflags = _t188 - _v136;
							if(_t188 > _v136) {
								L79:
								__imp__#38();
								__eflags =  *_t310;
								if( *_t310 == 0) {
									L86:
									_t240 = _v144;
									__eflags = _t240;
									if(_t240 != 0) {
										 *((intOrPtr*)( *_t240 + 0x10))();
									}
									_t241 = _v128;
									__eflags = _t241;
									if(_t241 != 0) {
										 *((intOrPtr*)( *_t241 + 0x10))();
									}
									_t130 = 0;
									__eflags = 0;
									goto L91;
								}
								__eflags =  *_t324;
								if( *_t324 == 0) {
									goto L86;
								}
								_t242 = _v144;
								__eflags = _t242;
								if(_t242 != 0) {
									 *((intOrPtr*)( *_t242 + 0x10))();
								}
								_t243 = _v128;
								__eflags = _t243;
								if(_t243 != 0) {
									 *((intOrPtr*)( *_t243 + 0x10))();
								}
								_t130 = 1;
								goto L91;
							}
							while(1) {
								_v104 = _t329;
								_v92 = _t188;
								__imp__#25();
								_v152 = _t329;
								_t245 = _v152;
								__eflags = _t245;
								if(_t245 != 0) {
									 *((intOrPtr*)( *_t245 + 0x10))();
								}
								_v152 = _t329;
								_t317 =  &_v152;
								 *((intOrPtr*)( *_v104))();
								_t199 =  *0x1b28fd00; // 0x1b27ac88
								 *((intOrPtr*)(_t199 + 0x18))();
								_v120 = _t199 + 0x18;
								_v88 = _t329;
								_t248 = _v152;
								__eflags = _t248;
								if(_t248 == 0) {
									_t181 = 0x80004003;
									E1B257D80();
									_t248 = _v152;
								}
								_t201 =  *_t248;
								 *((intOrPtr*)( *_t248 + 0x78))();
								E1B23CA20( *_t248, _t227,  &_v120, _v88, _t305, _t307, _t310, _t324, _t327);
								__imp__#6();
								E1B23C8D0(_t201, _t227,  &_v112,  &_v120, _t305, _t307, _t310);
								_t140 = E1B25AD30(_t181, _t201, _t227, _v112, "System.Web", _t305, _t307, _t317, _t324);
								_t140 = _t140 & 0xffffff00 | _t140 == 0x00000000;
								if((_t140 & 0xffffff00 | _t140 == 0x00000000) == 0) {
									goto L37;
								}
								_t227 =  *_t310;
								_t267 = _v152;
								__eflags = _t227 - _t267;
								if(_t227 != _t267) {
									 *_t310 = _t267;
									__eflags = _t267;
									if(_t267 != 0) {
										_t201 =  *_t267;
										 *((intOrPtr*)( *_t267 + 8))();
									}
									__eflags = _t227;
									if(_t227 != 0) {
										_t201 =  *_t227;
										 *((intOrPtr*)( *_t227 + 0x10))();
									}
								}
								__eflags =  *_t324;
								if( *_t324 != 0) {
									_t301 = _v112 + 0xffffffe8;
									asm("lock xadd [edx+0x10], eax");
									__eflags = 0x1fffffffe;
									if(0x1fffffffe <= 0) {
										 *((intOrPtr*)( *((intOrPtr*)( *_t301)) + 8))();
									}
									_t303 = _v120 + 0xffffffe8;
									asm("lock xadd [edx+0x10], edi");
									__eflags = 0x1fffffffe;
									if(0x1fffffffe <= 0) {
										 *((intOrPtr*)( *((intOrPtr*)( *_t303)) + 8))();
									}
									_t268 = _v152;
									__eflags = _t268;
									if(_t268 != 0) {
										 *((intOrPtr*)( *_t268 + 0x10))();
									}
									_t269 = _v104;
									__eflags = _t269;
									if(_t269 != 0) {
										 *((intOrPtr*)( *_t269 + 0x10))();
									}
									goto L79;
								}
								L37:
								_t253 = _v112;
								_t142 = E1B25AD30(_t181, _t201, _t227, _v112, "mscorlib", _t305, _t307, _t317, _t324);
								__eflags = _t142;
								__eflags = _t142 & 0xffffff00 | _t142 == 0x00000000;
								if(__eflags == 0) {
									L53:
									_t292 = _v112 + 0xffffffe8;
									asm("lock xadd [edx+0x10], eax");
									__eflags = 0x1fffffffe;
									if(0x1fffffffe <= 0) {
										 *((intOrPtr*)( *((intOrPtr*)( *_t292)) + 8))();
									}
									_t294 = _v120 + 0xffffffe8;
									asm("lock xadd [edx+0x10], eax");
									__eflags = 0x1fffffffe;
									if(0x1fffffffe <= 0) {
										 *((intOrPtr*)( *((intOrPtr*)( *_t294)) + 8))();
									}
									_t254 = _v152;
									__eflags = _t254;
									if(_t254 != 0) {
										 *((intOrPtr*)( *_t254 + 0x10))();
									}
									_t255 = _v104;
									__eflags = _t255;
									if(_t255 != 0) {
										 *((intOrPtr*)( *_t255 + 0x10))();
									}
									_t188 = _t188 + 1;
									__eflags = _t188 - _v136;
									if(_t188 > _v136) {
										goto L79;
									} else {
										continue;
									}
								}
								_t207 =  &_v72;
								_v48 = _t207;
								_t181 = 0x18;
								E1B2595E0(0x18, 1, _t188, __eflags, _t207, _t253, _t305, _t307, _t317, _t320);
								_t229 = _t207;
								_v40 = _t207;
								__eflags = _t207;
								if(_t207 == 0) {
									_t229 = _t329;
								} else {
									 *(_t207 + 8) = _t329;
									 *((intOrPtr*)(_t207 + 0x10)) = 1;
									E1B257E40(0x18, 1, 0xffffffff, _t188, _t229, "System.String", "mscorlib", _t305, _t307, _t317, _t320, _t321, _t322, _t324);
									 *_t229 = _t207;
								}
								_v72 = _t229;
								__eflags = _t229;
								if(_t229 == 0) {
									_t181 = 0x8007000e;
									E1B257D80();
								}
								_t258 = _v152;
								__eflags = _v152;
								if(_v152 == 0) {
									_t181 = 0x80004003;
									E1B257D80();
									_t258 = _v152;
								}
								E1B23C790(1, 0xffffffff, _t229, _t258,  &_v64, _t305, _t307,  &_v72);
								_t259 =  *_t207;
								_t227 =  *_t324;
								__eflags = _t227 - _t259;
								if(_t227 != _t259) {
									 *_t324 = _t259;
									__eflags = _t259;
									if(_t259 != 0) {
										 *((intOrPtr*)( *_t259 + 8))();
									}
									__eflags = _t227;
									if(_t227 != 0) {
										 *((intOrPtr*)( *_t227 + 0x10))();
									}
								}
								_t260 = _v64;
								__eflags = _t260;
								if(_t260 != 0) {
									 *((intOrPtr*)( *_t260 + 0x10))();
								}
								__eflags =  *_t310;
								if( *_t310 != 0) {
									_t297 = _v112 + 0xffffffe8;
									asm("lock xadd [edx+0x10], eax");
									__eflags = 0x1fffffffe;
									if(0x1fffffffe <= 0) {
										 *((intOrPtr*)( *((intOrPtr*)( *_t297)) + 8))();
									}
									_t299 = _v120 + 0xffffffe8;
									asm("lock xadd [edx+0x10], edi");
									__eflags = 0x1fffffffe;
									if(0x1fffffffe <= 0) {
										 *((intOrPtr*)( *((intOrPtr*)( *_t299)) + 8))();
									}
									_t261 = _v152;
									__eflags = _t261;
									if(_t261 != 0) {
										 *((intOrPtr*)( *_t261 + 0x10))();
									}
									_t262 = _v104;
									__eflags = _t262;
									if(_t262 != 0) {
										 *((intOrPtr*)( *_t262 + 0x10))();
									}
									goto L79;
								} else {
									goto L53;
								}
							}
						} else {
							_t273 = _v144;
							__eflags = _t273;
							if(_t273 != 0) {
								 *((intOrPtr*)( *_t273 + 0x10))();
							}
							_t274 = _v128;
							__eflags = _t274;
							if(_t274 != 0) {
								 *((intOrPtr*)( *_t274 + 0x10))();
							}
							_t130 = 0;
							goto L91;
						}
					} else {
						_t275 = _v144;
						__eflags = _t275;
						if(_t275 != 0) {
							 *((intOrPtr*)( *_t275 + 0x10))();
						}
						_t276 = _v128;
						__eflags = _t276;
						if(_t276 != 0) {
							 *((intOrPtr*)( *_t276 + 0x10))();
						}
						_t130 = 0;
						goto L91;
					}
				} else {
					_t277 = _v144;
					if(_t277 != 0) {
						 *((intOrPtr*)( *_t277 + 0x10))();
					}
					_t278 = _v128;
					if(_t278 != 0) {
						 *((intOrPtr*)( *_t278 + 0x10))();
					}
					_t130 = 0;
					L91:
					return _t130;
				}
			}






































































                                                                                                                                  0x1b23cb80
                                                                                                                                  0x1b23cb80
                                                                                                                                  0x1b23cb80
                                                                                                                                  0x1b23cb80
                                                                                                                                  0x1b23cb80
                                                                                                                                  0x1b23cb80
                                                                                                                                  0x1b23cb8a
                                                                                                                                  0x1b23cb96
                                                                                                                                  0x1b23cb9a
                                                                                                                                  0x1b23cb9e
                                                                                                                                  0x1b23cba2
                                                                                                                                  0x1b23cba6
                                                                                                                                  0x1b23cbaa
                                                                                                                                  0x1b23cbae
                                                                                                                                  0x1b23cbb2
                                                                                                                                  0x1b23cbb5
                                                                                                                                  0x1b23cbb8
                                                                                                                                  0x1b23cbbb
                                                                                                                                  0x1b23cbbf
                                                                                                                                  0x1b23cbc4
                                                                                                                                  0x1b23cbda
                                                                                                                                  0x1b23cc04
                                                                                                                                  0x1b23cc09
                                                                                                                                  0x1b23cc0c
                                                                                                                                  0x1b23cc11
                                                                                                                                  0x1b23cc11
                                                                                                                                  0x1b23cc14
                                                                                                                                  0x1b23cc2d
                                                                                                                                  0x1b23cc2f
                                                                                                                                  0x1b23cc31
                                                                                                                                  0x1b23cc5b
                                                                                                                                  0x1b23cc60
                                                                                                                                  0x1b23cc63
                                                                                                                                  0x1b23cc65
                                                                                                                                  0x1b23cc6a
                                                                                                                                  0x1b23cc6f
                                                                                                                                  0x1b23cc6f
                                                                                                                                  0x1b23cc74
                                                                                                                                  0x1b23cc84
                                                                                                                                  0x1b23cc8a
                                                                                                                                  0x1b23cc8c
                                                                                                                                  0x1b23cc98
                                                                                                                                  0x1b23cc9a
                                                                                                                                  0x1b23cc9a
                                                                                                                                  0x1b23cc9f
                                                                                                                                  0x1b23cca4
                                                                                                                                  0x1b23cca7
                                                                                                                                  0x1b23ccd4
                                                                                                                                  0x1b23ccdd
                                                                                                                                  0x1b23cce3
                                                                                                                                  0x1b23cce8
                                                                                                                                  0x1b23ccfa
                                                                                                                                  0x1b23cd0d
                                                                                                                                  0x1b23cd13
                                                                                                                                  0x1b23cd17
                                                                                                                                  0x1b23cd1b
                                                                                                                                  0x1b23d059
                                                                                                                                  0x1b23d05c
                                                                                                                                  0x1b23d062
                                                                                                                                  0x1b23d067
                                                                                                                                  0x1b23d098
                                                                                                                                  0x1b23d098
                                                                                                                                  0x1b23d09d
                                                                                                                                  0x1b23d0a0
                                                                                                                                  0x1b23d0a5
                                                                                                                                  0x1b23d0a5
                                                                                                                                  0x1b23d0a9
                                                                                                                                  0x1b23d0ae
                                                                                                                                  0x1b23d0b1
                                                                                                                                  0x1b23d0b6
                                                                                                                                  0x1b23d0b6
                                                                                                                                  0x1b23d0b9
                                                                                                                                  0x1b23d0b9
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23d0b9
                                                                                                                                  0x1b23d069
                                                                                                                                  0x1b23d06e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23d070
                                                                                                                                  0x1b23d075
                                                                                                                                  0x1b23d078
                                                                                                                                  0x1b23d07d
                                                                                                                                  0x1b23d07d
                                                                                                                                  0x1b23d081
                                                                                                                                  0x1b23d086
                                                                                                                                  0x1b23d089
                                                                                                                                  0x1b23d08e
                                                                                                                                  0x1b23d08e
                                                                                                                                  0x1b23d091
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23d091
                                                                                                                                  0x1b23cd30
                                                                                                                                  0x1b23cd30
                                                                                                                                  0x1b23cd35
                                                                                                                                  0x1b23cd46
                                                                                                                                  0x1b23cd4c
                                                                                                                                  0x1b23cd51
                                                                                                                                  0x1b23cd56
                                                                                                                                  0x1b23cd59
                                                                                                                                  0x1b23cd5e
                                                                                                                                  0x1b23cd5e
                                                                                                                                  0x1b23cd61
                                                                                                                                  0x1b23cd6e
                                                                                                                                  0x1b23cd7a
                                                                                                                                  0x1b23cd83
                                                                                                                                  0x1b23cd8a
                                                                                                                                  0x1b23cd91
                                                                                                                                  0x1b23cd96
                                                                                                                                  0x1b23cd9b
                                                                                                                                  0x1b23cda0
                                                                                                                                  0x1b23cda3
                                                                                                                                  0x1b23cda5
                                                                                                                                  0x1b23cdaa
                                                                                                                                  0x1b23cdaf
                                                                                                                                  0x1b23cdaf
                                                                                                                                  0x1b23cdb4
                                                                                                                                  0x1b23cdbc
                                                                                                                                  0x1b23cdc9
                                                                                                                                  0x1b23cdd3
                                                                                                                                  0x1b23cde3
                                                                                                                                  0x1b23cdf5
                                                                                                                                  0x1b23cdff
                                                                                                                                  0x1b23ce01
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23ce03
                                                                                                                                  0x1b23ce07
                                                                                                                                  0x1b23ce0c
                                                                                                                                  0x1b23ce0f
                                                                                                                                  0x1b23ce11
                                                                                                                                  0x1b23ce15
                                                                                                                                  0x1b23ce18
                                                                                                                                  0x1b23ce1a
                                                                                                                                  0x1b23ce1d
                                                                                                                                  0x1b23ce1d
                                                                                                                                  0x1b23ce20
                                                                                                                                  0x1b23ce23
                                                                                                                                  0x1b23ce25
                                                                                                                                  0x1b23ce2b
                                                                                                                                  0x1b23ce2b
                                                                                                                                  0x1b23ce23
                                                                                                                                  0x1b23ce2e
                                                                                                                                  0x1b23ce33
                                                                                                                                  0x1b23cf9a
                                                                                                                                  0x1b23cfa0
                                                                                                                                  0x1b23cfa8
                                                                                                                                  0x1b23cfaa
                                                                                                                                  0x1b23cfb2
                                                                                                                                  0x1b23cfb2
                                                                                                                                  0x1b23cfbb
                                                                                                                                  0x1b23cfbf
                                                                                                                                  0x1b23cfc7
                                                                                                                                  0x1b23cfc9
                                                                                                                                  0x1b23cfd1
                                                                                                                                  0x1b23cfd1
                                                                                                                                  0x1b23cfd5
                                                                                                                                  0x1b23cfda
                                                                                                                                  0x1b23cfdd
                                                                                                                                  0x1b23cfe2
                                                                                                                                  0x1b23cfe2
                                                                                                                                  0x1b23cfe6
                                                                                                                                  0x1b23cfeb
                                                                                                                                  0x1b23cfee
                                                                                                                                  0x1b23cff3
                                                                                                                                  0x1b23cff3
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23cfee
                                                                                                                                  0x1b23ce39
                                                                                                                                  0x1b23ce40
                                                                                                                                  0x1b23ce45
                                                                                                                                  0x1b23ce4a
                                                                                                                                  0x1b23ce4f
                                                                                                                                  0x1b23ce51
                                                                                                                                  0x1b23cf20
                                                                                                                                  0x1b23cf25
                                                                                                                                  0x1b23cf2b
                                                                                                                                  0x1b23cf33
                                                                                                                                  0x1b23cf35
                                                                                                                                  0x1b23cf3d
                                                                                                                                  0x1b23cf3d
                                                                                                                                  0x1b23cf46
                                                                                                                                  0x1b23cf4c
                                                                                                                                  0x1b23cf54
                                                                                                                                  0x1b23cf56
                                                                                                                                  0x1b23cf5e
                                                                                                                                  0x1b23cf5e
                                                                                                                                  0x1b23cf62
                                                                                                                                  0x1b23cf67
                                                                                                                                  0x1b23cf6a
                                                                                                                                  0x1b23cf6f
                                                                                                                                  0x1b23cf6f
                                                                                                                                  0x1b23cf73
                                                                                                                                  0x1b23cf78
                                                                                                                                  0x1b23cf7b
                                                                                                                                  0x1b23cf80
                                                                                                                                  0x1b23cf80
                                                                                                                                  0x1b23cf83
                                                                                                                                  0x1b23cf86
                                                                                                                                  0x1b23cf8a
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23cf90
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23cf90
                                                                                                                                  0x1b23cf8a
                                                                                                                                  0x1b23ce57
                                                                                                                                  0x1b23ce5c
                                                                                                                                  0x1b23ce64
                                                                                                                                  0x1b23ce69
                                                                                                                                  0x1b23ce6e
                                                                                                                                  0x1b23ce71
                                                                                                                                  0x1b23ce79
                                                                                                                                  0x1b23ce7c
                                                                                                                                  0x1b23ce9a
                                                                                                                                  0x1b23ce7e
                                                                                                                                  0x1b23ce7e
                                                                                                                                  0x1b23ce82
                                                                                                                                  0x1b23ce90
                                                                                                                                  0x1b23ce95
                                                                                                                                  0x1b23ce95
                                                                                                                                  0x1b23ce9d
                                                                                                                                  0x1b23cea2
                                                                                                                                  0x1b23cea5
                                                                                                                                  0x1b23cea7
                                                                                                                                  0x1b23ceac
                                                                                                                                  0x1b23ceac
                                                                                                                                  0x1b23ceb2
                                                                                                                                  0x1b23ceb7
                                                                                                                                  0x1b23ceba
                                                                                                                                  0x1b23cebc
                                                                                                                                  0x1b23cec1
                                                                                                                                  0x1b23cec6
                                                                                                                                  0x1b23cec6
                                                                                                                                  0x1b23ced5
                                                                                                                                  0x1b23cedb
                                                                                                                                  0x1b23cede
                                                                                                                                  0x1b23cee2
                                                                                                                                  0x1b23cee5
                                                                                                                                  0x1b23cee7
                                                                                                                                  0x1b23ceeb
                                                                                                                                  0x1b23ceee
                                                                                                                                  0x1b23cef3
                                                                                                                                  0x1b23cef3
                                                                                                                                  0x1b23cef6
                                                                                                                                  0x1b23cef9
                                                                                                                                  0x1b23cf01
                                                                                                                                  0x1b23cf01
                                                                                                                                  0x1b23cef9
                                                                                                                                  0x1b23cf05
                                                                                                                                  0x1b23cf0a
                                                                                                                                  0x1b23cf0d
                                                                                                                                  0x1b23cf12
                                                                                                                                  0x1b23cf12
                                                                                                                                  0x1b23cf15
                                                                                                                                  0x1b23cf1a
                                                                                                                                  0x1b23cffd
                                                                                                                                  0x1b23d003
                                                                                                                                  0x1b23d00b
                                                                                                                                  0x1b23d00d
                                                                                                                                  0x1b23d015
                                                                                                                                  0x1b23d015
                                                                                                                                  0x1b23d01e
                                                                                                                                  0x1b23d022
                                                                                                                                  0x1b23d02a
                                                                                                                                  0x1b23d02c
                                                                                                                                  0x1b23d034
                                                                                                                                  0x1b23d034
                                                                                                                                  0x1b23d038
                                                                                                                                  0x1b23d03d
                                                                                                                                  0x1b23d040
                                                                                                                                  0x1b23d045
                                                                                                                                  0x1b23d045
                                                                                                                                  0x1b23d049
                                                                                                                                  0x1b23d04e
                                                                                                                                  0x1b23d051
                                                                                                                                  0x1b23d056
                                                                                                                                  0x1b23d056
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23cf1a
                                                                                                                                  0x1b23cca9
                                                                                                                                  0x1b23cca9
                                                                                                                                  0x1b23ccae
                                                                                                                                  0x1b23ccb1
                                                                                                                                  0x1b23ccb6
                                                                                                                                  0x1b23ccb6
                                                                                                                                  0x1b23ccba
                                                                                                                                  0x1b23ccbf
                                                                                                                                  0x1b23ccc2
                                                                                                                                  0x1b23ccc7
                                                                                                                                  0x1b23ccc7
                                                                                                                                  0x1b23ccca
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23ccca
                                                                                                                                  0x1b23cc33
                                                                                                                                  0x1b23cc33
                                                                                                                                  0x1b23cc38
                                                                                                                                  0x1b23cc3b
                                                                                                                                  0x1b23cc40
                                                                                                                                  0x1b23cc40
                                                                                                                                  0x1b23cc44
                                                                                                                                  0x1b23cc49
                                                                                                                                  0x1b23cc4c
                                                                                                                                  0x1b23cc51
                                                                                                                                  0x1b23cc51
                                                                                                                                  0x1b23cc54
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23cc54
                                                                                                                                  0x1b23cbdc
                                                                                                                                  0x1b23cbdc
                                                                                                                                  0x1b23cbe4
                                                                                                                                  0x1b23cbe9
                                                                                                                                  0x1b23cbe9
                                                                                                                                  0x1b23cbed
                                                                                                                                  0x1b23cbf5
                                                                                                                                  0x1b23cbfa
                                                                                                                                  0x1b23cbfa
                                                                                                                                  0x1b23cbfd
                                                                                                                                  0x1b23d0bb
                                                                                                                                  0x1b23d0fa
                                                                                                                                  0x1b23d0fa

                                                                                                                                  APIs
                                                                                                                                  • SafeArrayGetDim.OLEAUT32 ref: 1B23CCD4
                                                                                                                                  • SafeArrayGetElemsize.OLEAUT32 ref: 1B23CCDD
                                                                                                                                  • SafeArrayGetUBound.OLEAUT32 ref: 1B23CCFA
                                                                                                                                  • SafeArrayGetLBound.OLEAUT32 ref: 1B23CD0D
                                                                                                                                  • SafeArrayGetElement.OLEAUT32 ref: 1B23CD46
                                                                                                                                  • SysFreeString.OLEAUT32 ref: 1B23CDD3
                                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32 ref: 1B23D05C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ArraySafe$Bound$DescriptorDestroyElementElemsizeFreeString
                                                                                                                                  • String ID: System.String$System.Web$mscorlib
                                                                                                                                  • API String ID: 1919105173-3868963884
                                                                                                                                  • Opcode ID: 30a9c919bce659b4fc1fe2fa649d52d20784219bab53a8a60403ad78c770810f
                                                                                                                                  • Instruction ID: 789e0108c88ad8d13d9a0e2fd0ebf185bc25910ee5f7c4ba93b7583ac0c7bf8d
                                                                                                                                  • Opcode Fuzzy Hash: 30a9c919bce659b4fc1fe2fa649d52d20784219bab53a8a60403ad78c770810f
                                                                                                                                  • Instruction Fuzzy Hash: 46F127B6305B4582DE04DF2AE49039E7360FB89FA5F158626DAAE47BB4CF39C449C700
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B233CA0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 61libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 26%
                                                                                                                                  			E1B233CA0(void* __r8) {
				signed int _v24;
				char _v548;
				signed short _v550;
				char _v552;
				intOrPtr _v568;
				_Unknown_base(*)()* _t17;
				signed int _t21;
				void* _t23;
				signed long long _t34;
				signed long long _t35;
				intOrPtr _t36;
				intOrPtr _t37;
				intOrPtr _t38;
				signed long long _t39;
				signed long long _t50;
				void* _t51;

				_t51 = __r8;
				_t34 =  *0x1b28fd98; // 0x6f0cc7c64fc9
				_t35 = _t34 ^ _t50;
				_v24 = _t35;
				GetModuleHandleA(??);
				if(_t35 == 0) {
					L2:
					GetModuleHandleA();
					if(_t35 != 0) {
						_t17 = GetProcAddress();
						_t39 = _t35;
						if(_t35 != 0) {
							r8d = 0x20a;
							E1B258FC0(_t17, _t23, 0,  &_v552, "GetCORVersion", _t51);
							_v568 = 0;
							 *_t39();
							GetModuleHandleA(??);
							if(_t35 == 0) {
								_t36 =  *0x1b291a28; // 0x1b490cd0
								 *((intOrPtr*)(_t36 + 0xc8)) = 4;
							} else {
								_t21 = _v550 & 0x0000ffff;
								if(_t21 != 0x31) {
									if(_t21 == 0x32 && _v548 == 0x2e) {
										_t37 =  *0x1b291a28; // 0x1b490cd0
										 *((intOrPtr*)(_t37 + 0xc8)) = 2;
									}
								} else {
									if(_v548 == 0x2e) {
										_t38 =  *0x1b291a28; // 0x1b490cd0
										 *((intOrPtr*)(_t38 + 0xc8)) = 1;
									}
								}
							}
						}
					}
					L12:
					return E1B258680(_t23, _v24 ^ _t50);
				}
				_t35 =  *0x1b291a28; // 0x1b490cd0
				 *((intOrPtr*)(_t35 + 0xc8)) = 4;
				GetModuleHandleA(??);
				if(_t35 == 0) {
					goto L12;
				}
				goto L2;
			}



















                                                                                                                                  0x1b233ca0
                                                                                                                                  0x1b233ca9
                                                                                                                                  0x1b233cb0
                                                                                                                                  0x1b233cb3
                                                                                                                                  0x1b233cc2
                                                                                                                                  0x1b233ccb
                                                                                                                                  0x1b233cf4
                                                                                                                                  0x1b233cfb
                                                                                                                                  0x1b233d04
                                                                                                                                  0x1b233d14
                                                                                                                                  0x1b233d1d
                                                                                                                                  0x1b233d20
                                                                                                                                  0x1b233d2d
                                                                                                                                  0x1b233d33
                                                                                                                                  0x1b233d47
                                                                                                                                  0x1b233d4f
                                                                                                                                  0x1b233d58
                                                                                                                                  0x1b233d61
                                                                                                                                  0x1b233da4
                                                                                                                                  0x1b233dab
                                                                                                                                  0x1b233d63
                                                                                                                                  0x1b233d63
                                                                                                                                  0x1b233d6a
                                                                                                                                  0x1b233d88
                                                                                                                                  0x1b233d91
                                                                                                                                  0x1b233d98
                                                                                                                                  0x1b233d98
                                                                                                                                  0x1b233d6c
                                                                                                                                  0x1b233d71
                                                                                                                                  0x1b233d73
                                                                                                                                  0x1b233d7a
                                                                                                                                  0x1b233d7a
                                                                                                                                  0x1b233d71
                                                                                                                                  0x1b233d6a
                                                                                                                                  0x1b233d61
                                                                                                                                  0x1b233d20
                                                                                                                                  0x1b233db5
                                                                                                                                  0x1b233dcd
                                                                                                                                  0x1b233dcd
                                                                                                                                  0x1b233ccd
                                                                                                                                  0x1b233cdb
                                                                                                                                  0x1b233ce5
                                                                                                                                  0x1b233cee
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HandleModule$AddressProc
                                                                                                                                  • String ID: .$GetCORVersion$clr.dll$mscoree.dll$mscorwks.dll
                                                                                                                                  • API String ID: 1883125708-1927550594
                                                                                                                                  • Opcode ID: 765a5ce213430d634c57d850b90656b4cebc7325085d36b5a78b877fcc8bd2b9
                                                                                                                                  • Instruction ID: 5d470153142967dd083919a193477de7c49f562ad75679ab15d06917a8fcb857
                                                                                                                                  • Opcode Fuzzy Hash: 765a5ce213430d634c57d850b90656b4cebc7325085d36b5a78b877fcc8bd2b9
                                                                                                                                  • Instruction Fuzzy Hash: C1216BB4A1AA8981EF54CF11E8C47E533A1EB8CB66F640019DA4D067A8DF7CC5CDCB00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B23B3B0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 93registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  • .DEFAULT\Software\ZiYuXuan\DNGuardHVM, xrefs: 1B23B3F8
                                                                                                                                  • Software\ZiYuXuan\DNGuardHVM\Setting, xrefs: 1B23B44A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreate$wsprintf
                                                                                                                                  • String ID: .DEFAULT\Software\ZiYuXuan\DNGuardHVM$Software\ZiYuXuan\DNGuardHVM\Setting
                                                                                                                                  • API String ID: 3037170965-833141424
                                                                                                                                  • Opcode ID: 617116c256a50ab02db9b59a3dba92bea1b8cfe54f19a73e79cad6aea12dac26
                                                                                                                                  • Instruction ID: d3bf549d707ba1ba238fec9194d50e962f77c17cee45e8b19a54145476b17cb4
                                                                                                                                  • Opcode Fuzzy Hash: 617116c256a50ab02db9b59a3dba92bea1b8cfe54f19a73e79cad6aea12dac26
                                                                                                                                  • Instruction Fuzzy Hash: 63410C76618F9582EB519F51F89478AB3A8F788B94F500115EB8D43B68DF7CC159CB00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B264900 Relevance: 15.1, APIs: 10, Instructions: 132COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 27%
                                                                                                                                  			E1B264900(void* __ebx, intOrPtr __ebp, long long __rax, long long __rbx, long long __rdi, long long __rsi, long long __rbp, long long __r12, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v8;
				long long _v16;
				long long _v24;
				intOrPtr _v32;
				long long _v40;
				intOrPtr _t27;
				CHAR* _t28;
				int _t37;
				int _t39;
				void* _t45;
				void* _t46;
				intOrPtr _t51;
				long long _t60;
				long long _t64;
				short* _t67;
				signed long long _t69;
				short* _t84;
				long long _t91;
				long long _t92;
				int _t93;
				long long _t98;

				_t98 = __r12;
				_t92 = __rbp;
				_t86 = __rsi;
				_t80 = __rdi;
				_t60 = __rax;
				_t51 = __ebp;
				_t45 = __ebx;
				_t27 =  *0x1b293998; // 0x1
				_a8 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				if(_t27 != 0) {
					L6:
					if(_t27 != 1) {
						if(_t27 == 2 || _t27 == 0) {
							goto L21;
						} else {
							goto L28;
						}
					} else {
						GetEnvironmentStringsW();
						_t84 = _t60;
						if(_t60 == 0) {
							goto L28;
						} else {
							goto L8;
						}
					}
				} else {
					GetEnvironmentStringsW();
					_t80 = __rax;
					if(__rax == 0) {
						if(GetLastError() != 0x78) {
							_t27 =  *0x1b293998; // 0x1
							goto L6;
						} else {
							 *0x1b293998 = 2;
							L21:
							_t28 = GetEnvironmentStrings();
							_t64 = _t60;
							if(_t60 == 0) {
								L28:
								return 0;
							} else {
								if( *_t60 != 0) {
									goto L24;
									do {
										do {
											L24:
											_t60 = _t60 + 1;
										} while ( *_t60 != 0);
										_t60 = _t60 + 1;
									} while ( *_t60 != 0);
								}
								_t88 = _t28 - _t45 + 1;
								E1B2610B0(_t46, _t60, _t64, _t28 - _t45 + 1, _t80, _t28 - _t45 + 1, _t92);
								if(_t60 != 0) {
									E1B25A420(_t46, _t60, _t64, _t88);
									return FreeEnvironmentStringsA(??);
								} else {
									FreeEnvironmentStringsA();
									goto L28;
								}
							}
						}
					} else {
						 *0x1b293998 = 1;
						L8:
						_t67 = _t84;
						if( *_t84 != 0) {
							goto L10;
							do {
								do {
									L10:
									_t67 = _t67 + 2;
								} while ( *_t67 != 0);
								_t67 = _t67 + 2;
							} while ( *_t67 != 0);
						}
						_a16 = _t92;
						_v8 = _t98;
						r12d = 0;
						_t69 = _t67 - _t84 >> 1;
						_v16 = _t98;
						_v24 = _t98;
						_t8 = _t69 + 1; // 0x1
						r9d = _t8;
						_v32 = r12d;
						_v40 = _t98;
						_t37 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
						_t93 = _t37;
						if(_t37 == 0) {
							L18:
							FreeEnvironmentStringsW();
							_t39 = 0;
						} else {
							E1B2610B0(0, _t60, _t69, _t93, _t84, _t86, _t93);
							_t91 = _t60;
							if(_t60 == 0) {
								goto L18;
							} else {
								_v16 = _t98;
								_v24 = _t98;
								_t13 = _t69 + 1; // 0x1
								r9d = _t13;
								_v32 = _t51;
								_v40 = _t60;
								if(WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??) == 0) {
									E1B25A880(_t60, _t91);
									_t91 = _t98;
								}
								_t39 = FreeEnvironmentStringsW();
							}
						}
						return _t39;
					}
				}
			}
























                                                                                                                                  0x1b264900
                                                                                                                                  0x1b264900
                                                                                                                                  0x1b264900
                                                                                                                                  0x1b264900
                                                                                                                                  0x1b264900
                                                                                                                                  0x1b264900
                                                                                                                                  0x1b264900
                                                                                                                                  0x1b264904
                                                                                                                                  0x1b26490a
                                                                                                                                  0x1b26490f
                                                                                                                                  0x1b264916
                                                                                                                                  0x1b26491b
                                                                                                                                  0x1b264957
                                                                                                                                  0x1b26495a
                                                                                                                                  0x1b264a50
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b264960
                                                                                                                                  0x1b264960
                                                                                                                                  0x1b264969
                                                                                                                                  0x1b26496c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b26496c
                                                                                                                                  0x1b26491d
                                                                                                                                  0x1b26491d
                                                                                                                                  0x1b264926
                                                                                                                                  0x1b264929
                                                                                                                                  0x1b264940
                                                                                                                                  0x1b264951
                                                                                                                                  0x00000000
                                                                                                                                  0x1b264942
                                                                                                                                  0x1b264942
                                                                                                                                  0x1b264a56
                                                                                                                                  0x1b264a56
                                                                                                                                  0x1b264a5f
                                                                                                                                  0x1b264a62
                                                                                                                                  0x1b264aa3
                                                                                                                                  0x1b264ab8
                                                                                                                                  0x1b264a64
                                                                                                                                  0x1b264a67
                                                                                                                                  0x00000000
                                                                                                                                  0x1b264a70
                                                                                                                                  0x1b264a70
                                                                                                                                  0x1b264a70
                                                                                                                                  0x1b264a70
                                                                                                                                  0x1b264a74
                                                                                                                                  0x1b264a79
                                                                                                                                  0x1b264a7d
                                                                                                                                  0x1b264a70
                                                                                                                                  0x1b264a87
                                                                                                                                  0x1b264a8d
                                                                                                                                  0x1b264a98
                                                                                                                                  0x1b264ac2
                                                                                                                                  0x1b264ae6
                                                                                                                                  0x1b264a9a
                                                                                                                                  0x1b264a9d
                                                                                                                                  0x00000000
                                                                                                                                  0x1b264a9d
                                                                                                                                  0x1b264a98
                                                                                                                                  0x1b264a62
                                                                                                                                  0x1b26492b
                                                                                                                                  0x1b26492b
                                                                                                                                  0x1b264972
                                                                                                                                  0x1b264976
                                                                                                                                  0x1b264979
                                                                                                                                  0x00000000
                                                                                                                                  0x1b264980
                                                                                                                                  0x1b264980
                                                                                                                                  0x1b264980
                                                                                                                                  0x1b264980
                                                                                                                                  0x1b264984
                                                                                                                                  0x1b26498a
                                                                                                                                  0x1b26498e
                                                                                                                                  0x1b264980
                                                                                                                                  0x1b264997
                                                                                                                                  0x1b26499c
                                                                                                                                  0x1b2649a1
                                                                                                                                  0x1b2649a4
                                                                                                                                  0x1b2649aa
                                                                                                                                  0x1b2649af
                                                                                                                                  0x1b2649b4
                                                                                                                                  0x1b2649b4
                                                                                                                                  0x1b2649bc
                                                                                                                                  0x1b2649c1
                                                                                                                                  0x1b2649c6
                                                                                                                                  0x1b2649ce
                                                                                                                                  0x1b2649d1
                                                                                                                                  0x1b264a40
                                                                                                                                  0x1b264a43
                                                                                                                                  0x1b264a49
                                                                                                                                  0x1b2649d3
                                                                                                                                  0x1b2649d6
                                                                                                                                  0x1b2649de
                                                                                                                                  0x1b2649e1
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2649e3
                                                                                                                                  0x1b2649e3
                                                                                                                                  0x1b2649e8
                                                                                                                                  0x1b2649ed
                                                                                                                                  0x1b2649ed
                                                                                                                                  0x1b2649f8
                                                                                                                                  0x1b2649fc
                                                                                                                                  0x1b264a09
                                                                                                                                  0x1b264a0e
                                                                                                                                  0x1b264a13
                                                                                                                                  0x1b264a13
                                                                                                                                  0x1b264a19
                                                                                                                                  0x1b264a1f
                                                                                                                                  0x1b2649e1
                                                                                                                                  0x1b264a3f
                                                                                                                                  0x1b264a3f
                                                                                                                                  0x1b264929

                                                                                                                                  APIs
                                                                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,?,1B25B738), ref: 1B26491D
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,1B25B738), ref: 1B264937
                                                                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,?,1B25B738), ref: 1B264960
                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,1B25B738), ref: 1B2649C6
                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,1B25B738), ref: 1B264A01
                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,?,1B25B738), ref: 1B264A19
                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,?,1B25B738), ref: 1B264A43
                                                                                                                                  • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,?,?,1B25B738), ref: 1B264A56
                                                                                                                                  • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,?,?,?,1B25B738), ref: 1B264A9D
                                                                                                                                  • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,?,?,?,1B25B738), ref: 1B264ACA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnvironmentStrings$Free$ByteCharMultiWide$ErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4109468225-0
                                                                                                                                  • Opcode ID: 5b7c39bed2e29303773a23a73ef51dd8084b7fa552a222f6b6f310bb7bb46d57
                                                                                                                                  • Instruction ID: 7cb797e49d26acefc1e3198f7a37f3fef6f35e3fa65afafc8c37746c70630558
                                                                                                                                  • Opcode Fuzzy Hash: 5b7c39bed2e29303773a23a73ef51dd8084b7fa552a222f6b6f310bb7bb46d57
                                                                                                                                  • Instruction Fuzzy Hash: 6041A231A0978586EB008F12B9943DAB3A6F789BD4F585015DEDE83B98DB7CD4C9C704
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B257E40 Relevance: 15.1, APIs: 10, Instructions: 116stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 25%
                                                                                                                                  			E1B257E40(long __ecx, void* __edx, intOrPtr __edi, void* __esi, signed long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9, void* __r10, void* __r11, long long __r12) {
				int _t24;
				long _t32;
				long _t40;
				long _t44;
				intOrPtr _t49;
				signed long long _t53;
				signed long long _t54;
				void* _t57;
				signed long long _t59;
				signed long long _t69;
				signed long long _t70;
				int _t73;
				signed long long _t77;
				signed long long _t80;
				void* _t82;
				void* _t83;
				void* _t89;
				void* _t90;

				_t90 = __r11;
				_t89 = __r10;
				_t49 = __edi;
				_t44 = __ecx;
				 *((long long*)(_t82 + 8)) = __rcx;
				_t83 = _t82 - 0x60;
				_t80 = _t83 + 0x30;
				 *((long long*)(_t80 + 0x48)) = __rbx;
				 *((long long*)(_t80 + 0x50)) = __rsi;
				 *((long long*)(_t80 + 0x58)) = __rdi;
				 *((long long*)(_t80 + 0x28)) = __r12;
				_t53 =  *0x1b28fd98; // 0x6f0cc7c64fc9
				_t54 = _t53 ^ _t80;
				 *(_t80 + 0x10) = _t54;
				if(__rcx != 0) {
					lstrlenA();
					_t8 = _t54 + 1; // 0x1
					r12d = _t8;
					 *((intOrPtr*)(_t80 + 4)) = r12d;
					 *((intOrPtr*)(_t83 + 0x28)) = 0;
					 *(_t83 + 0x20) = __rbx;
					r9d = r12d;
					_t24 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
					_t73 = _t24;
					 *_t80 = __edi;
					if(_t24 != 0) {
						if(__edi >= 0x1000) {
							E1B25A7B0(_t54, __rbx, _t73 + _t73, _t73, __rcx);
							_t59 = _t54;
						} else {
							_t57 = _t73 + _t73;
							_t69 = _t57 + 0xf;
							if(_t69 <= _t57) {
								_t69 = 0xfffffff0;
							}
							_t70 = _t69 & 0xfffffff0;
							_t54 = _t70;
							E1B26C5E0(_t24, _t54, _t89, _t90);
							_t83 = _t83 - _t70;
							_t59 = _t83 + 0x30;
						}
						 *(_t80 + 8) = _t59;
						if(_t59 != 0) {
							 *((intOrPtr*)(_t83 + 0x28)) = _t49;
							 *(_t83 + 0x20) = _t59;
							r9d = r12d;
							_t44 = 0;
							if(MultiByteToWideChar(??, ??, ??, ??, ??, ??) != 0) {
								__imp__#2();
								_t77 = _t54;
								if(_t49 >= 0x1000) {
									E1B25A880(_t54, _t59);
								}
								if(_t77 == 0) {
									_t44 = 0x8007000e;
									E1B257D80();
								}
							} else {
								if(_t49 >= 0x1000) {
									E1B25A880(_t54, _t59);
								}
								if(GetLastError() > 0) {
									_t32 = GetLastError() & 0x0000ffff | 0x80070000;
								} else {
									_t32 = GetLastError();
								}
								_t44 = _t32;
								E1B257D80();
							}
						} else {
							_t44 = 0x8007000e;
							E1B257D80();
						}
					} else {
						if(GetLastError() > 0) {
							_t40 = GetLastError() & 0x0000ffff | 0x80070000;
						} else {
							_t40 = GetLastError();
						}
						_t44 = _t40;
						E1B257D80();
					}
				} else {
				}
				return E1B258680(_t44,  *(_t80 + 0x10) ^ _t80);
			}





















                                                                                                                                  0x1b257e40
                                                                                                                                  0x1b257e40
                                                                                                                                  0x1b257e40
                                                                                                                                  0x1b257e40
                                                                                                                                  0x1b257e40
                                                                                                                                  0x1b257e46
                                                                                                                                  0x1b257e4a
                                                                                                                                  0x1b257e4f
                                                                                                                                  0x1b257e53
                                                                                                                                  0x1b257e57
                                                                                                                                  0x1b257e5b
                                                                                                                                  0x1b257e5f
                                                                                                                                  0x1b257e66
                                                                                                                                  0x1b257e69
                                                                                                                                  0x1b257e73
                                                                                                                                  0x1b257e7c
                                                                                                                                  0x1b257e82
                                                                                                                                  0x1b257e82
                                                                                                                                  0x1b257e86
                                                                                                                                  0x1b257e8c
                                                                                                                                  0x1b257e90
                                                                                                                                  0x1b257e95
                                                                                                                                  0x1b257e9f
                                                                                                                                  0x1b257ea5
                                                                                                                                  0x1b257ea8
                                                                                                                                  0x1b257ead
                                                                                                                                  0x1b257ee3
                                                                                                                                  0x1b257f1a
                                                                                                                                  0x1b257f1f
                                                                                                                                  0x1b257ee5
                                                                                                                                  0x1b257ee8
                                                                                                                                  0x1b257eeb
                                                                                                                                  0x1b257ef2
                                                                                                                                  0x1b257ef4
                                                                                                                                  0x1b257ef4
                                                                                                                                  0x1b257efe
                                                                                                                                  0x1b257f02
                                                                                                                                  0x1b257f05
                                                                                                                                  0x1b257f0a
                                                                                                                                  0x1b257f0d
                                                                                                                                  0x1b257f0d
                                                                                                                                  0x1b257f22
                                                                                                                                  0x1b257f3c
                                                                                                                                  0x1b257f4f
                                                                                                                                  0x1b257f53
                                                                                                                                  0x1b257f58
                                                                                                                                  0x1b257f60
                                                                                                                                  0x1b257f6a
                                                                                                                                  0x1b257faa
                                                                                                                                  0x1b257fb0
                                                                                                                                  0x1b257fb9
                                                                                                                                  0x1b257fbe
                                                                                                                                  0x1b257fbe
                                                                                                                                  0x1b257fc6
                                                                                                                                  0x1b257fc8
                                                                                                                                  0x1b257fcd
                                                                                                                                  0x1b257fcd
                                                                                                                                  0x1b257f6c
                                                                                                                                  0x1b257f72
                                                                                                                                  0x1b257f77
                                                                                                                                  0x1b257f77
                                                                                                                                  0x1b257f84
                                                                                                                                  0x1b257f97
                                                                                                                                  0x1b257f86
                                                                                                                                  0x1b257f86
                                                                                                                                  0x1b257f86
                                                                                                                                  0x1b257f9c
                                                                                                                                  0x1b257f9e
                                                                                                                                  0x1b257fa3
                                                                                                                                  0x1b257f3e
                                                                                                                                  0x1b257f3e
                                                                                                                                  0x1b257f43
                                                                                                                                  0x1b257f48
                                                                                                                                  0x1b257eaf
                                                                                                                                  0x1b257eb7
                                                                                                                                  0x1b257eca
                                                                                                                                  0x1b257eb9
                                                                                                                                  0x1b257eb9
                                                                                                                                  0x1b257eb9
                                                                                                                                  0x1b257ecf
                                                                                                                                  0x1b257ed1
                                                                                                                                  0x1b257ed6
                                                                                                                                  0x1b257e75
                                                                                                                                  0x1b257e75
                                                                                                                                  0x1b257ff6

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$ByteCharMultiWidelstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 475730466-0
                                                                                                                                  • Opcode ID: d06e8643e9dceb90dea201e714dce09315a22af0e08bf7ec1357465c87668344
                                                                                                                                  • Instruction ID: 35cc3d599efd34a94e27cfa4fc4125af6da1030991886ecd5318b3b942851209
                                                                                                                                  • Opcode Fuzzy Hash: d06e8643e9dceb90dea201e714dce09315a22af0e08bf7ec1357465c87668344
                                                                                                                                  • Instruction Fuzzy Hash: FD417F31755B8A86DB14DF72DC803D933A5FB48BE8F144625EE5A87BA4EF38C4898340
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B233B50 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 79libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,1B233DDE), ref: 1B233BA3
                                                                                                                                  • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,1B233DDE), ref: 1B233BBA
                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,1B233DDE), ref: 1B233BE5
                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,1B233DDE), ref: 1B233BF8
                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,1B233DDE), ref: 1B233C62
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressLibraryProc$FreeHandleLoadModule
                                                                                                                                  • String ID: GetProcessWindowStation$GetUserObjectInformationA$User32.dll
                                                                                                                                  • API String ID: 3023338733-1427415934
                                                                                                                                  • Opcode ID: 060b8164e867dd127b63db21538301d7326e34c7f9644527d4a337d3b557da00
                                                                                                                                  • Instruction ID: 5fb88a846912d8377becccc0b9d87d20fae29f83b01d0108352db5a530c2f1b1
                                                                                                                                  • Opcode Fuzzy Hash: 060b8164e867dd127b63db21538301d7326e34c7f9644527d4a337d3b557da00
                                                                                                                                  • Instruction Fuzzy Hash: 94315076706B8585DB108F22B88079AB3A4FB89BC5F594129DE8D47764DF38C549CB00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B2328F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 25%
                                                                                                                                  			E1B2328F0(void* __rax, long long __rbx, long long __rdi, long long _a24, long long _a32) {
				signed int _v24;
				long long _v32;
				long long _v40;
				signed int _t15;
				void* _t18;
				intOrPtr _t34;

				_v40 = 0xfffffffe;
				_a24 = __rbx;
				_a32 = __rdi;
				_v32 = 0x1b2918e0;
				EnterCriticalSection(??);
				_v24 = 1;
				if( *0x1b2918d1 == 0) {
					GetModuleHandleA();
					GetModuleHandleA(??);
					E1B233DD0(_t18, __eflags, __rax, __rax);
					_t34 =  *0x1b291a28; // 0x1b490cd0
					__eflags =  *((intOrPtr*)(_t34 + 0xc8)) - 3;
					if( *((intOrPtr*)(_t34 + 0xc8)) <= 3) {
						 *0x1b2918d0 = 1;
						 *0x1b2918d1 = 1;
						LeaveCriticalSection(??);
						_v24 = 0;
						_t15 = 1;
					} else {
						 *0x1b2918d0 = 1;
						 *0x1b2918d1 = 1;
						LeaveCriticalSection(??);
						_v24 = 0;
						_t15 = 1;
					}
				} else {
					LeaveCriticalSection();
					_v24 = 0;
					_t15 =  *0x1b2918d0 & 0x000000ff;
				}
				return _t15;
			}









                                                                                                                                  0x1b2328f4
                                                                                                                                  0x1b2328fd
                                                                                                                                  0x1b232902
                                                                                                                                  0x1b23290e
                                                                                                                                  0x1b232916
                                                                                                                                  0x1b23291c
                                                                                                                                  0x1b23292b
                                                                                                                                  0x1b232950
                                                                                                                                  0x1b23295b
                                                                                                                                  0x1b232967
                                                                                                                                  0x1b23296c
                                                                                                                                  0x1b232973
                                                                                                                                  0x1b23297b
                                                                                                                                  0x1b2329a0
                                                                                                                                  0x1b2329a7
                                                                                                                                  0x1b2329b1
                                                                                                                                  0x1b2329b7
                                                                                                                                  0x1b2329bf
                                                                                                                                  0x1b23297d
                                                                                                                                  0x1b23297d
                                                                                                                                  0x1b232984
                                                                                                                                  0x1b23298e
                                                                                                                                  0x1b232994
                                                                                                                                  0x1b23299c
                                                                                                                                  0x1b23299c
                                                                                                                                  0x1b23292d
                                                                                                                                  0x1b232937
                                                                                                                                  0x1b23293d
                                                                                                                                  0x1b232945
                                                                                                                                  0x1b232945
                                                                                                                                  0x1b2329cf

                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 1B232916
                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 1B232937
                                                                                                                                  • GetModuleHandleA.KERNEL32 ref: 1B232950
                                                                                                                                  • GetModuleHandleA.KERNEL32 ref: 1B23295B
                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 1B23298E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$HandleLeaveModule$Enter
                                                                                                                                  • String ID: hvm
                                                                                                                                  • API String ID: 1714012981-4091772959
                                                                                                                                  • Opcode ID: 75b7c9c06879dd96655ff2e1ab55e82b7158ea53bea9af9824a7c343975eb90e
                                                                                                                                  • Instruction ID: ab78882edd1e969f9bf9adaf7313b74b8c4be107bc3679619aac1043bb4d637f
                                                                                                                                  • Opcode Fuzzy Hash: 75b7c9c06879dd96655ff2e1ab55e82b7158ea53bea9af9824a7c343975eb90e
                                                                                                                                  • Instruction Fuzzy Hash: F1217C7952878896F3009B13B9943D977A0BB8A7EAF200209DD9A077A4CB7DC08DDB00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B261A20 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 203COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 52%
                                                                                                                                  			E1B261A20(signed int __edi, signed long long __rbx, void* __rdx, signed long long __rdi, long long __rsi, void* __rbp, void* __r8, signed long long __r12, long long __r13, long long __r14, long long __r15, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _v8;
				void* _v16;
				void* _v24;
				intOrPtr* _v64;
				short _v70;
				char _v136;
				void* _t64;
				void* _t67;
				signed char _t68;
				signed int _t69;
				long _t71;
				intOrPtr _t75;
				intOrPtr _t76;
				signed int _t78;
				intOrPtr _t80;
				signed int _t91;
				long long* _t93;
				long long _t95;
				long long _t96;
				intOrPtr _t100;
				signed long long _t102;
				long long* _t105;
				signed char _t110;
				void* _t114;
				signed long long _t115;
				signed long long _t116;
				long long _t120;
				intOrPtr* _t122;
				long long* _t124;
				void* _t125;
				long long* _t126;
				long long* _t127;
				signed long long _t128;
				signed char* _t132;
				intOrPtr* _t135;
				signed char* _t136;

				_t128 = __r12;
				_t125 = __r8;
				_t123 = __rbp;
				_t115 = __rdi;
				_t114 = __rdx;
				_t102 = __rbx;
				_t91 = __edi;
				_t93 = _t124;
				 *((long long*)(_t93 + 8)) = __rbx;
				 *((long long*)(_t93 + 0x10)) = __rsi;
				 *((long long*)(_t93 + 0x18)) = __rdi;
				 *((long long*)(_t93 + 0x20)) = __r12;
				 *((long long*)(_t93 - 8)) = __r13;
				 *((long long*)(_t93 - 0x10)) = __r14;
				 *((long long*)(_t93 - 0x18)) = __r15;
				_t107 =  &_v136;
				GetStartupInfoA(??);
				_t64 = E1B261130(_t93, __rbx,  &_v136, __rdx, __rdi, __rsi, __rbp, __r12);
				_t126 = _t93;
				if(_t93 != 0) {
					 *0x1b293a60 = _t93;
					_t80 = 0x20;
					 *0x1b293a58 = 0x20;
					if(_t126 >= _t93 + 0x800) {
						r12d = 0;
						L7:
						if(_v70 == 0) {
							L29:
							r13d = r12d;
							_t116 = _t128;
							do {
								_t105 = (_t116 << 6) +  *0x1b293a60;
								_t95 =  *_t105;
								if(_t95 == 0xffffffff || _t95 == 0xfffffffe) {
									 *(_t105 + 8) = 0x81;
									if(_t116 != 0) {
									}
									GetStdHandle();
									_t120 = _t95;
									if(_t95 == 0xffffffff || _t95 == 0) {
										L46:
										 *(_t105 + 8) =  *(_t105 + 8) | 0x00000040;
										 *_t105 = 0xfffffffe;
										goto L47;
									} else {
										_t68 = GetFileType();
										if(_t68 == 0) {
											goto L46;
										}
										 *_t105 = _t120;
										_t69 = _t68 & 0x000000ff;
										if(_t69 != 2) {
											if(_t69 == 3) {
												 *(_t105 + 8) =  *(_t105 + 8) | 0x00000008;
											}
										} else {
											 *(_t105 + 8) =  *(_t105 + 8) | 0x00000040;
										}
										_t52 = _t105 + 0x10; // 0x10
										if(E1B260F80(0xfa0, _t95, _t105, _t52, _t114, _t116, _t120, _t125, _t128) == 0) {
											_t67 = 0xffffffff;
											L49:
											return _t67;
										} else {
											 *((intOrPtr*)(_t105 + 0xc)) =  *((intOrPtr*)(_t105 + 0xc)) + 1;
											goto L47;
										}
									}
								} else {
									 *(_t105 + 8) =  *(_t105 + 8) | 0x00000080;
								}
								L47:
								r13d = r13d + 1;
								_t116 = _t116 + 1;
							} while (_t116 < 3);
							SetHandleCount();
							_t67 = 0;
							goto L49;
						}
						_t135 = _v64;
						if(_t135 == 0) {
							goto L29;
						}
						_t96 =  *_t135;
						_t136 = _t135 + 4;
						_t132 =  &(_t136[_t96]);
						r15d = 0x800;
						r15d =  <  ? _t64 : r15d;
						if(_t80 >= r15d) {
							_t122 = 0x1b293a60;
							L19:
							_t78 = r12d;
							if(r15d <= 0) {
								goto L29;
							} else {
								goto L20;
							}
							do {
								L20:
								_t110 =  *_t132;
								if(_t110 != 0xffffffff && _t110 != 0xfffffffe) {
									_t71 =  *_t136 & 0x000000ff;
									if((_t71 & 0x00000001) == 0) {
										goto L28;
									}
									if((_t71 & 0x00000008) != 0) {
										L25:
										dil = _t71;
										_t91 = _t91 & 0x0000001f;
										_t115 = (_t115 << 6) +  *((intOrPtr*)(_t122 + (_t78 >> 5) * 8));
										 *_t115 =  *_t132;
										 *((char*)(_t115 + 8)) =  *_t136 & 0x000000ff;
										_t40 = _t115 + 0x10; // 0x10
										if(E1B260F80(0xfa0,  *_t132, _t102, _t40, _t114, _t115, _t122, _t125, _t128) == 0) {
											_t67 = 0xffffffff;
											goto L49;
										}
										 *((intOrPtr*)(_t115 + 0xc)) =  *((intOrPtr*)(_t115 + 0xc)) + 1;
										goto L28;
									}
									_t71 = GetFileType();
									if(_t71 == 0) {
										goto L28;
									}
									goto L25;
								}
								L28:
								_t78 = _t78 + 1;
								_t136 =  &(_t136[1]);
								_t132 =  &(_t132[8]);
							} while (_t78 < r15d);
							goto L29;
						}
						_t122 = 0x1b293a60;
						while(1) {
							E1B261130(_t96, _t102, _t107, _t114, _t115, _t122, _t123, _t128);
							_t127 = _t96;
							if(_t96 == 0) {
								break;
							}
							 *((long long*)(_t122 + _t102 * 8)) = _t96;
							_t75 =  *0x1b293a58; // 0x20
							_t76 = _t75 + 0x20;
							 *0x1b293a58 = _t76;
							_t23 = _t127 + 0x800; // 0x800
							_t107 = _t23;
							if(_t127 >= _t23) {
								L15:
								_t102 = _t102 + 1;
								if(_t76 < r15d) {
									continue;
								}
								goto L19;
							} else {
								goto L13;
							}
							do {
								L13:
								 *((char*)(_t127 + 8)) = 0;
								 *_t127 = 0xffffffff;
								 *((char*)(_t127 + 9)) = 0xa;
								 *(_t127 + 0xc) = r12d;
								 *(_t127 + 0x38) =  *(_t127 + 0x38) & 0x00000080;
								 *((char*)(_t127 + 0x39)) = 0xa;
								 *((char*)(_t127 + 0x3a)) = 0xa;
								_t127 = _t127 + 0x40;
								_t96 =  *((intOrPtr*)(_t122 + _t102 * 8)) + 0x800;
							} while (_t127 < _t96);
							_t76 =  *0x1b293a58; // 0x20
							goto L15;
						}
						r15d =  *0x1b293a58; // 0x20
						goto L19;
					}
					r12d = 0;
					do {
						 *((intOrPtr*)(_t126 + 8)) = r12b;
						 *_t126 = 0xffffffff;
						 *((char*)(_t126 + 9)) = 0xa;
						 *(_t126 + 0xc) = r12d;
						 *((intOrPtr*)(_t126 + 0x38)) = r12b;
						 *((char*)(_t126 + 0x39)) = 0xa;
						 *((char*)(_t126 + 0x3a)) = 0xa;
						_t126 = _t126 + 0x40;
						_t100 =  *0x1b293a60; // 0x1b491130
					} while (_t126 < _t100 + 0x800);
					_t80 =  *0x1b293a58; // 0x20
					goto L7;
				}
				_t10 = _t126 - 1; // -1
				_t67 = _t10;
				goto L49;
			}







































                                                                                                                                  0x1b261a20
                                                                                                                                  0x1b261a20
                                                                                                                                  0x1b261a20
                                                                                                                                  0x1b261a20
                                                                                                                                  0x1b261a20
                                                                                                                                  0x1b261a20
                                                                                                                                  0x1b261a20
                                                                                                                                  0x1b261a20
                                                                                                                                  0x1b261a2a
                                                                                                                                  0x1b261a2e
                                                                                                                                  0x1b261a32
                                                                                                                                  0x1b261a36
                                                                                                                                  0x1b261a3a
                                                                                                                                  0x1b261a3e
                                                                                                                                  0x1b261a42
                                                                                                                                  0x1b261a46
                                                                                                                                  0x1b261a4b
                                                                                                                                  0x1b261a5a
                                                                                                                                  0x1b261a5f
                                                                                                                                  0x1b261a65
                                                                                                                                  0x1b261a70
                                                                                                                                  0x1b261a77
                                                                                                                                  0x1b261a7c
                                                                                                                                  0x1b261a8b
                                                                                                                                  0x1b261ad0
                                                                                                                                  0x1b261ad3
                                                                                                                                  0x1b261ad9
                                                                                                                                  0x1b261c32
                                                                                                                                  0x1b261c32
                                                                                                                                  0x1b261c35
                                                                                                                                  0x1b261c40
                                                                                                                                  0x1b261c47
                                                                                                                                  0x1b261c4e
                                                                                                                                  0x1b261c55
                                                                                                                                  0x1b261c66
                                                                                                                                  0x1b261c6d
                                                                                                                                  0x1b261c6d
                                                                                                                                  0x1b261c83
                                                                                                                                  0x1b261c89
                                                                                                                                  0x1b261c90
                                                                                                                                  0x1b261cdd
                                                                                                                                  0x1b261cdd
                                                                                                                                  0x1b261ce1
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261c97
                                                                                                                                  0x1b261c9a
                                                                                                                                  0x1b261ca2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261ca4
                                                                                                                                  0x1b261ca7
                                                                                                                                  0x1b261cad
                                                                                                                                  0x1b261cb8
                                                                                                                                  0x1b261cba
                                                                                                                                  0x1b261cba
                                                                                                                                  0x1b261caf
                                                                                                                                  0x1b261caf
                                                                                                                                  0x1b261caf
                                                                                                                                  0x1b261cbe
                                                                                                                                  0x1b261cce
                                                                                                                                  0x1b261cd6
                                                                                                                                  0x1b261d0f
                                                                                                                                  0x1b261d4e
                                                                                                                                  0x1b261cd0
                                                                                                                                  0x1b261cd0
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261cd0
                                                                                                                                  0x1b261cce
                                                                                                                                  0x1b261c5d
                                                                                                                                  0x1b261c5d
                                                                                                                                  0x1b261c5d
                                                                                                                                  0x1b261ce8
                                                                                                                                  0x1b261ce8
                                                                                                                                  0x1b261cec
                                                                                                                                  0x1b261cf0
                                                                                                                                  0x1b261d00
                                                                                                                                  0x1b261d06
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261d06
                                                                                                                                  0x1b261adf
                                                                                                                                  0x1b261ae7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261aed
                                                                                                                                  0x1b261af0
                                                                                                                                  0x1b261af4
                                                                                                                                  0x1b261af8
                                                                                                                                  0x1b261b01
                                                                                                                                  0x1b261b0d
                                                                                                                                  0x1b261ba5
                                                                                                                                  0x1b261bac
                                                                                                                                  0x1b261bac
                                                                                                                                  0x1b261bb2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261bb4
                                                                                                                                  0x1b261bb4
                                                                                                                                  0x1b261bb4
                                                                                                                                  0x1b261bbc
                                                                                                                                  0x1b261bc4
                                                                                                                                  0x1b261bca
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261bce
                                                                                                                                  0x1b261bda
                                                                                                                                  0x1b261be4
                                                                                                                                  0x1b261be7
                                                                                                                                  0x1b261bee
                                                                                                                                  0x1b261bf6
                                                                                                                                  0x1b261bfd
                                                                                                                                  0x1b261c00
                                                                                                                                  0x1b261c10
                                                                                                                                  0x1b261c18
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261c18
                                                                                                                                  0x1b261c12
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261c12
                                                                                                                                  0x1b261bd0
                                                                                                                                  0x1b261bd8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261bd8
                                                                                                                                  0x1b261c22
                                                                                                                                  0x1b261c22
                                                                                                                                  0x1b261c25
                                                                                                                                  0x1b261c29
                                                                                                                                  0x1b261c2d
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261bb4
                                                                                                                                  0x1b261b13
                                                                                                                                  0x1b261b20
                                                                                                                                  0x1b261b28
                                                                                                                                  0x1b261b2d
                                                                                                                                  0x1b261b33
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261b35
                                                                                                                                  0x1b261b39
                                                                                                                                  0x1b261b3f
                                                                                                                                  0x1b261b42
                                                                                                                                  0x1b261b48
                                                                                                                                  0x1b261b48
                                                                                                                                  0x1b261b52
                                                                                                                                  0x1b261b91
                                                                                                                                  0x1b261b91
                                                                                                                                  0x1b261b98
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261b54
                                                                                                                                  0x1b261b54
                                                                                                                                  0x1b261b54
                                                                                                                                  0x1b261b59
                                                                                                                                  0x1b261b60
                                                                                                                                  0x1b261b65
                                                                                                                                  0x1b261b69
                                                                                                                                  0x1b261b6e
                                                                                                                                  0x1b261b73
                                                                                                                                  0x1b261b78
                                                                                                                                  0x1b261b80
                                                                                                                                  0x1b261b86
                                                                                                                                  0x1b261b8b
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261b8b
                                                                                                                                  0x1b261b9c
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261b9c
                                                                                                                                  0x1b261a8d
                                                                                                                                  0x1b261a90
                                                                                                                                  0x1b261a90
                                                                                                                                  0x1b261a94
                                                                                                                                  0x1b261a9b
                                                                                                                                  0x1b261aa0
                                                                                                                                  0x1b261aa4
                                                                                                                                  0x1b261aa8
                                                                                                                                  0x1b261aad
                                                                                                                                  0x1b261ab2
                                                                                                                                  0x1b261ab6
                                                                                                                                  0x1b261ac3
                                                                                                                                  0x1b261ac8
                                                                                                                                  0x00000000
                                                                                                                                  0x1b261ac8
                                                                                                                                  0x1b261a67
                                                                                                                                  0x1b261a67
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GetStartupInfoA.KERNEL32 ref: 1B261A4B
                                                                                                                                    • Part of subcall function 1B261130: Sleep.KERNEL32(?,?,?,?,1B25E417,?,?,?,?,1B25BC99,?,?,?,?,1B25A86C), ref: 1B261180
                                                                                                                                  • GetFileType.KERNEL32 ref: 1B261BD0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileInfoSleepStartupType
                                                                                                                                  • String ID: @
                                                                                                                                  • API String ID: 1527402494-2766056989
                                                                                                                                  • Opcode ID: 5243b00becb06d5b0ab710bb4fc42d07d9cbfa224df5af5ffc6bad228d8e3710
                                                                                                                                  • Instruction ID: 41817b111dbdcece054503c5eb0388ff9da774feb1952dcfdca0ecda294498a0
                                                                                                                                  • Opcode Fuzzy Hash: 5243b00becb06d5b0ab710bb4fc42d07d9cbfa224df5af5ffc6bad228d8e3710
                                                                                                                                  • Instruction Fuzzy Hash: 2C81AD72B14B8082DB14CB26D8C43993765F705BBAF756715CABA473D4EB38E889C302
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B245B20 Relevance: 10.6, APIs: 7, Instructions: 79fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$PointerRead$CloseCreateHandleModuleName
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 970745124-0
                                                                                                                                  • Opcode ID: 03b3ea7f2638216a789206424a3ef4e65a0d5a077d4fb6e8d0fb8820552c25a3
                                                                                                                                  • Instruction ID: 302f6895b094714654d26c288d59d8c12fd654f6cc3b2ca1a7f32c8d5ef62d78
                                                                                                                                  • Opcode Fuzzy Hash: 03b3ea7f2638216a789206424a3ef4e65a0d5a077d4fb6e8d0fb8820552c25a3
                                                                                                                                  • Instruction Fuzzy Hash: BE414536208A89C7DB20DF21E458B8EB3B5F788B88F914115DF890BB18DF79C54ACB40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B267D50 Relevance: 9.2, APIs: 6, Instructions: 167COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                  			E1B267D50(int __edx, long long __rbx, intOrPtr* __rcx, signed long long __rdi, long long __rsi, signed long long __r8, void* __r10, void* __r11, long long __r12, long long __r13, long long __r14, long long __r15) {
				int _t47;
				int _t48;
				int _t56;
				void* _t57;
				int _t59;
				int _t65;
				void* _t72;
				int _t76;
				int _t77;
				int _t78;
				int _t83;
				signed long long _t93;
				signed long long _t94;
				signed long long _t97;
				signed long long _t101;
				void* _t106;
				void* _t108;
				signed long long _t111;
				signed long long _t116;
				void* _t118;
				void* _t119;
				signed long long _t127;
				void* _t130;
				void* _t131;
				intOrPtr* _t133;
				int _t135;
				signed long long _t139;

				_t141 = __r15;
				_t136 = __r13;
				_t131 = __r11;
				_t130 = __r10;
				_t113 = __rsi;
				_t111 = __rdi;
				_t99 = __rbx;
				 *((intOrPtr*)(_t118 + 0x20)) = r9d;
				_t119 = _t118 - 0x80;
				_t116 = _t119 + 0x30;
				 *((long long*)(_t116 + 0x48)) = __rbx;
				 *((long long*)(_t116 + 0x40)) = __rsi;
				 *((long long*)(_t116 + 0x38)) = __rdi;
				 *((long long*)(_t116 + 0x30)) = __r12;
				 *((long long*)(_t116 + 0x28)) = __r13;
				 *((long long*)(_t116 + 0x20)) = __r14;
				 *((long long*)(_t116 + 0x18)) = __r15;
				_t93 =  *0x1b28fd98; // 0x6f0cc7c64fc9
				_t94 = _t93 ^ _t116;
				 *(_t116 + 8) = _t94;
				_t47 =  *0x1b293a48; // 0x1
				_t139 = __r8;
				r15d = __edx;
				_t133 = __rcx;
				if(_t47 != 0) {
					L12:
					if(_t47 == 2 || _t47 == 0) {
						goto L5;
					} else {
						if(_t47 != 1) {
							goto L10;
						} else {
							goto L15;
						}
					}
				} else {
					r8d = 1;
					_t127 = _t116;
					_t67 = r8d;
					if(GetStringTypeW(??, ??, ??, ??) == 0) {
						if(GetLastError() != 0x78) {
							_t47 =  *0x1b293a48; // 0x1
							goto L12;
						} else {
							 *0x1b293a48 = 2;
							L5:
							_t77 =  *(_t116 + 0x90);
							if(_t77 == 0) {
								_t94 =  *_t133;
								_t77 =  *(_t94 + 0x14);
							}
							_t65 =  *(_t116 + 0x88);
							if(_t65 == 0) {
								_t94 =  *_t133;
								_t65 =  *(_t94 + 4);
							}
							_t67 = _t77;
							_t48 = E1B269410(_t127);
							if(_t48 != 0xffffffff) {
								if(_t48 == _t65) {
									L37:
									_t95 =  *((intOrPtr*)(_t116 + 0x80));
									r9d =  *((intOrPtr*)(_t116 + 0x78));
									_t67 = _t77;
									 *(_t119 + 0x20) =  *((intOrPtr*)(_t116 + 0x80));
									GetStringTypeA(??, ??, ??, ??, ??);
									if(_t111 != 0) {
										E1B25A880(_t95, _t111);
									}
								} else {
									_t67 = _t65;
									 *((intOrPtr*)(_t119 + 0x28)) = 0;
									 *(_t119 + 0x20) = _t111;
									E1B269480(_t65, _t48, _t77, _t99, _t111, _t113, _t139, _t116 + 0x78, _t130, _t131, _t133, _t136, _t139, _t141);
									_t111 = _t94;
									if(_t94 == 0) {
										goto L10;
									} else {
										_t139 = _t94;
										goto L37;
									}
								}
							} else {
								goto L10;
							}
						}
					} else {
						 *0x1b293a48 = 1;
						L15:
						_t78 =  *(_t116 + 0x88);
						_t76 = 0;
						if(_t78 == 0) {
							_t78 =  *( *_t133 + 4);
						}
						r9d =  *((intOrPtr*)(_t116 + 0x78));
						_t67 = _t78;
						_t72 =  !=  ? 9 : 1;
						 *((intOrPtr*)(_t119 + 0x28)) = _t76;
						 *(_t119 + 0x20) = _t111;
						_t56 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
						_t83 = _t56;
						_t135 = _t56;
						if(_t83 == 0 || _t83 <= 0) {
							L10:
						} else {
							_t96 = 0xfffffff0;
							if(_t135 > 0xfffffff0) {
								goto L10;
							} else {
								_t106 = _t135 + _t135 + 0x10;
								if(_t106 > 0x400) {
									_t57 = E1B25A7B0(0xfffffff0, _t99, _t106, _t111, _t113);
									_t101 = 0xfffffff0;
									if(0xfffffff0 != 0) {
										 *0xfffffff0 = 0xdddd;
										goto L27;
									}
									goto L28;
								} else {
									_t23 = _t106 + 0xf; // 0x1b25b75c
									_t97 = _t23;
									if(_t97 <= _t106) {
										_t97 = 0xfffffff0;
									}
									_t96 = _t97 & 0xfffffff0;
									_t57 = E1B26C5E0(_t56, _t96, _t130, _t131);
									_t119 = _t119 - _t96;
									_t101 = _t119 + 0x30;
									if(_t101 == 0) {
										goto L10;
									} else {
										 *_t101 = 0xcccc;
										L27:
										_t101 = _t101 + 0x10;
										L28:
										if(_t101 == 0) {
											goto L10;
										} else {
											E1B258FC0(_t57, _t67, 0, _t101, 0x1b27c064, _t135 + _t135);
											r9d =  *((intOrPtr*)(_t116 + 0x78));
											_t67 = _t78;
											 *((intOrPtr*)(_t119 + 0x28)) = r12d;
											 *(_t119 + 0x20) = _t101;
											_t59 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
											if(_t59 != 0) {
												r8d = _t59;
												_t67 = r15d;
												_t76 = GetStringTypeW(??, ??, ??, ??);
											}
											_t31 = _t101 - 0x10; // -16
											_t108 = _t31;
											if( *((intOrPtr*)(_t101 - 0x10)) == 0xdddd) {
												E1B25A880(_t96, _t108);
											}
										}
									}
								}
							}
						}
					}
				}
				return E1B258680(_t67,  *(_t116 + 8) ^ _t116);
			}






























                                                                                                                                  0x1b267d50
                                                                                                                                  0x1b267d50
                                                                                                                                  0x1b267d50
                                                                                                                                  0x1b267d50
                                                                                                                                  0x1b267d50
                                                                                                                                  0x1b267d50
                                                                                                                                  0x1b267d50
                                                                                                                                  0x1b267d50
                                                                                                                                  0x1b267d56
                                                                                                                                  0x1b267d5d
                                                                                                                                  0x1b267d62
                                                                                                                                  0x1b267d66
                                                                                                                                  0x1b267d6a
                                                                                                                                  0x1b267d6e
                                                                                                                                  0x1b267d72
                                                                                                                                  0x1b267d76
                                                                                                                                  0x1b267d7a
                                                                                                                                  0x1b267d7e
                                                                                                                                  0x1b267d85
                                                                                                                                  0x1b267d88
                                                                                                                                  0x1b267d8c
                                                                                                                                  0x1b267d92
                                                                                                                                  0x1b267d95
                                                                                                                                  0x1b267d9a
                                                                                                                                  0x1b267d9d
                                                                                                                                  0x1b267e23
                                                                                                                                  0x1b267e26
                                                                                                                                  0x00000000
                                                                                                                                  0x1b267e2c
                                                                                                                                  0x1b267e2f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b267e2f
                                                                                                                                  0x1b267da3
                                                                                                                                  0x1b267da3
                                                                                                                                  0x1b267da9
                                                                                                                                  0x1b267db4
                                                                                                                                  0x1b267dbf
                                                                                                                                  0x1b267dd6
                                                                                                                                  0x1b267e1d
                                                                                                                                  0x00000000
                                                                                                                                  0x1b267dd8
                                                                                                                                  0x1b267dd8
                                                                                                                                  0x1b267de2
                                                                                                                                  0x1b267de2
                                                                                                                                  0x1b267dec
                                                                                                                                  0x1b267dee
                                                                                                                                  0x1b267df2
                                                                                                                                  0x1b267df2
                                                                                                                                  0x1b267df5
                                                                                                                                  0x1b267dfd
                                                                                                                                  0x1b267dff
                                                                                                                                  0x1b267e03
                                                                                                                                  0x1b267e03
                                                                                                                                  0x1b267e06
                                                                                                                                  0x1b267e08
                                                                                                                                  0x1b267e10
                                                                                                                                  0x1b267f4a
                                                                                                                                  0x1b267f74
                                                                                                                                  0x1b267f74
                                                                                                                                  0x1b267f7b
                                                                                                                                  0x1b267f85
                                                                                                                                  0x1b267f87
                                                                                                                                  0x1b267f8c
                                                                                                                                  0x1b267f97
                                                                                                                                  0x1b267f9c
                                                                                                                                  0x1b267f9c
                                                                                                                                  0x1b267f4c
                                                                                                                                  0x1b267f55
                                                                                                                                  0x1b267f57
                                                                                                                                  0x1b267f5b
                                                                                                                                  0x1b267f60
                                                                                                                                  0x1b267f68
                                                                                                                                  0x1b267f6b
                                                                                                                                  0x00000000
                                                                                                                                  0x1b267f71
                                                                                                                                  0x1b267f71
                                                                                                                                  0x00000000
                                                                                                                                  0x1b267f71
                                                                                                                                  0x1b267f6b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b267e10
                                                                                                                                  0x1b267dc1
                                                                                                                                  0x1b267dc1
                                                                                                                                  0x1b267e31
                                                                                                                                  0x1b267e31
                                                                                                                                  0x1b267e37
                                                                                                                                  0x1b267e3b
                                                                                                                                  0x1b267e41
                                                                                                                                  0x1b267e41
                                                                                                                                  0x1b267e4a
                                                                                                                                  0x1b267e5b
                                                                                                                                  0x1b267e5d
                                                                                                                                  0x1b267e60
                                                                                                                                  0x1b267e64
                                                                                                                                  0x1b267e69
                                                                                                                                  0x1b267e6f
                                                                                                                                  0x1b267e71
                                                                                                                                  0x1b267e74
                                                                                                                                  0x1b267e16
                                                                                                                                  0x1b267e78
                                                                                                                                  0x1b267e78
                                                                                                                                  0x1b267e85
                                                                                                                                  0x00000000
                                                                                                                                  0x1b267e87
                                                                                                                                  0x1b267e87
                                                                                                                                  0x1b267e93
                                                                                                                                  0x1b267eca
                                                                                                                                  0x1b267ed2
                                                                                                                                  0x1b267ed5
                                                                                                                                  0x1b267ed7
                                                                                                                                  0x00000000
                                                                                                                                  0x1b267ed7
                                                                                                                                  0x00000000
                                                                                                                                  0x1b267e95
                                                                                                                                  0x1b267e95
                                                                                                                                  0x1b267e95
                                                                                                                                  0x1b267e9c
                                                                                                                                  0x1b267e9e
                                                                                                                                  0x1b267e9e
                                                                                                                                  0x1b267ea8
                                                                                                                                  0x1b267eac
                                                                                                                                  0x1b267eb1
                                                                                                                                  0x1b267eb4
                                                                                                                                  0x1b267ebc
                                                                                                                                  0x00000000
                                                                                                                                  0x1b267ec2
                                                                                                                                  0x1b267ec2
                                                                                                                                  0x1b267edd
                                                                                                                                  0x1b267edd
                                                                                                                                  0x1b267ee1
                                                                                                                                  0x1b267ee4
                                                                                                                                  0x00000000
                                                                                                                                  0x1b267eea
                                                                                                                                  0x1b267ef3
                                                                                                                                  0x1b267ef8
                                                                                                                                  0x1b267f04
                                                                                                                                  0x1b267f06
                                                                                                                                  0x1b267f0b
                                                                                                                                  0x1b267f10
                                                                                                                                  0x1b267f18
                                                                                                                                  0x1b267f21
                                                                                                                                  0x1b267f27
                                                                                                                                  0x1b267f30
                                                                                                                                  0x1b267f30
                                                                                                                                  0x1b267f39
                                                                                                                                  0x1b267f39
                                                                                                                                  0x1b267f3d
                                                                                                                                  0x1b267f3f
                                                                                                                                  0x1b267f3f
                                                                                                                                  0x1b267f44
                                                                                                                                  0x1b267ee4
                                                                                                                                  0x1b267ebc
                                                                                                                                  0x1b267e93
                                                                                                                                  0x1b267e85
                                                                                                                                  0x1b267e74
                                                                                                                                  0x1b267dbf
                                                                                                                                  0x1b267fd0

                                                                                                                                  APIs
                                                                                                                                  • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,1B268102), ref: 1B267DB7
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,1B268102), ref: 1B267DCD
                                                                                                                                    • Part of subcall function 1B25A7B0: RtlAllocateHeap.NTDLL(?,?,?,?,1B2610DA,?,?,?,?,1B260723,?,?,?,?,1B2607F7), ref: 1B25A811
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,1B268102), ref: 1B267E69
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,1B268102), ref: 1B267F10
                                                                                                                                  • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,1B268102), ref: 1B267F2A
                                                                                                                                  • GetStringTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,1B268102), ref: 1B267F8C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: StringType$ByteCharMultiWide$AllocateErrorHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2745877085-0
                                                                                                                                  • Opcode ID: ea8958a3821f68f06b917635489a8a303bd532452f4f1a97d8353eb4eb67d13f
                                                                                                                                  • Instruction ID: 8890ad55985f09c0b3b45e46c550e8f79657af3db7e77988d7553446cf0013a7
                                                                                                                                  • Opcode Fuzzy Hash: ea8958a3821f68f06b917635489a8a303bd532452f4f1a97d8353eb4eb67d13f
                                                                                                                                  • Instruction Fuzzy Hash: AB617D327006818BDB10CF25E8807D937A5F748BE8F654615EE5D87BA8EF38D989C740
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B264AF0 Relevance: 7.5, APIs: 5, Instructions: 41timethreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32 ref: 1B264B36
                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 1B264B41
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 1B264B4D
                                                                                                                                  • GetTickCount.KERNEL32 ref: 1B264B59
                                                                                                                                  • QueryPerformanceCounter.KERNEL32 ref: 1B264B6A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1445889803-0
                                                                                                                                  • Opcode ID: 9c8d7a0fa0c261169809cd17a68f197b90d825f9fd5d4a05bf9972c3a6caf0e4
                                                                                                                                  • Instruction ID: a685ecd5dfc0292880dfdc0bb3d1892a66cc20dddf723de6b0b85d35775523ed
                                                                                                                                  • Opcode Fuzzy Hash: 9c8d7a0fa0c261169809cd17a68f197b90d825f9fd5d4a05bf9972c3a6caf0e4
                                                                                                                                  • Instruction Fuzzy Hash: 5D115B35655B8486E7809F26F94438673A5F78ABD1F982511EF8E43BA8CB3CC8998700
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B25E3E0 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 27%
                                                                                                                                  			E1B25E3E0(long* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, void* __rsi, void* __rbp, void* __r8, void* __r12, long long _a24, long long _a32) {
				long _t7;
				long* _t20;
				long* _t29;

				_t32 = __rsi;
				_t30 = __rdi;
				_t20 = __rax;
				_a24 = __rbx;
				_a32 = __rdi;
				_t7 = GetLastError();
				__imp__FlsGetValue();
				_t23 = __rax;
				if(__rax == 0) {
					_t7 = E1B261130(__rax, __rax, __rcx, __rdx, __rdi, __rsi, __rbp, __r12);
					_t23 = _t20;
					if(_t20 != 0) {
						_t29 = _t20;
						__imp__FlsSetValue();
						if(_t7 == 0) {
							_t7 = E1B25A880(_t20, _t23);
						} else {
							E1B25E2D0(_t20, _t23, _t23, _t29, _t30, _t32);
							_t7 = GetCurrentThreadId();
							_t23[2] = 0xffffffff;
							 *_t23 = _t7;
						}
					}
				}
				SetLastError();
				return _t7;
			}






                                                                                                                                  0x1b25e3e0
                                                                                                                                  0x1b25e3e0
                                                                                                                                  0x1b25e3e0
                                                                                                                                  0x1b25e3e4
                                                                                                                                  0x1b25e3e9
                                                                                                                                  0x1b25e3ee
                                                                                                                                  0x1b25e3fc
                                                                                                                                  0x1b25e405
                                                                                                                                  0x1b25e408
                                                                                                                                  0x1b25e412
                                                                                                                                  0x1b25e41a
                                                                                                                                  0x1b25e41d
                                                                                                                                  0x1b25e425
                                                                                                                                  0x1b25e428
                                                                                                                                  0x1b25e430
                                                                                                                                  0x1b25e451
                                                                                                                                  0x1b25e432
                                                                                                                                  0x1b25e437
                                                                                                                                  0x1b25e43c
                                                                                                                                  0x1b25e442
                                                                                                                                  0x1b25e44a
                                                                                                                                  0x1b25e44a
                                                                                                                                  0x1b25e430
                                                                                                                                  0x1b25e41d
                                                                                                                                  0x1b25e45a
                                                                                                                                  0x1b25e471

                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,1B25BC99,?,?,?,?,1B25A86C,?,?,?,?,1B2610DA), ref: 1B25E3EE
                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,?,1B25BC99,?,?,?,?,1B25A86C,?,?,?,?,1B2610DA), ref: 1B25E3FC
                                                                                                                                  • SetLastError.KERNEL32(?,?,?,?,1B25BC99,?,?,?,?,1B25A86C,?,?,?,?,1B2610DA), ref: 1B25E45A
                                                                                                                                    • Part of subcall function 1B261130: Sleep.KERNEL32(?,?,?,?,1B25E417,?,?,?,?,1B25BC99,?,?,?,?,1B25A86C), ref: 1B261180
                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,1B25BC99,?,?,?,?,1B25A86C,?,?,?,?,1B2610DA), ref: 1B25E428
                                                                                                                                    • Part of subcall function 1B25E2D0: GetModuleHandleA.KERNEL32(?,?,?,?,1B25E43C,?,?,?,?,1B25BC99,?,?,?,?,1B25A86C), ref: 1B25E2F0
                                                                                                                                    • Part of subcall function 1B25E2D0: GetProcAddress.KERNEL32(?,?,?,?,1B25E43C,?,?,?,?,1B25BC99,?,?,?,?,1B25A86C), ref: 1B25E31D
                                                                                                                                    • Part of subcall function 1B25E2D0: GetProcAddress.KERNEL32(?,?,?,?,1B25E43C,?,?,?,?,1B25BC99,?,?,?,?,1B25A86C), ref: 1B25E334
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 1B25E43C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressErrorLastProcValue$CurrentHandleModuleSleepThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1834866065-0
                                                                                                                                  • Opcode ID: 480b6da53fda3c61b83eeb099258e8fcaf4b93d2b8164de8990c71640a6f28e6
                                                                                                                                  • Instruction ID: d38b4290927aabccff4631301a411dab9cad05f38b781dbf41141303d5498380
                                                                                                                                  • Opcode Fuzzy Hash: 480b6da53fda3c61b83eeb099258e8fcaf4b93d2b8164de8990c71640a6f28e6
                                                                                                                                  • Instruction Fuzzy Hash: 0F012C3460174582EA04AF26A8843DD73A1BB8EBA0F688629CE59473D5DF3CE4498710
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B260F80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 55%
                                                                                                                                  			E1B260F80(void* __edx, long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, long long __r12, long long _a8, long long _a16, long long _a24, long long _a32) {
				intOrPtr _v20;
				char _v24;
				long long _v40;
				_Unknown_base(*)()* _t17;
				intOrPtr _t19;
				intOrPtr _t28;
				long long _t34;
				long long* _t36;
				long long _t39;
				void* _t45;

				_t45 = __rdx;
				_t34 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_a32 = __r12;
				_v24 = 0;
				_t39 =  *0x1b293750; // 0x65728800007ffa9a
				E1B25E1E0(_t17, __rax, _t39);
				_t36 = _t34;
				if(_t34 == 0) {
					if(E1B259760(_t34,  &_v24) != 0) {
						_v40 = __rdi;
						r9d = 0;
						r8d = 0;
						_t21 = E1B2590C0(0, _t45, __r8);
					}
					if(_v24 != 1) {
						_t21 = GetModuleHandleA();
						if(_t34 == 0) {
							_t36 = 0x1b260f60;
						} else {
							_t21 = GetProcAddress();
							_t36 = _t34;
							if(_t34 == 0) {
								_t36 = 0x1b260f60;
							}
						}
					} else {
						_t36 = 0x1b260f60;
					}
					E1B25E110(_t21, _t34, _t36);
					 *0x1b293750 = _t34;
				}
				_t19 =  *_t36();
				_t28 = _t19;
				_v20 = _t19;
				return _t28;
			}













                                                                                                                                  0x1b260f80
                                                                                                                                  0x1b260f80
                                                                                                                                  0x1b260f84
                                                                                                                                  0x1b260f89
                                                                                                                                  0x1b260f8e
                                                                                                                                  0x1b260f93
                                                                                                                                  0x1b260f9f
                                                                                                                                  0x1b260fa3
                                                                                                                                  0x1b260faa
                                                                                                                                  0x1b260faf
                                                                                                                                  0x1b260fb5
                                                                                                                                  0x1b260fc3
                                                                                                                                  0x1b260fc5
                                                                                                                                  0x1b260fca
                                                                                                                                  0x1b260fcd
                                                                                                                                  0x1b260fd4
                                                                                                                                  0x1b260fd4
                                                                                                                                  0x1b260fde
                                                                                                                                  0x1b260ff0
                                                                                                                                  0x1b260ff9
                                                                                                                                  0x1b26101c
                                                                                                                                  0x1b260ffb
                                                                                                                                  0x1b261005
                                                                                                                                  0x1b26100b
                                                                                                                                  0x1b261011
                                                                                                                                  0x1b261013
                                                                                                                                  0x1b261013
                                                                                                                                  0x1b261011
                                                                                                                                  0x1b260fe0
                                                                                                                                  0x1b260fe0
                                                                                                                                  0x1b260fe0
                                                                                                                                  0x1b261026
                                                                                                                                  0x1b26102b
                                                                                                                                  0x1b26102b
                                                                                                                                  0x1b261037
                                                                                                                                  0x1b261039
                                                                                                                                  0x1b26103b
                                                                                                                                  0x1b261073

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 1B25E1E0: FlsGetValue.KERNEL32(?,?,00000028,1B2601F5,?,?,00000028,1B25A867,?,?,?,?,1B2610DA), ref: 1B25E1F4
                                                                                                                                    • Part of subcall function 1B2590C0: RtlCaptureContext.KERNEL32 ref: 1B2590D1
                                                                                                                                    • Part of subcall function 1B2590C0: IsDebuggerPresent.KERNEL32 ref: 1B259115
                                                                                                                                    • Part of subcall function 1B2590C0: SetUnhandledExceptionFilter.KERNEL32 ref: 1B25911F
                                                                                                                                    • Part of subcall function 1B2590C0: UnhandledExceptionFilter.KERNEL32 ref: 1B25912A
                                                                                                                                    • Part of subcall function 1B2590C0: GetCurrentProcess.KERNEL32 ref: 1B259140
                                                                                                                                    • Part of subcall function 1B2590C0: TerminateProcess.KERNEL32 ref: 1B25914E
                                                                                                                                  • GetModuleHandleA.KERNEL32 ref: 1B260FF0
                                                                                                                                  • GetProcAddress.KERNEL32 ref: 1B261005
                                                                                                                                  Strings
                                                                                                                                  • kernel32.dll, xrefs: 1B260FE9
                                                                                                                                  • InitializeCriticalSectionAndSpinCount, xrefs: 1B260FFB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterProcessUnhandled$AddressCaptureContextCurrentDebuggerHandleModulePresentProcTerminateValue
                                                                                                                                  • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                                                                                  • API String ID: 1369895830-3733552308
                                                                                                                                  • Opcode ID: 2c09c0ab8d9ac5072ae9a589598c93771630f36fd925a959cb6016c0cc349abd
                                                                                                                                  • Instruction ID: 37d04525937ab2ac248e51177460a1a63d78319891297003370b6f750362d21f
                                                                                                                                  • Opcode Fuzzy Hash: 2c09c0ab8d9ac5072ae9a589598c93771630f36fd925a959cb6016c0cc349abd
                                                                                                                                  • Instruction Fuzzy Hash: 6B214A36A25B8582DA04DB52B8C17DAB3A4F7897C0FA81026EE8D87B54EF7CD449C700
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B234FE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 108COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 53%
                                                                                                                                  			E1B234FE0(void* __edx, long long __rbx, long long __rcx, long long __rdi, long long __rsi, void* __r8, void* __r9, long long _a16, long long _a24, long long _a32) {
				signed int _v24;
				intOrPtr _v25;
				intOrPtr _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				intOrPtr _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				long long _v48;
				long long _v56;
				void* _t86;
				void* _t88;
				signed long long _t98;
				signed long long _t99;
				intOrPtr* _t103;
				long long _t106;
				intOrPtr* _t116;
				signed long long _t120;

				_v48 = 0xfffffffe;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t98 =  *0x1b28fd98; // 0x6f0cc7c64fc9
				_t99 = _t98 ^ _t120;
				_v24 = _t99;
				_t116 = __rcx;
				_v56 = __rcx;
				 *((long long*)(__rcx + 0xa8)) = __rsi;
				 *((intOrPtr*)(_t116 + 0x24)) = E1B259590(_t86, __rcx);
				 *((long long*)(_t116 + 0x40)) = __rsi;
				 *((intOrPtr*)(_t116 + 0x48)) = 0;
				 *((long long*)(_t116 + 0x30)) = __rsi;
				 *((intOrPtr*)(_t116 + 0x28)) = 0;
				 *((long long*)(_t116 + 0x50)) = __rsi;
				 *((long long*)(_t116 + 0x68)) = __rsi;
				 *((long long*)(_t116 + 0x58)) = __rsi;
				 *((long long*)(_t116 + 0x60)) = __rsi;
				 *((long long*)(_t116 + 0x38)) = __rsi;
				 *((intOrPtr*)(_t116 + 0x78)) = 0x12345678;
				 *((intOrPtr*)(_t116 + 0x80)) = 0x87654321;
				 *((long long*)(_t116 + 0x70)) = __rsi;
				 *((intOrPtr*)(_t116 + 0x4c)) = 0;
				 *((long long*)(_t116 + 0x88)) = __rsi;
				 *((intOrPtr*)(_t116 + 0x90)) = 0;
				 *((long long*)(_t116 + 0x98)) = __rsi;
				 *((intOrPtr*)(_t116 + 0xa0)) = 0;
				 *((long long*)(_t116 + 0xb0)) = __rsi;
				_t106 = _t116 + 0xd0;
				_v40 = _t106;
				_t88 = E1B234360(_t99, _t106);
				 *(_t106 + 8) = _t99;
				 *((char*)(_t99 + 0x29)) = 1;
				 *((long long*)( *(_t106 + 8) + 8)) =  *(_t106 + 8);
				 *( *(_t106 + 8)) =  *(_t106 + 8);
				 *((long long*)( *(_t106 + 8) + 0x10)) =  *(_t106 + 8);
				 *((long long*)(_t106 + 0x10)) = __rsi;
				 *((long long*)(_t116 + 0x170)) = __rsi;
				 *((intOrPtr*)(_t116 + 0xec)) = E1B259590(_t88, _t106);
				 *((long long*)(_t116 + 0x108)) = __rsi;
				 *((intOrPtr*)(_t116 + 0x110)) = 0;
				 *((long long*)(_t116 + 0xf8)) = __rsi;
				 *((intOrPtr*)(_t116 + 0xf0)) = 0;
				 *((long long*)(_t116 + 0x118)) = __rsi;
				 *((long long*)(_t116 + 0x130)) = __rsi;
				 *((long long*)(_t116 + 0x120)) = __rsi;
				 *((long long*)(_t116 + 0x128)) = __rsi;
				 *((long long*)(_t116 + 0x100)) = __rsi;
				 *((intOrPtr*)(_t116 + 0x140)) = 0x12345678;
				 *((intOrPtr*)(_t116 + 0x148)) = 0x87654321;
				 *((long long*)(_t116 + 0x138)) = __rsi;
				 *((intOrPtr*)(_t116 + 0x114)) = 0;
				 *((long long*)(_t116 + 0x150)) = __rsi;
				 *((intOrPtr*)(_t116 + 0x158)) = 0;
				 *((long long*)(_t116 + 0x160)) = __rsi;
				 *((intOrPtr*)(_t116 + 0x168)) = 0;
				InitializeCriticalSection(??);
				_v40 = 0x8b;
				_v39 = 0xf8;
				_v38 = 0x3b;
				_v37 = 0xfb;
				_v36 = 0xf;
				_v35 = 0x84;
				_v34 = 0xbf;
				_v33 = 0x19;
				_v32 = 0x28;
				_v31 = sil;
				_v30 = 0xc7;
				_v29 = 0x45;
				_v28 = 0xe8;
				_v27 = 1;
				_v26 = sil;
				_v25 = sil;
				_t103 =  &_v40;
				 *((long long*)(_t116 + 0x178)) =  *_t103;
				 *((long long*)(_t116 + 0x180)) =  *((intOrPtr*)(_t103 + 8));
				 *((intOrPtr*)(_t116 + 4)) = 0;
				 *((intOrPtr*)(_t116 + 8)) = 0;
				 *_t116 = E1B259590(_t89,  *((intOrPtr*)(_t103 + 8)));
				 *((intOrPtr*)(_t116 + 0xc)) = 0;
				 *((intOrPtr*)(_t116 + 0x10)) = 0;
				 *((intOrPtr*)(_t116 + 0x14)) = 0;
				return E1B258680(0, _v24 ^ _t120);
			}






























                                                                                                                                  0x1b234fe4
                                                                                                                                  0x1b234fed
                                                                                                                                  0x1b234ff2
                                                                                                                                  0x1b234ff7
                                                                                                                                  0x1b234ffc
                                                                                                                                  0x1b235003
                                                                                                                                  0x1b235006
                                                                                                                                  0x1b23500b
                                                                                                                                  0x1b23500e
                                                                                                                                  0x1b235015
                                                                                                                                  0x1b235023
                                                                                                                                  0x1b235026
                                                                                                                                  0x1b23502a
                                                                                                                                  0x1b23502d
                                                                                                                                  0x1b235031
                                                                                                                                  0x1b235034
                                                                                                                                  0x1b235038
                                                                                                                                  0x1b23503c
                                                                                                                                  0x1b235040
                                                                                                                                  0x1b235044
                                                                                                                                  0x1b235048
                                                                                                                                  0x1b23504f
                                                                                                                                  0x1b235059
                                                                                                                                  0x1b23505d
                                                                                                                                  0x1b235060
                                                                                                                                  0x1b235067
                                                                                                                                  0x1b23506d
                                                                                                                                  0x1b235074
                                                                                                                                  0x1b23507a
                                                                                                                                  0x1b235081
                                                                                                                                  0x1b235088
                                                                                                                                  0x1b235090
                                                                                                                                  0x1b235095
                                                                                                                                  0x1b235099
                                                                                                                                  0x1b2350a1
                                                                                                                                  0x1b2350a9
                                                                                                                                  0x1b2350b0
                                                                                                                                  0x1b2350b4
                                                                                                                                  0x1b2350b8
                                                                                                                                  0x1b2350c6
                                                                                                                                  0x1b2350cc
                                                                                                                                  0x1b2350d3
                                                                                                                                  0x1b2350d9
                                                                                                                                  0x1b2350e0
                                                                                                                                  0x1b2350e6
                                                                                                                                  0x1b2350ed
                                                                                                                                  0x1b2350f4
                                                                                                                                  0x1b2350fb
                                                                                                                                  0x1b235102
                                                                                                                                  0x1b235109
                                                                                                                                  0x1b235113
                                                                                                                                  0x1b23511d
                                                                                                                                  0x1b235124
                                                                                                                                  0x1b23512a
                                                                                                                                  0x1b235131
                                                                                                                                  0x1b235137
                                                                                                                                  0x1b23513e
                                                                                                                                  0x1b23514b
                                                                                                                                  0x1b235152
                                                                                                                                  0x1b235157
                                                                                                                                  0x1b23515c
                                                                                                                                  0x1b235161
                                                                                                                                  0x1b235166
                                                                                                                                  0x1b23516b
                                                                                                                                  0x1b235170
                                                                                                                                  0x1b235175
                                                                                                                                  0x1b23517a
                                                                                                                                  0x1b23517f
                                                                                                                                  0x1b235184
                                                                                                                                  0x1b235189
                                                                                                                                  0x1b23518e
                                                                                                                                  0x1b235193
                                                                                                                                  0x1b235198
                                                                                                                                  0x1b23519d
                                                                                                                                  0x1b2351a2
                                                                                                                                  0x1b2351aa
                                                                                                                                  0x1b2351b5
                                                                                                                                  0x1b2351bc
                                                                                                                                  0x1b2351bf
                                                                                                                                  0x1b2351c9
                                                                                                                                  0x1b2351cb
                                                                                                                                  0x1b2351ce
                                                                                                                                  0x1b2351d1
                                                                                                                                  0x1b2351f7

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 1B259590: GetSystemTimeAsFileTime.KERNEL32 ref: 1B25959E
                                                                                                                                  • InitializeCriticalSection.KERNEL32 ref: 1B23514B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$CriticalFileInitializeSectionSystem
                                                                                                                                  • String ID: ($;$E
                                                                                                                                  • API String ID: 3636037965-3349411193
                                                                                                                                  • Opcode ID: fd7dd869a684eb73c4565732808edf505cb1750f248f5e0fff8219a5c2f8199e
                                                                                                                                  • Instruction ID: 6517eea73447a752334e302366bf92ce02758ed717480b7e9ed34a9e1b1aa6a2
                                                                                                                                  • Opcode Fuzzy Hash: fd7dd869a684eb73c4565732808edf505cb1750f248f5e0fff8219a5c2f8199e
                                                                                                                                  • Instruction Fuzzy Hash: E051D932624BD09BD359CF25E68028DBBA8F349B90F54520AE7E947B94CB74E071CB40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B257978 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 17%
                                                                                                                                  			E1B257978(void* __edx, struct _CRITICAL_SECTION* __rcx, void* __rdx, void* __rdi, void* __rsi, void* __r9) {
				int _t16;
				void* _t17;
				void* _t23;
				intOrPtr _t26;
				struct _CRITICAL_SECTION* _t27;
				struct _CRITICAL_SECTION* _t28;
				struct _CRITICAL_SECTION* _t29;
				void* _t38;

				_t38 = __rsi;
				_t29 = __rcx;
				_push(__rsi);
				_t27 = __rcx;
				if(__rcx != 0) {
					if( *((intOrPtr*)(__rcx)) == 0) {
						L12:
						_t17 = 0;
						goto L13;
					} else {
						if( *((intOrPtr*)(__rcx)) != 0x48) {
							goto L1;
						} else {
							_t23 = 0;
							if( *((intOrPtr*)(__rcx + 0x40)) <= 0) {
								L9:
								_t30 =  *((intOrPtr*)(_t27 + 0x38));
								if( *((intOrPtr*)(_t27 + 0x38)) != 0) {
									E1B25A880(_t26, _t30);
									 *((long long*)(_t27 + 0x38)) = 0;
								}
								 *(_t27 + 0x40) = 0;
								 *(_t27 + 0x44) = 0;
								DeleteCriticalSection(??);
								 *_t27 = 0;
								goto L12;
							} else {
								while(_t38 >= 0 && _t23 <  *(_t27 + 0x40)) {
									_t26 =  *((intOrPtr*)(_t27 + 0x38));
									_t16 = UnregisterClassA(??, ??);
									_t23 = _t23 + 1;
									_t38 = _t38 + 2;
									if(_t23 <  *(_t27 + 0x40)) {
										continue;
									} else {
										goto L9;
									}
									goto L18;
								}
								r9d = 0;
								r8d = 0;
								RaiseException(??, ??, ??, ??);
								asm("int3");
								asm("int3");
								asm("int3");
								_t28 = _t29;
								DeleteCriticalSection(_t27);
								_t33 =  *((intOrPtr*)(_t28 + 0x50));
								if( *((intOrPtr*)(_t28 + 0x50)) != 0) {
									_t16 = E1B25A880(_t26, _t33);
									 *((long long*)(_t28 + 0x50)) = 0;
								}
								 *(_t28 + 0x58) = 0;
								 *(_t28 + 0x5c) = 0;
								return _t16;
							}
						}
					}
				} else {
					L1:
					_t17 = 0x80070057;
					L13:
					return _t17;
				}
				L18:
			}











                                                                                                                                  0x1b257978
                                                                                                                                  0x1b257978
                                                                                                                                  0x1b25797b
                                                                                                                                  0x1b257987
                                                                                                                                  0x1b25798a
                                                                                                                                  0x1b257996
                                                                                                                                  0x1b257a01
                                                                                                                                  0x1b257a01
                                                                                                                                  0x00000000
                                                                                                                                  0x1b257998
                                                                                                                                  0x1b25799b
                                                                                                                                  0x00000000
                                                                                                                                  0x1b25799d
                                                                                                                                  0x1b25799d
                                                                                                                                  0x1b2579a2
                                                                                                                                  0x1b2579cd
                                                                                                                                  0x1b2579cd
                                                                                                                                  0x1b2579d4
                                                                                                                                  0x1b2579d6
                                                                                                                                  0x1b2579db
                                                                                                                                  0x1b2579db
                                                                                                                                  0x1b2579e7
                                                                                                                                  0x1b2579ee
                                                                                                                                  0x1b2579f5
                                                                                                                                  0x1b2579fb
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2579a4
                                                                                                                                  0x1b2579a6
                                                                                                                                  0x1b2579b0
                                                                                                                                  0x1b2579bb
                                                                                                                                  0x1b2579c1
                                                                                                                                  0x1b2579c4
                                                                                                                                  0x1b2579cb
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b2579cb
                                                                                                                                  0x1b257a0c
                                                                                                                                  0x1b257a0f
                                                                                                                                  0x1b257a1b
                                                                                                                                  0x1b257a21
                                                                                                                                  0x1b257a22
                                                                                                                                  0x1b257a23
                                                                                                                                  0x1b257a2a
                                                                                                                                  0x1b257a31
                                                                                                                                  0x1b257a37
                                                                                                                                  0x1b257a3e
                                                                                                                                  0x1b257a40
                                                                                                                                  0x1b257a45
                                                                                                                                  0x1b257a45
                                                                                                                                  0x1b257a4d
                                                                                                                                  0x1b257a54
                                                                                                                                  0x1b257a60
                                                                                                                                  0x1b257a60
                                                                                                                                  0x1b2579a2
                                                                                                                                  0x1b25799b
                                                                                                                                  0x1b25798c
                                                                                                                                  0x1b25798c
                                                                                                                                  0x1b25798c
                                                                                                                                  0x1b257a03
                                                                                                                                  0x1b257a0b
                                                                                                                                  0x1b257a0b
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • UnregisterClassA.USER32 ref: 1B2579BB
                                                                                                                                  • DeleteCriticalSection.KERNEL32 ref: 1B2579F5
                                                                                                                                  • RaiseException.KERNEL32 ref: 1B257A1B
                                                                                                                                  • DeleteCriticalSection.KERNEL32 ref: 1B257A31
                                                                                                                                    • Part of subcall function 1B25A880: HeapFree.KERNEL32(?,?,00000000,1B25E456,?,?,?,?,1B25BC99,?,?,?,?,1B25A86C), ref: 1B25A896
                                                                                                                                    • Part of subcall function 1B25A880: GetLastError.KERNEL32(?,?,00000000,1B25E456,?,?,?,?,1B25BC99,?,?,?,?,1B25A86C), ref: 1B25A8A8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalDeleteSection$ClassErrorExceptionFreeHeapLastRaiseUnregister
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1206551879-0
                                                                                                                                  • Opcode ID: 89877ffe2b9a0e923e671a00d1499d6ae4d2737ce81a051e5b2547318165be42
                                                                                                                                  • Instruction ID: 3a9244affdd92f9bdb3dd76e57510944cb453312f25ba251a8888d3bc5a58080
                                                                                                                                  • Opcode Fuzzy Hash: 89877ffe2b9a0e923e671a00d1499d6ae4d2737ce81a051e5b2547318165be42
                                                                                                                                  • Instruction Fuzzy Hash: 07210273A42655CBEB198F65D8857EC3761EB84F98F104420CE0A072A4DB3DC4CEC791
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B257A64 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,00000000,1B24604E), ref: 1B257A76
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,00000000,1B24604E), ref: 1B257A92
                                                                                                                                  • RaiseException.KERNEL32(?,?,00000000,1B24604E), ref: 1B257AB8
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,00000000,1B24604E), ref: 1B257AC3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$Leave$EnterExceptionRaise
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 799838862-0
                                                                                                                                  • Opcode ID: 420fc818218c4dbe5f77ba5ea14ecdc8711d54e841f2980d2e5a28f1315a9107
                                                                                                                                  • Instruction ID: d509127496b2aaa3231c6adf647ff72a3fddd4a2a780f98194957cb279c6e422
                                                                                                                                  • Opcode Fuzzy Hash: 420fc818218c4dbe5f77ba5ea14ecdc8711d54e841f2980d2e5a28f1315a9107
                                                                                                                                  • Instruction Fuzzy Hash: 3CF03C3265068983EB208B52F9C47DA7320EB48BA5F544521DF4A07A70DF78D9CEC310
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B25EFEF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 59%
                                                                                                                                  			E1B25EFEF(void* __ecx, long* __rax, long long __rbx, void* __rcx, void* __rdx, void* __rdi, void* __rsi, void* __rbp, void* __r8, void* __r12, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40, long long _a48, long long _a56, long long _a64, intOrPtr _a72, intOrPtr* _a88, intOrPtr _a96, intOrPtr* _a104, void* _a128, void* _a136, void* _a144, void* _a160, void* _a168, void* _a176, void* _a184) {
				void* _t37;
				intOrPtr _t38;
				long* _t57;
				long long _t62;
				long long _t70;
				intOrPtr* _t73;
				intOrPtr* _t84;
				intOrPtr* _t86;
				long long _t88;

				_t82 = __r12;
				_t78 = __r8;
				_t75 = __rbp;
				_t68 = __rdx;
				_t57 = __rax;
				_a32 = 1;
				E1B25E480(__rax, __rbx, __rcx, __rdx, __rdi, __rsi, __rbp, __r8, __r12);
				r12d = 0;
				 *((intOrPtr*)(_t57 + 0x2d0)) = r12d;
				if(_a36 == r12d) {
					_t73 = _a40;
					r8d =  *((intOrPtr*)(_t73 + 0x18));
					RaiseException(??, ??, ??, ??);
				} else {
					_t73 = _a40;
					E1B25EB30(1, _t73);
					r8d =  *((intOrPtr*)(_a72 + 0x18));
					RaiseException(??, ??, ??, ??);
				}
				r12d = _a32;
				_t62 = _a56;
				_t88 = _a64;
				_t70 = _a48;
				_t84 = _a104;
				_t86 = _a88;
				_t65 = _t86;
				E1B258DA0(_t57, _t62, _t86, _t70);
				if(r12d == 0 &&  *_t73 == 0xe06d7363 &&  *((intOrPtr*)(_t73 + 0x18)) == 4) {
					_t38 =  *((intOrPtr*)(_t73 + 0x20));
					if(_t38 == 0x19930520 || _t38 == 0x19930521 || _t38 == 0x19930522) {
						_t65 =  *((intOrPtr*)(_t73 + 0x28));
						if(E1B258D50(_t57,  *((intOrPtr*)(_t73 + 0x28))) != 0) {
							_t65 = _t73;
							E1B25EB30(1, _t73);
						}
					}
				}
				E1B25E480(_t57, _t62, _t65, _t68, _t70, _t73, _t75, _t78, _t82);
				 *((long long*)(_t57 + 0xf0)) = _t70;
				_t37 = E1B25E480(_t57, _t62, _t65, _t68, _t70, _t73, _t75, _t78, _t82);
				 *((long long*)(_t57 + 0xf8)) = _t88;
				 *((long long*)( *((intOrPtr*)(_a96 + 0x1c)) +  *_t84)) = 0xfffffffe;
				return _t37;
			}












                                                                                                                                  0x1b25efef
                                                                                                                                  0x1b25efef
                                                                                                                                  0x1b25efef
                                                                                                                                  0x1b25efef
                                                                                                                                  0x1b25efef
                                                                                                                                  0x1b25efef
                                                                                                                                  0x1b25eff7
                                                                                                                                  0x1b25effc
                                                                                                                                  0x1b25efff
                                                                                                                                  0x1b25f00b
                                                                                                                                  0x1b25f038
                                                                                                                                  0x1b25f041
                                                                                                                                  0x1b25f04a
                                                                                                                                  0x1b25f00d
                                                                                                                                  0x1b25f00f
                                                                                                                                  0x1b25f017
                                                                                                                                  0x1b25f025
                                                                                                                                  0x1b25f030
                                                                                                                                  0x1b25f030
                                                                                                                                  0x1b25f050
                                                                                                                                  0x1b25f055
                                                                                                                                  0x1b25f05a
                                                                                                                                  0x1b25f05f
                                                                                                                                  0x1b25f064
                                                                                                                                  0x1b25f069
                                                                                                                                  0x1b25f06e
                                                                                                                                  0x1b25f071
                                                                                                                                  0x1b25f079
                                                                                                                                  0x1b25f089
                                                                                                                                  0x1b25f091
                                                                                                                                  0x1b25f0a1
                                                                                                                                  0x1b25f0ac
                                                                                                                                  0x1b25f0b0
                                                                                                                                  0x1b25f0b3
                                                                                                                                  0x1b25f0b3
                                                                                                                                  0x1b25f0ac
                                                                                                                                  0x1b25f091
                                                                                                                                  0x1b25f0b8
                                                                                                                                  0x1b25f0bd
                                                                                                                                  0x1b25f0c4
                                                                                                                                  0x1b25f0c9
                                                                                                                                  0x1b25f0dd
                                                                                                                                  0x1b25f127

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 1B25E480: GetLastError.KERNEL32(?,?,?,?,1B259E29,?,?,?,?,1B259F05), ref: 1B25E48E
                                                                                                                                    • Part of subcall function 1B25E480: FlsGetValue.KERNEL32(?,?,?,?,1B259E29,?,?,?,?,1B259F05), ref: 1B25E49C
                                                                                                                                    • Part of subcall function 1B25E480: FlsSetValue.KERNEL32(?,?,?,?,1B259E29,?,?,?,?,1B259F05), ref: 1B25E4C8
                                                                                                                                    • Part of subcall function 1B25E480: GetCurrentThreadId.KERNEL32 ref: 1B25E4DC
                                                                                                                                    • Part of subcall function 1B25E480: SetLastError.KERNEL32(?,?,?,?,1B259E29,?,?,?,?,1B259F05), ref: 1B25E4FA
                                                                                                                                  • RaiseException.KERNEL32 ref: 1B25F030
                                                                                                                                  • RaiseException.KERNEL32 ref: 1B25F04A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorExceptionLastRaiseValue$CurrentThread
                                                                                                                                  • String ID: csm
                                                                                                                                  • API String ID: 2851347870-1018135373
                                                                                                                                  • Opcode ID: ca025805da2e2e3cea025b344c6b6afd7e001d17cb0a1f4a5e7851c39465c8bb
                                                                                                                                  • Instruction ID: 0d345576d564ae1f506940ad26c5eef58d023b7ea533e5f7abe83dc63c8ead95
                                                                                                                                  • Opcode Fuzzy Hash: ca025805da2e2e3cea025b344c6b6afd7e001d17cb0a1f4a5e7851c39465c8bb
                                                                                                                                  • Instruction Fuzzy Hash: 4E31F93A20478286CA20DF12E0807DEB764F789BA4F544216DFDD43B68DF39E94ACB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B23B900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 61%
                                                                                                                                  			E1B23B900(long long __rbx, signed char* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, long long __r12, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v8;
				signed int _t27;
				signed char _t37;
				long long _t49;
				signed char* _t51;
				signed char* _t58;

				_t65 = __r9;
				_t64 = __r8;
				_t62 = __rbp;
				_t60 = __rsi;
				_t51 = __rcx;
				_t49 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				_v8 = __r12;
				r12d = 0;
				_t38 =  *__rcx & 0x00000010;
				_t37 = r12d;
				_t58 = __rcx;
				_t36 = 1;
				if(( *__rcx & 0x00000010) != 0) {
					_t37 = 1;
					_t27 = E1B23B580(__rcx[4], __rcx[0x4c] + __rcx[0x4c], _t38, __rbx, __rcx, __rsi, __rbp, __r8, __r9);
					_t36 =  ==  ? r12d : 1;
				}
				_t40 =  *_t58 & 0x00000004;
				if(( *_t58 & 0x00000004) != 0) {
					_t37 = _t37 + 1;
					_t27 = E1B23B740(_t58[4], _t58[0x48], _t40, _t49, _t58, _t60, _t62, _t64, _t65);
					_t36 =  ==  ? r12d : _t36;
				}
				if(( *_t58 & 0x00000008) != 0) {
					_a8 = _t49;
					_t37 = _t37 + 1;
					_t27 = E1B25A760(_t27, _t51);
					_t36 =  >=  ? r12d : _t36;
				}
				if(_t37 <= 0) {
					L9:
					if(_t36 == 0) {
						goto L10;
					}
				} else {
					if(_t36 == 0) {
						_t27 = SetEnvironmentVariableA();
						L10:
						_t58[0x18] = r12d;
						_t58[0x1c] = r12d;
						_t58[0x2c] = r12d;
					} else {
						_t27 = SetEnvironmentVariableA();
						goto L9;
					}
				}
				return _t27 & 0xffffff00 | _t36 != 0x00000000;
			}









                                                                                                                                  0x1b23b900
                                                                                                                                  0x1b23b900
                                                                                                                                  0x1b23b900
                                                                                                                                  0x1b23b900
                                                                                                                                  0x1b23b900
                                                                                                                                  0x1b23b900
                                                                                                                                  0x1b23b904
                                                                                                                                  0x1b23b909
                                                                                                                                  0x1b23b90e
                                                                                                                                  0x1b23b913
                                                                                                                                  0x1b23b918
                                                                                                                                  0x1b23b91b
                                                                                                                                  0x1b23b91e
                                                                                                                                  0x1b23b921
                                                                                                                                  0x1b23b924
                                                                                                                                  0x1b23b929
                                                                                                                                  0x1b23b931
                                                                                                                                  0x1b23b935
                                                                                                                                  0x1b23b93c
                                                                                                                                  0x1b23b93c
                                                                                                                                  0x1b23b940
                                                                                                                                  0x1b23b943
                                                                                                                                  0x1b23b94b
                                                                                                                                  0x1b23b94e
                                                                                                                                  0x1b23b955
                                                                                                                                  0x1b23b955
                                                                                                                                  0x1b23b95c
                                                                                                                                  0x1b23b960
                                                                                                                                  0x1b23b968
                                                                                                                                  0x1b23b96b
                                                                                                                                  0x1b23b977
                                                                                                                                  0x1b23b977
                                                                                                                                  0x1b23b982
                                                                                                                                  0x1b23b99c
                                                                                                                                  0x1b23b99e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23b984
                                                                                                                                  0x1b23b986
                                                                                                                                  0x1b23b9d3
                                                                                                                                  0x1b23b9a0
                                                                                                                                  0x1b23b9a0
                                                                                                                                  0x1b23b9a4
                                                                                                                                  0x1b23b9a8
                                                                                                                                  0x1b23b988
                                                                                                                                  0x1b23b996
                                                                                                                                  0x00000000
                                                                                                                                  0x1b23b996
                                                                                                                                  0x1b23b986
                                                                                                                                  0x1b23b9c4

                                                                                                                                  APIs
                                                                                                                                  • SetEnvironmentVariableA.KERNEL32 ref: 1B23B996
                                                                                                                                  • SetEnvironmentVariableA.KERNEL32 ref: 1B23B9D3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnvironmentVariable
                                                                                                                                  • String ID: DNGTrialState
                                                                                                                                  • API String ID: 1431749950-65544542
                                                                                                                                  • Opcode ID: 49f698f4ece098fa246276aace0b3be96956860bfd583292432f0c2886e18053
                                                                                                                                  • Instruction ID: 59d2e4e5fd2f15748b919d450c8eaaf5234d2f95378a078b8ab159b75003abd0
                                                                                                                                  • Opcode Fuzzy Hash: 49f698f4ece098fa246276aace0b3be96956860bfd583292432f0c2886e18053
                                                                                                                                  • Instruction Fuzzy Hash: A421A17261478987C700DF05E9E439973B4FB89784F588405EFC943BA5DB79D8A9CB80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1B23AE40 Relevance: 5.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 61%
                                                                                                                                  			E1B23AE40(intOrPtr __ebx, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* _a24, void* _a32) {
				void* _v8;
				void* _v16;
				intOrPtr _v40;
				char _v48;
				long long _v56;
				char _v64;
				long long _v72;
				char _v80;
				intOrPtr _v88;
				long long _v104;
				void* _t38;
				intOrPtr _t39;
				void* _t48;
				intOrPtr* _t49;
				long long _t50;
				long long _t56;
				intOrPtr _t57;
				intOrPtr* _t62;
				intOrPtr* _t63;
				long long* _t68;
				void* _t70;
				intOrPtr _t71;
				intOrPtr _t74;
				void* _t79;
				void* _t80;

				_t39 = __ebx;
				_t48 = _t79;
				_v104 = 0xfffffffe;
				 *((long long*)(_t48 + 0x18)) = __rbx;
				 *((long long*)(_t48 + 0x20)) = __rbp;
				 *((long long*)(_t48 - 8)) = __rsi;
				 *((long long*)(_t48 - 0x10)) = __rdi;
				_t70 = __rdx;
				 *((long long*)(_t48 - 0x60)) = __rcx + 0x198;
				EnterCriticalSection(??);
				_v88 = 1;
				_t56 = __rcx + 0xd0;
				_t62 =  *((intOrPtr*)(_t56 + 8));
				_t49 =  *((intOrPtr*)(_t62 + 8));
				if( *((char*)(_t49 + 0x29)) != 0) {
					L6:
					_v72 = _t62;
					_v80 = _t56;
					_t50 =  *((intOrPtr*)(_t56 + 8));
					if(_t62 == _t50 || _t70 <  *((intOrPtr*)(_t62 + 0x18))) {
						_v56 = _t50;
						_v64 = _t56;
						_t63 =  &_v64;
					} else {
						_t63 =  &_v80;
					}
					_t68 =  &_v48;
					 *_t68 =  *_t63;
					_t52 =  *((intOrPtr*)(_t63 + 8));
					 *((long long*)(_t68 + 8)) =  *((intOrPtr*)(_t63 + 8));
					_t74 =  *((intOrPtr*)(_t56 + 8));
					_t71 = _v48;
					if(_t71 == 0 || _t71 != _t56) {
						_t38 = E1B259280(_t52, _t68, _t80);
					}
					_t57 = _v40;
					if(_t57 != _t74) {
						if(_t71 == 0) {
							_t38 = E1B259280(_t52, _t68, _t80);
						}
						if(_t57 ==  *((intOrPtr*)(_t71 + 8))) {
							_t38 = E1B259280(_t52, _t68, _t80);
						}
						if( *((intOrPtr*)(_t57 + 0x20)) != 0) {
							LeaveCriticalSection();
							_v88 = 0;
						} else {
							LeaveCriticalSection();
							_v88 = _t39;
							_t38 = 0;
						}
					} else {
						LeaveCriticalSection();
						_v88 = 0;
						_t38 = 0;
					}
					return _t38;
				}
				do {
					if( *((intOrPtr*)(_t49 + 0x18)) >= _t70) {
						_t62 = _t49;
						_t49 =  *_t49;
					} else {
						_t49 =  *((intOrPtr*)(_t49 + 0x10));
					}
				} while ( *((char*)(_t49 + 0x29)) == 0);
				goto L6;
			}




























                                                                                                                                  0x1b23ae40
                                                                                                                                  0x1b23ae40
                                                                                                                                  0x1b23ae4a
                                                                                                                                  0x1b23ae53
                                                                                                                                  0x1b23ae57
                                                                                                                                  0x1b23ae5b
                                                                                                                                  0x1b23ae5f
                                                                                                                                  0x1b23ae63
                                                                                                                                  0x1b23ae70
                                                                                                                                  0x1b23ae77
                                                                                                                                  0x1b23ae7d
                                                                                                                                  0x1b23ae85
                                                                                                                                  0x1b23ae8c
                                                                                                                                  0x1b23ae90
                                                                                                                                  0x1b23ae98
                                                                                                                                  0x1b23aeb8
                                                                                                                                  0x1b23aeb8
                                                                                                                                  0x1b23aebd
                                                                                                                                  0x1b23aec2
                                                                                                                                  0x1b23aec9
                                                                                                                                  0x1b23aed8
                                                                                                                                  0x1b23aedd
                                                                                                                                  0x1b23aee2
                                                                                                                                  0x1b23aed1
                                                                                                                                  0x1b23aed1
                                                                                                                                  0x1b23aed1
                                                                                                                                  0x1b23aee7
                                                                                                                                  0x1b23aeef
                                                                                                                                  0x1b23aef2
                                                                                                                                  0x1b23aef6
                                                                                                                                  0x1b23aefa
                                                                                                                                  0x1b23aefe
                                                                                                                                  0x1b23af06
                                                                                                                                  0x1b23af0d
                                                                                                                                  0x1b23af0d
                                                                                                                                  0x1b23af12
                                                                                                                                  0x1b23af1a
                                                                                                                                  0x1b23af34
                                                                                                                                  0x1b23af36
                                                                                                                                  0x1b23af36
                                                                                                                                  0x1b23af3f
                                                                                                                                  0x1b23af41
                                                                                                                                  0x1b23af41
                                                                                                                                  0x1b23af4d
                                                                                                                                  0x1b23af63
                                                                                                                                  0x1b23af69
                                                                                                                                  0x1b23af4f
                                                                                                                                  0x1b23af52
                                                                                                                                  0x1b23af58
                                                                                                                                  0x1b23af5c
                                                                                                                                  0x1b23af5c
                                                                                                                                  0x1b23af1c
                                                                                                                                  0x1b23af1f
                                                                                                                                  0x1b23af25
                                                                                                                                  0x1b23af2d
                                                                                                                                  0x1b23af2d
                                                                                                                                  0x1b23af98
                                                                                                                                  0x1b23af98
                                                                                                                                  0x1b23aea0
                                                                                                                                  0x1b23aea4
                                                                                                                                  0x1b23aeac
                                                                                                                                  0x1b23aeaf
                                                                                                                                  0x1b23aea6
                                                                                                                                  0x1b23aea6
                                                                                                                                  0x1b23aea6
                                                                                                                                  0x1b23aeb2
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 1B23AE77
                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 1B23AF1F
                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 1B23AF52
                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 1B23AF63
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000F.00000002.665295263.000000001B23A000.00000020.00000001.01000000.0000000F.sdmp, Offset: 1B230000, based on PE: true
                                                                                                                                  • Associated: 0000000F.00000002.665276502.000000001B230000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665285108.000000001B231000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665328040.000000001B26D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665348513.000000001B28C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665354881.000000001B28D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665363483.000000001B28E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665374844.000000001B295000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665386001.000000001B29B000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  • Associated: 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_15_2_1b230000_regsvr32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$Leave$Enter
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2978645861-0
                                                                                                                                  • Opcode ID: 1e9ebd5bfedbc4fe0a553c8daeb6e72ee2f9fb1b1b2307cd8fa09a46c0cc72b6
                                                                                                                                  • Instruction ID: 1b92833f62a712bb7cba2e7f119626592325f2c3f947ce7ad1d5fbf22da70693
                                                                                                                                  • Opcode Fuzzy Hash: 1e9ebd5bfedbc4fe0a553c8daeb6e72ee2f9fb1b1b2307cd8fa09a46c0cc72b6
                                                                                                                                  • Instruction Fuzzy Hash: 783137B6A15B8486CB508F15E48438DB760F78AFA5F584226DE8E47BA8DF39C489C740
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%